{{- if .Values.agents.ai_infra.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: ai-infra-deploy-{{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
app: ai-infra-{{ .Release.Name }}
spec:
replicas: 1
selector:
matchLabels:
app: ai-infra-{{ .Release.Name }}
template:
metadata:
annotations:
checksum/secret: {{ include (print $.Template.BasePath "/ai-infra-agent/ai-infra-secret.yaml") . | sha256sum }}
labels:
app: ai-infra-{{ .Release.Name }}
spec:
automountServiceAccountToken: false
containers:
- name: ai-infra
image: "{{if ne ( .Values.agents.ai_infra.image.registry | toString ) ""}}{{ .Values.agents.ai_infra.image.registry }}{{ else }}{{ .Values.globals.imageRegistry }}{{ end }}/{{ .Values.agents.ai_infra.image.name }}:{{ .Values.agents.ai_infra.image.tag | toString }}"
imagePullPolicy: {{ if ne ( .Values.agents.ai_infra.image.imagePullPolicy | toString ) "" }}{{ .Values.agents.ai_infra.image.imagePullPolicy }}{{ else }}{{ .Values.globals.imagePullPolicy }}{{ end }}
ports:
- containerPort: 8101
protocol: TCP
env:
- name: TZ
value: Asia/Shanghai
- name: PYTHONPATH
value: /app
volumeMounts:
- mountPath: /app/config
name: ai-infra-secret-volume
securityContext:
readOnlyRootFilesystem: {{ .Values.agents.ai_infra.readOnly }}
capabilities:
drop:
- ALL
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
allowPrivilegeEscalation: false
resources:
{{- toYaml .Values.agents.ai_infra.resources | nindent 12 }}
volumes:
- name: ai-infra-secret-volume
secret:
secretName: ai-infra-secret-{{ .Release.Name }}
items:
- key: .env.yaml
path: .env.yaml
{{- end }}