127 lines
4.5 KiB
YAML
127 lines
4.5 KiB
YAML
|
{{- if .Values.ingressController.enabled }}
|
||
|
|
apiVersion: apps/v1
|
||
|
|
kind: Deployment
|
||
|
|
metadata:
|
||
|
|
name: {{ template "pomerium.ingressController.fullname" . }}
|
||
|
|
labels:
|
||
|
|
app.kubernetes.io/name: {{ template "pomerium.ingressController.name" . }}
|
||
|
|
helm.sh/chart: {{ template "pomerium.chart" . }}
|
||
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||
|
|
app.kubernetes.io/component: ingressController
|
||
|
|
annotations:
|
||
|
|
{{- if .Values.ingressController.deployment.annotations }}
|
||
|
|
{{- range $key, $value := .Values.ingressController.deployment.annotations }}
|
||
|
|
{{ $key }}: {{ $value | quote }}
|
||
|
|
{{- end }}
|
||
|
|
{{- else if .Values.annotations }}
|
||
|
|
{{- range $key, $value := .Values.annotations }}
|
||
|
|
{{ $key }}: {{ $value | quote }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|
||
|
|
spec:
|
||
|
|
strategy:
|
||
|
|
type: Recreate
|
||
|
|
replicas: 1
|
||
|
|
selector:
|
||
|
|
matchLabels:
|
||
|
|
app.kubernetes.io/name: {{ template "pomerium.ingressController.name" . }}
|
||
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||
|
|
template:
|
||
|
|
metadata:
|
||
|
|
annotations:
|
||
|
|
checksum: {{ include "pomerium.static.checksum" . }}
|
||
|
|
{{- if .Values.podAnnotations }}
|
||
|
|
{{ toYaml .Values.podAnnotations | indent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.ingressController.deployment.podAnnotations }}
|
||
|
|
{{ toYaml .Values.ingressController.deployment.podAnnotations | indent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
labels:
|
||
|
|
app.kubernetes.io/name: {{ template "pomerium.ingressController.name" . }}
|
||
|
|
helm.sh/chart: {{ template "pomerium.chart" . }}
|
||
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||
|
|
{{- if .Values.podLabels }}
|
||
|
|
{{ toYaml .Values.podLabels | indent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
spec:
|
||
|
|
{{- if .Values.priorityClassName }}
|
||
|
|
priorityClassName: {{ .Values.priorityClassName }}
|
||
|
|
{{- end }}
|
||
|
|
containers:
|
||
|
|
- name: {{ .Chart.Name }}
|
||
|
|
image: {{ .Values.ingressController.image.repository }}:{{ .Values.ingressController.image.tag }}
|
||
|
|
imagePullPolicy: {{ .Values.ingressController.image.pullPolicy }}
|
||
|
|
args:
|
||
|
|
- controller
|
||
|
|
- --name={{ .Values.ingressController.config.ingressClass }}
|
||
|
|
{{- if .Values.ingressController.config.namespaces }}
|
||
|
|
- --namespaces={{ .Values.ingressController.config.namespaces | join "," }}
|
||
|
|
{{- end }}
|
||
|
|
- --databroker-service-url={{ printf "%s://%s.%s.svc.cluster.local" (include "pomerium.httpTrafficPort.name" .) (include "pomerium.databroker.fullname" .) .Release.Namespace }}
|
||
|
|
- --databroker-tls-ca-file=/pomerium/ca/ca.crt
|
||
|
|
- --metrics-bind-address=:8080
|
||
|
|
- --health-probe-bind-address=:8081
|
||
|
|
{{- if and .Values.ingressController.config.updateStatus (not .Values.ingressController.config.operatorMode) }}
|
||
|
|
- --update-status-from-service={{ .Release.Namespace}}/{{ template "pomerium.proxy.fullname" . }}
|
||
|
|
{{- end }}
|
||
|
|
ports:
|
||
|
|
- containerPort: 8080
|
||
|
|
name: metrics
|
||
|
|
protocol: TCP
|
||
|
|
- containerPort: 8081
|
||
|
|
name: health
|
||
|
|
protocol: TCP
|
||
|
|
livenessProbe:
|
||
|
|
httpGet:
|
||
|
|
path: /healthz
|
||
|
|
port: health
|
||
|
|
scheme: HTTP
|
||
|
|
readinessProbe:
|
||
|
|
httpGet:
|
||
|
|
path: /readyz
|
||
|
|
port: health
|
||
|
|
scheme: HTTP
|
||
|
|
env:
|
||
|
|
{{- range $name, $value := .Values.extraEnv }}
|
||
|
|
- name: {{ $name }}
|
||
|
|
value: {{ quote $value }}
|
||
|
|
{{- end }}
|
||
|
|
{{- range $name, $value := .Values.ingressController.deployment.extraEnv }}
|
||
|
|
- name: {{ $name }}
|
||
|
|
value: {{ quote $value }}
|
||
|
|
{{- end }}
|
||
|
|
envFrom:
|
||
|
|
- secretRef:
|
||
|
|
name: {{ include "pomerium.sharedSecretName" . }}
|
||
|
|
{{- if .Values.extraEnvFrom }}
|
||
|
|
{{ toYaml .Values.extraEnvFrom | indent 10 }}
|
||
|
|
{{- end }}
|
||
|
|
resources:
|
||
|
|
{{ toYaml .Values.resources | indent 10 }}
|
||
|
|
volumeMounts:
|
||
|
|
{{ include "pomerium.volumeMounts" . | indent 10 }}
|
||
|
|
volumes:
|
||
|
|
{{ include "pomerium.volumes.shared" . | indent 8 }}
|
||
|
|
- name: service-tls
|
||
|
|
emptyDir: {}
|
||
|
|
serviceAccountName: {{ template "pomerium.ingressController.serviceAccountName" . }}
|
||
|
|
{{- if .Values.imagePullSecrets }}
|
||
|
|
imagePullSecrets:
|
||
|
|
{{ toYaml .Values.imagePullSecrets | indent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.nodeSelector }}
|
||
|
|
nodeSelector:
|
||
|
|
{{ toYaml .Values.nodeSelector | indent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.tolerations }}
|
||
|
|
tolerations:
|
||
|
|
{{ toYaml .Values.tolerations | indent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- if .Values.affinity }}
|
||
|
|
affinity:
|
||
|
|
{{ toYaml .Values.affinity | indent 8 }}
|
||
|
|
{{- end }}
|
||
|
|
{{- end }}
|