115 lines
3.2 KiB
YAML
115 lines
3.2 KiB
YAML
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: cpx-sidecar-injector
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
istio: sidecar-injector
|
|
app: cpx-sidecar-injector
|
|
spec:
|
|
ports:
|
|
- port: 443
|
|
selector:
|
|
istio: sidecar-injector
|
|
|
|
---
|
|
# Deployment
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cpx-sidecar-injector
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app: sidecarInjectorWebhook
|
|
istio: sidecar-injector
|
|
app: cpx-sidecar-injector
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: cpx-sidecar-injector
|
|
istio: sidecar-injector
|
|
template:
|
|
metadata:
|
|
labels:
|
|
istio: sidecar-injector
|
|
app: cpx-sidecar-injector
|
|
annotations:
|
|
sidecar.istio.io/inject: "false"
|
|
scheduler.alpha.kubernetes.io/critical-pod: ""
|
|
spec:
|
|
serviceAccountName: cpx-sidecar-injector-service-account
|
|
initContainers:
|
|
- name: sidecar-certs-generator
|
|
image: {{ tpl .Values.sidecarCertsGenerator.image . }}
|
|
imagePullPolicy: {{ .Values.sidecarCertsGenerator.imagePullPolicy }}
|
|
securityContext:
|
|
privileged: true
|
|
volumeMounts:
|
|
- name: certs
|
|
mountPath: /tmp
|
|
containers:
|
|
- name: sidecar-injector-webhook
|
|
image: {{ tpl .Values.sidecarWebHook.webhookImage . }}
|
|
imagePullPolicy: {{ .Values.sidecarWebHook.imagePullPolicy }}
|
|
securityContext:
|
|
privileged: true
|
|
args:
|
|
- --caCertFile=/etc/istio/certs/cert.pem
|
|
- --tlsCertFile=/etc/istio/certs/cert.pem
|
|
- --tlsKeyFile=/etc/istio/certs/key.pem
|
|
- --injectConfig=/etc/istio/inject/config
|
|
- --meshConfig=/etc/istio/config/mesh
|
|
- --healthCheckInterval=10s
|
|
- --webhookConfigName=cpx-sidecar-injector
|
|
- --webhookName=cpx-sidecar-injector.citrix.io
|
|
- --objectWebhookName=object.cpx-sidecar-injector.citrix.io
|
|
volumeMounts:
|
|
- name: config-volume
|
|
mountPath: /etc/istio/config
|
|
readOnly: true
|
|
- name: certs
|
|
mountPath: /etc/istio/certs
|
|
readOnly: true
|
|
- name: inject-config
|
|
mountPath: /etc/istio/inject
|
|
readOnly: true
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- cat
|
|
- /health
|
|
failureThreshold: 5
|
|
initialDelaySeconds: 4
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- cat
|
|
- /health
|
|
failureThreshold: 5
|
|
initialDelaySeconds: 4
|
|
periodSeconds: 10
|
|
initialDelaySeconds: 4
|
|
resources:
|
|
requests:
|
|
cpu: 10m
|
|
|
|
volumes:
|
|
- name: config-volume
|
|
configMap:
|
|
name: istio
|
|
- name: certs
|
|
emptyDir: {}
|
|
- name: inject-config
|
|
configMap:
|
|
name: cpx-istio-sidecar-injector
|
|
items:
|
|
- key: config
|
|
path: config
|
|
- key: values
|
|
path: values
|
|
---
|