{{/* Copyright 2019 HAProxy Technologies LLC Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} {{- if eq .Values.controller.kind "Deployment" }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kubernetes-ingress.fullname" . }} namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} helm.sh/chart: {{ template "kubernetes-ingress.chart" . }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} {{- if .Values.controller.extraLabels }} {{ toYaml .Values.controller.extraLabels | indent 4 }} {{- end }} spec: {{- if not .Values.controller.autoscaling.enabled }} replicas: {{ .Values.controller.replicaCount }} {{- end }} selector: matchLabels: app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- with .Values.controller.strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} template: metadata: labels: app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Values.controller.podLabels }} {{ toYaml .Values.controller.podLabels | indent 8 }} {{- end }} {{- if .Values.controller.podAnnotations }} annotations: {{ toYaml .Values.controller.podAnnotations | indent 8 }} {{- end }} spec: serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }} terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} {{- if .Values.controller.dnsConfig }} dnsConfig: {{ toYaml .Values.controller.dnsConfig | indent 8 }} {{- end }} dnsPolicy: {{ .Values.controller.dnsPolicy }} {{- if .Values.controller.imageCredentials.registry }} imagePullSecrets: - name: {{ template "kubernetes-ingress.fullname" . }} {{- end }} {{- if .Values.controller.priorityClassName }} priorityClassName: {{ .Values.controller.priorityClassName }} {{- end }} containers: - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }} image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}" imagePullPolicy: {{ .Values.controller.image.pullPolicy }} args: {{- if .Values.controller.defaultTLSSecret.secret }} - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }} {{- else }} - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }} {{- end }} - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }} {{- if .Values.defaultBackend.enabled }} - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }} {{- end }} {{- if .Values.controller.ingressClass }} - --ingress.class={{ .Values.controller.ingressClass }} {{- end }} {{- if .Values.controller.publishService.enabled }} - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }} {{- end }} {{- if .Values.controller.logging.level }} - --log={{ .Values.controller.logging.level }} {{- end }} {{- range .Values.controller.extraArgs }} - {{ . }} {{- end }} {{- if .Values.controller.unprivileged }} securityContext: runAsUser: 1000 runAsGroup: 1000 capabilities: drop: - ALL add: - NET_BIND_SERVICE {{- end }} ports: {{- range $key, $value := .Values.controller.containerPort }} - name: {{ $key }} containerPort: {{ $value }} protocol: TCP {{- end }} {{- range .Values.controller.service.tcpPorts }} - name: {{ .name }}-tcp containerPort: {{ .targetPort }} protocol: TCP {{- end }} livenessProbe: failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} httpGet: path: {{ .Values.controller.livenessProbe.path }} port: {{ .Values.controller.livenessProbe.port }} scheme: {{ .Values.controller.livenessProbe.scheme }} initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} readinessProbe: failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} httpGet: path: {{ .Values.controller.readinessProbe.path }} port: {{ .Values.controller.readinessProbe.port }} scheme: {{ .Values.controller.readinessProbe.scheme }} initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} startupProbe: failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }} httpGet: path: {{ .Values.controller.startupProbe.path }} port: {{ .Values.controller.startupProbe.port }} scheme: {{ .Values.controller.startupProbe.scheme }} initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }} periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }} successThreshold: {{ .Values.controller.startupProbe.successThreshold }} timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }} env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace {{- range .Values.controller.extraEnvs }} - name: {{ .name }} value: {{ .value }} {{- end }} resources: {{- toYaml .Values.controller.resources | nindent 12 }} {{- if .Values.controller.lifecycle }} lifecycle: {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }} {{ tpl .Values.controller.lifecycle . | indent 12 }} {{- else }} {{ toYaml .Values.controller.lifecycle | indent 12 }} {{- end }} {{- end }} {{- if .Values.controller.extraVolumeMounts }} volumeMounts: {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }} {{ tpl .Values.controller.extraVolumeMounts . | indent 12 }} {{- else }} {{ toYaml .Values.controller.extraVolumeMounts | indent 12 }} {{- end }} {{- end}} {{- if .Values.controller.extraContainers }} {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }} {{ tpl .Values.controller.extraContainers . | indent 8 }} {{- else }} {{ toYaml .Values.controller.extraContainers | indent 8 }} {{- end }} {{- end }} {{- if .Values.controller.extraVolumes }} volumes: {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }} {{ tpl .Values.controller.extraVolumes . | indent 8 }} {{- else }} {{ toYaml .Values.controller.extraVolumes | indent 8 }} {{- end }} {{- end }} {{- if or .Values.controller.unprivileged .Values.controller.initContainers }} initContainers: {{- if .Values.controller.unprivileged }} - name: sysctl image: busybox:musl command: - /bin/sh - -c - sysctl -w net.ipv4.ip_unprivileged_port_start=0 securityContext: privileged: true {{- end }} {{- with.Values.controller.initContainers }} {{- toYaml . | nindent 8 }} {{- end }} {{- end }} {{- with .Values.controller.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.controller.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.controller.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }}