188 lines
6.3 KiB
YAML
188 lines
6.3 KiB
YAML
{{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }}
|
|
apiVersion: v1
|
|
data:
|
|
.dockerconfigjson: {{
|
|
printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}"
|
|
.Values.imagePullSecrets.repository
|
|
.Values.imagePullSecrets.username
|
|
.Values.imagePullSecrets.password
|
|
.Values.imagePullSecrets.email
|
|
(printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc)
|
|
| b64enc
|
|
}}
|
|
kind: Secret
|
|
metadata:
|
|
name: kubeslice-image-pull-secret
|
|
namespace: kubeslice-system
|
|
type: kubernetes.io/dockerconfigjson
|
|
{{- end }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
control-plane: controller-manager
|
|
name: kubeslice-operator
|
|
namespace: kubeslice-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
control-plane: controller-manager
|
|
spoke-cluster: {{ .Values.cluster.name }}
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
kubectl.kubernetes.io/default-container: manager
|
|
prometheus.io/port: "8080"
|
|
prometheus.io/scrape: "true"
|
|
labels:
|
|
control-plane: controller-manager
|
|
spoke-cluster: {{ .Values.cluster.name }}
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- --secure-listen-address=0.0.0.0:8443
|
|
- --upstream=http://127.0.0.1:8080/
|
|
- --logtostderr=true
|
|
- --v=10
|
|
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
|
|
name: kube-rbac-proxy
|
|
ports:
|
|
- containerPort: 8443
|
|
name: https
|
|
protocol: TCP
|
|
- args:
|
|
- --health-probe-bind-address=:8081
|
|
- --metrics-bind-address=:8080
|
|
- --leader-elect
|
|
command:
|
|
- /manager
|
|
image: '{{ .Values.operator.image }}:{{ .Values.operator.tag }}'
|
|
imagePullPolicy: '{{ .Values.operator.pullPolicy }}'
|
|
env:
|
|
- name: LOG_LEVEL
|
|
value: {{ .Values.operator.logLevel }}
|
|
- name: HUB_HOST_ENDPOINT
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: kubeslice-hub
|
|
key: endpoint
|
|
- name: HUB_PROJECT_NAMESPACE
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: kubeslice-hub
|
|
key: namespace
|
|
- name: CLUSTER_NAME
|
|
value: {{ .Values.cluster.name }}
|
|
- name: AVESHA_VL3_ROUTER_IMAGE
|
|
value: "{{ .Values.router.image }}:{{ .Values.router.tag }}"
|
|
- name: AVESHA_VL3_ROUTER_PULLPOLICY
|
|
value: {{ .Values.router.pullPolicy }}
|
|
- name: AVESHA_VL3_SIDECAR_IMAGE
|
|
value: "{{ .Values.routerSidecar.image }}:{{ .Values.routerSidecar.tag }}"
|
|
- name: AVESHA_VL3_SIDECAR_IMAGE_PULLPOLICY
|
|
value: {{ .Values.routerSidecar.pullPolicy }}
|
|
- name: CLUSTER_ENDPOINT
|
|
value: "{{ .Values.cluster.endpoint }}"
|
|
- name: AVESHA_GW_SIDECAR_IMAGE
|
|
value: '{{ .Values.gateway.image }}:{{ .Values.gateway.tag }}'
|
|
- name: AVESHA_GW_SIDECAR_IMAGE_PULLPOLICY
|
|
value: '{{ .Values.gateway.pullPolicy }}'
|
|
- name: AVESHA_OPENVPN_SERVER_IMAGE
|
|
value: '{{ .Values.openvpn.server.image }}:{{ .Values.openvpn.server.tag }}'
|
|
- name: AVESHA_OPENVPN_SERVER_PULLPOLICY
|
|
value: '{{ .Values.openvpn.server.pullPolicy }}'
|
|
- name: AVESHA_OPENVPN_CLIENT_IMAGE
|
|
value: '{{ .Values.openvpn.client.image }}:{{ .Values.openvpn.client.tag }}'
|
|
- name: AVESHA_OPENVPN_CLIENT_PULLPOLICY
|
|
value: '{{ .Values.openvpn.client.pullPolicy }}'
|
|
|
|
{{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }}
|
|
- name: IMAGE_PULL_SECRET_NAME
|
|
value: kubeslice-image-pull-secret
|
|
{{- end }}
|
|
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8081
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 20
|
|
name: manager
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: 8081
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 64Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumeMounts:
|
|
- name: kubeslice-worker-event-schema-conf
|
|
mountPath: /events/event-schema/
|
|
- mountPath: /var/run/secrets/kubernetes.io/hub-serviceaccount
|
|
name: hub-secret
|
|
readOnly: true
|
|
- mountPath: /etc/webhook/certs
|
|
name: webhook-certs
|
|
readOnly: true
|
|
serviceAccountName: kubeslice-controller-manager
|
|
terminationGracePeriodSeconds: 10
|
|
volumes:
|
|
- name: kubeslice-worker-event-schema-conf
|
|
configMap:
|
|
name: kubeslice-worker-event-schema-conf
|
|
defaultMode: 420
|
|
- name: webhook-certs
|
|
secret:
|
|
secretName: kubeslice-admission-webhook-certs
|
|
- name: hub-secret
|
|
secret:
|
|
defaultMode: 420
|
|
secretName: kubeslice-hub
|
|
items:
|
|
- key: "ca.crt"
|
|
path: "ca.crt"
|
|
- key: "token"
|
|
path: "token"
|
|
{{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }}
|
|
imagePullSecrets:
|
|
- name: kubeslice-image-pull-secret
|
|
{{- end }}
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubeslice.io/node-type
|
|
operator: In
|
|
values:
|
|
- gateway
|
|
|
|
---
|
|
apiVersion: v1
|
|
data:
|
|
{{ if .Values.events.disabled }}
|
|
worker.yaml: |-
|
|
disabledEvents:
|
|
- LicenseSecretNotFound
|
|
{{ else }}
|
|
worker.yaml: |-
|
|
disabledEvents:
|
|
- LicenseSecretNotFound
|
|
{{ end }}
|
|
kind: ConfigMap
|
|
metadata:
|
|
labels:
|
|
name: event-schema
|
|
name: kubeslice-worker-event-schema-conf
|
|
namespace: kubeslice-system
|