{{- if .Values.ingressController.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "pomerium.ingressController.fullname" . }} labels: app.kubernetes.io/name: {{ template "pomerium.ingressController.name" . }} helm.sh/chart: {{ template "pomerium.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: ingressController annotations: {{- if .Values.ingressController.deployment.annotations }} {{- range $key, $value := .Values.ingressController.deployment.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- else if .Values.annotations }} {{- range $key, $value := .Values.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: strategy: type: Recreate replicas: 1 selector: matchLabels: app.kubernetes.io/name: {{ template "pomerium.ingressController.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: annotations: checksum: {{ include "pomerium.static.checksum" . }} {{- if .Values.podAnnotations }} {{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} {{- if .Values.ingressController.deployment.podAnnotations }} {{ toYaml .Values.ingressController.deployment.podAnnotations | indent 8 }} {{- end }} labels: app.kubernetes.io/name: {{ template "pomerium.ingressController.name" . }} helm.sh/chart: {{ template "pomerium.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Values.podLabels }} {{ toYaml .Values.podLabels | indent 8 }} {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} containers: - name: {{ .Chart.Name }} image: {{ .Values.ingressController.image.repository }}:{{ .Values.ingressController.image.tag }} imagePullPolicy: {{ .Values.ingressController.image.pullPolicy }} args: - controller - --name={{ .Values.ingressController.config.ingressClass }} {{- if .Values.ingressController.config.namespaces }} - --namespaces={{ .Values.ingressController.config.namespaces | join "," }} {{- end }} - --databroker-service-url={{ printf "%s://%s.%s.svc.cluster.local" (include "pomerium.httpTrafficPort.name" .) (include "pomerium.databroker.fullname" .) .Release.Namespace }} - --databroker-tls-ca-file=/pomerium/ca/ca.crt - --metrics-bind-address=:8080 - --health-probe-bind-address=:8081 {{- if and .Values.ingressController.config.updateStatus (not .Values.ingressController.config.operatorMode) }} - --update-status-from-service={{ .Release.Namespace}}/{{ template "pomerium.proxy.fullname" . }} {{- end }} ports: - containerPort: 8080 name: metrics protocol: TCP - containerPort: 8081 name: health protocol: TCP livenessProbe: httpGet: path: /healthz port: health scheme: HTTP readinessProbe: httpGet: path: /readyz port: health scheme: HTTP env: {{- range $name, $value := .Values.extraEnv }} - name: {{ $name }} value: {{ quote $value }} {{- end }} {{- range $name, $value := .Values.ingressController.deployment.extraEnv }} - name: {{ $name }} value: {{ quote $value }} {{- end }} envFrom: - secretRef: name: {{ include "pomerium.sharedSecretName" . }} {{- if .Values.extraEnvFrom }} {{ toYaml .Values.extraEnvFrom | indent 10 }} {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} volumeMounts: {{ include "pomerium.volumeMounts" . | indent 10 }} volumes: {{ include "pomerium.volumes.shared" . | indent 8 }} - name: service-tls emptyDir: {} serviceAccountName: {{ template "pomerium.ingressController.serviceAccountName" . }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} {{- end }}