andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-charts/charts/rancher-external-ip-webhook/0.1.601/templates/deployment.yaml

108 lines
4.0 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
seccomp.security.alpha.kubernetes.io/pod: runtime/default
labels: {{ include "externalip-webhook.labels" . | indent 4 }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
name: {{ template "externalip-webhook.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: {{ template "externalip-webhook.name" . }}
template:
metadata:
annotations:
seccomp.security.alpha.kubernetes.io/pod: runtime/default
labels: {{ include "externalip-webhook.labels" . | indent 8 }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
spec:
containers:
{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }}
- name: {{ template "externalip-webhook.fullname" . }}-auth-proxy
args:
- --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }}
- --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/
- --logtostderr=true
- --v=10
image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }}
imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}"
ports:
- containerPort: {{ .Values.metrics.port }}
name: webhook-metrics
protocol: TCP
resources:
{{ toYaml .Values.metrics.authProxy.resources | indent 10 }}
readinessProbe:
tcpSocket:
port: webhook-metrics
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: webhook-metrics
initialDelaySeconds: 5
failureThreshold: 10
periodSeconds: 30
{{- end }}
- name: {{ template "externalip-webhook.fullname" . }}
image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }}
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
command:
- /webhook
args:
- --webhook-port={{ .Values.webhookPort }}
{{- if .Values.allowedExternalIPCidrs }}
- --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }}
{{- end }}
{{- if .Values.metrics.enabled }}
{{- if .Values.metrics.authProxy.enabled }}
- --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }}
{{- else }}
- --metrics-addr=0.0.0.0:{{ .Values.metrics.port }}
{{- end }}
{{- end }}
ports:
- containerPort: {{ .Values.webhookPort }}
name: webhook-server
protocol: TCP
{{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }}
- containerPort: {{ .Values.metrics.port }}
name: webhook-metrics
protocol: TCP
{{- end }}
volumeMounts:
- name: server-cert
mountPath: /tmp/k8s-webhook-server/serving-certs
readOnly: true
resources:
{{ toYaml .Values.resources | indent 10 }}
readinessProbe:
tcpSocket:
port: webhook-server
initialDelaySeconds: 5
failureThreshold: 10
periodSeconds: 30
livenessProbe:
tcpSocket:
port: webhook-server
initialDelaySeconds: 5
failureThreshold: 10
periodSeconds: 30
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 6}}
{{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 6 }}
{{- end }}
serviceAccountName: {{ template "externalip-webhook.fullname" . }}
volumes:
- name: server-cert
secret:
defaultMode: 420
secretName: {{ .Values.certificates.secretName }}
Reference in New Issue View Git Blame Copy Permalink