update

2026-01-14 12:37:31 +08:00
commit 01d1a49a59
22 changed files with 1037 additions and 0 deletions
--- a/pocketbase/templates/deployment.yaml
+++ b/pocketbase/templates/deployment.yaml
@@ -0,0 +1,185 @@
+{{- /*
+  Generate deployments for each PocketBase instance
+*/ -}}
+{{- $global := .Values.global }}
+{{- $image := .Values.image }}
+{{- $persistence := .Values.persistence }}
+{{- $securityContext := .Values.securityContext }}
+{{- $podSecurityContext := .Values.podSecurityContext }}
+{{- $resources := .Values.resources }}
+{{- range .Values.instances }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pocketbase-{{ .id }}
+  labels:
+    app: pocketbase
+    instance: {{ .id }}
+    {{- include "pocketbase.labels" $ | nindent 4 }}
+spec:
+  replicas: {{ .replicaCount | default 1 }}
+  selector:
+    matchLabels:
+      app: pocketbase
+      instance: {{ .id }}
+  template:
+    metadata:
+      labels:
+        app: pocketbase
+        instance: {{ .id }}
+        {{- include "pocketbase.labels" $ | nindent 8 }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") $ | sha256sum }}
+    spec:
+      {{- $instanceId := .id }}
+      {{- with $.Values.serviceAccount }}
+      {{- $serviceAccountName := $.Values.serviceAccount.name }}
+      {{- if not $serviceAccountName }}
+      {{- $serviceAccountName = printf "pocketbase-%s" $instanceId }}
+      {{- end }}
+      serviceAccountName: {{ $serviceAccountName }}
+      {{- end }}
+      {{- with $global.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml $podSecurityContext | nindent 8 }}
+      containers:
+        - name: pocketbase
+          image: {{ $image.repository }}:{{ $image.tag }}
+          imagePullPolicy: {{ $image.pullPolicy }}
+          command:
+            - /pocketbase
+            - serve
+            - --http=0.0.0.0:8090
+          ports:
+            - name: http
+              containerPort: 8090
+              protocol: TCP
+          env:
+            # Admin email (optional - set via admin creation API)
+            - name: PB_ADMIN_EMAIL
+              value: "admin@{{ .domain }}"
+            - name: PB_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: pocketbase-{{ .id }}-secrets
+                  key: admin-password
+          {{- if $persistence.enabled }}
+          volumeMounts:
+            - name: data
+              mountPath: /pb/pb_data
+            - name: static
+              mountPath: /pb/static
+          {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /api/health
+              port: http
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /api/health
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 5
+            timeoutSeconds: 3
+            failureThreshold: 3
+          {{- if .resources }}
+          resources:
+            {{- toYaml .resources | nindent 12 }}
+          {{- else }}
+          resources:
+            {{- toYaml $resources | nindent 12 }}
+          {{- end }}
+          securityContext:
+            {{- toYaml $securityContext | nindent 12 }}
+      {{- if $persistence.enabled }}
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: pocketbase-{{ .id }}-pvc
+        - name: static
+          persistentVolumeClaim:
+            claimName: pocketbase-{{ .id }}-static-pvc
+      {{- end }}
+      {{- with $.Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $.Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $.Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $.Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+---
+{{- /*
+  Create Secret for each instance
+*/ -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pocketbase-{{ .id }}-secrets
+  labels:
+    app: pocketbase
+    instance: {{ .id }}
+    {{- include "pocketbase.labels" $ | nindent 4 }}
+type: Opaque
+stringData:
+  admin-password: {{ randAlphaNum 16 | quote }}
+---
+{{- /*
+  Create PVC for each instance
+*/ -}}
+{{- if $persistence.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pocketbase-{{ .id }}-pvc
+  labels:
+    app: pocketbase
+    instance: {{ .id }}
+    type: data
+    {{- include "pocketbase.labels" $ | nindent 4 }}
+spec:
+  accessModes:
+    - {{ $persistence.accessMode | default "ReadWriteOnce" }}
+  resources:
+    requests:
+      storage: {{ $persistence.size | default "1Gi" }}
+  {{- if $persistence.storageClass }}
+  storageClassName: {{ $persistence.storageClass }}
+  {{- end }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pocketbase-{{ .id }}-static-pvc
+  labels:
+    app: pocketbase
+    instance: {{ .id }}
+    type: static
+    {{- include "pocketbase.labels" $ | nindent 4 }}
+spec:
+  accessModes:
+    - {{ $persistence.accessMode | default "ReadWriteOnce" }}
+  resources:
+    requests:
+      storage: 100Mi
+  {{- if $persistence.storageClass }}
+  storageClassName: {{ $persistence.storageClass }}
+  {{- end }}
+{{- end }}
+{{- end }}