apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ziti-host.fullname" . }} labels: {{- include "ziti-host.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicas }} selector: matchLabels: {{- include "ziti-host.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "ziti-host.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "ziti-host.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} dnsPolicy: {{ .Values.dnsPolicy }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: {{- toYaml .Values.ports | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} {{ if .Values.image.command }} command: {{ .Values.image.command }} {{ end }} args: {{- toYaml .Values.image.args | nindent 12 }} env: - name: NF_REG_NAME value: {{ include "ziti-host.fullname" . }}-identity volumeMounts: - mountPath: /enrollment-token name: enrollment-token readOnly: true - mountPath: /netfoundry name: persisted-identity readOnly: false hostNetwork: {{ .Values.hostNetwork }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: enrollment-token secret: secretName: {{ include "ziti-host.fullname" . }}-identity defaultMode: 0400 items: - key: enrollment-token path: {{ include "ziti-host.fullname" . }}-identity.jwt - name: persisted-identity persistentVolumeClaim: claimName: {{ include "ziti-host.fullname" . }}