andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/kongmesh/kuma/0.8.101/templates/cp-deployment.yaml

171 lines
6.4 KiB
YAML
Raw Normal View History

Adding charts
2022-02-04 21:18:33 +00:00
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "kuma.name" . }}-control-plane
namespace: {{ .Release.Namespace }}
labels:
{{- include "kuma.labels" . | nindent 4 }}
app: {{ include "kuma.name" . }}-control-plane
spec:
replicas: {{ .Values.controlPlane.replicas }}
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
{{- include "kuma.selectorLabels" . | nindent 6 }}
app: {{ include "kuma.name" . }}-control-plane
template:
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/cp-configmap.yaml") . | sha256sum }}
checksum/tls-secrets: {{ include (print $.Template.BasePath "/cp-webhooks-and-secrets.yaml") . | sha256sum }}
labels:
{{- include "kuma.selectorLabels" . | nindent 8 }}
app: {{ include "kuma.name" . }}-control-plane
spec:
{{- with .Values.controlPlane.affinity }}
affinity:
{{ toYaml . | nindent 8 }}
{{- else }}
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- {{ include "kuma.name" . }}-control-plane
topologyKey: kubernetes.io/hostname
{{- end }}
serviceAccountName: {{ include "kuma.name" . }}-control-plane
{{- with .Values.controlPlane.nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
containers:
- name: control-plane
image: {{ include "kuma.formatImage" (dict "image" .Values.controlPlane.image "root" $) | quote }}
imagePullPolicy: {{ .Values.controlPlane.image.pullPolicy }}
env:
{{- $defaultEnv := include "kuma.defaultEnv" . | fromYaml | pluck "env" | first }}
{{- $defaultEnvDict := dict }}
{{- range $index, $item := $defaultEnv }}
{{- $name := $item.name | upper }}
{{- $defaultEnvDict := set $defaultEnvDict $name $item.value }}
{{- end }}
{{- $envVarsCopy := deepCopy .Values.controlPlane.envVars }}
{{- $mergedEnv := merge $envVarsCopy $defaultEnvDict }}
{{- range $key, $value := $mergedEnv }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $element := .Values.controlPlane.secrets }}
- name: {{ $element.Env }}
valueFrom:
secretKeyRef:
name: {{ $element.Secret }}
key: {{ $element.Key }}
{{- end }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
args:
- run
- --log-level={{ .Values.controlPlane.logLevel }}
- --config-file=/etc/kuma.io/kuma-control-plane/config.yaml
ports:
- containerPort: 5681
- containerPort: 5682
- containerPort: 5443
{{- if ne .Values.controlPlane.mode "global" }}
- containerPort: 5678
- containerPort: 5653
protocol: UDP
{{- end }}
livenessProbe:
httpGet:
path: /healthy
port: 5680
readinessProbe:
httpGet:
path: /ready
port: 5680
resources:
{{- if .Values.controlPlane.resources }}
{{ .Values.controlPlane.resources | toYaml | nindent 12 }}
{{- else if eq .Values.controlPlane.mode "global" }}
requests:
cpu: 500m
memory: 256Mi
{{- else }}
requests:
cpu: 100m
memory: 256Mi
{{- end }}
volumeMounts:
- name: general-tls-cert
mountPath: /var/run/secrets/kuma.io/tls-cert
readOnly: true
- name: {{ include "kuma.name" . }}-control-plane-config
mountPath: /etc/kuma.io/kuma-control-plane
readOnly: true
{{- if .Values.controlPlane.tls.apiServer.secretName }}
- name: api-server-tls-cert
mountPath: /var/run/secrets/kuma.io/api-server-tls-cert
readOnly: true
{{- end }}
{{- if .Values.controlPlane.tls.apiServer.clientCertsSecretName }}
- name: api-server-client-certs
mountPath: /var/run/secrets/kuma.io/api-server-client-certs
readOnly: true
{{- end }}
{{- if .Values.controlPlane.tls.kdsGlobalServer.secretName }}
- name: kds-server-tls-cert
mountPath: /var/run/secrets/kuma.io/kds-server-tls-cert
readOnly: true
{{- end }}
{{- if .Values.controlPlane.tls.kdsZoneClient.secretName }}
- name: kds-client-tls-cert
mountPath: /var/run/secrets/kuma.io/kds-client-tls-cert
readOnly: true
{{- end }}
volumes:
{{- if .Values.controlPlane.tls.general.secretName }}
- name: general-tls-cert
secret:
secretName: {{ .Values.controlPlane.tls.general.secretName }}
{{- else }}
- name: general-tls-cert
secret:
secretName: {{ include "kuma.name" . }}-tls-cert
{{- end }}
{{- if .Values.controlPlane.tls.apiServer.secretName }}
- name: api-server-tls-cert
secret:
secretName: {{ .Values.controlPlane.tls.apiServer.secretName }}
{{- end }}
{{- if .Values.controlPlane.tls.apiServer.clientCertsSecretName }}
- name: api-server-client-certs
secret:
secretName: {{ .Values.controlPlane.tls.apiServer.clientCertsSecretName }}
{{- end }}
{{- if .Values.controlPlane.tls.kdsGlobalServer.secretName }}
- name: kds-server-tls-cert
secret:
secretName: {{ .Values.controlPlane.tls.kdsGlobalServer.secretName }}
{{- end }}
{{- if .Values.controlPlane.tls.kdsZoneClient.secretName }}
- name: kds-client-tls-cert
secret:
secretName: {{ .Values.controlPlane.tls.kdsZoneClient.secretName }}
{{- end }}
- name: {{ include "kuma.name" . }}-control-plane-config
configMap:
name: {{ include "kuma.name" . }}-control-plane-config