rancher-partner-charts/charts/haproxy/templates/controller-deployment.yaml

{{/*
Copyright 2019 HAProxy Technologies LLC

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}

{{- if eq .Values.controller.kind "Deployment" }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "kubernetes-ingress.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
    helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/version: {{ .Chart.AppVersion }}
    {{- if .Values.controller.extraLabels }}
{{ toYaml .Values.controller.extraLabels | indent 4 }}
    {{- end }}
spec:
  {{- if not .Values.controller.autoscaling.enabled }}
  replicas: {{ .Values.controller.replicaCount }}
  {{- end }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
  {{- with .Values.controller.strategy }}
  strategy:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        {{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8 }}
        {{- end }}
      {{- if .Values.controller.podAnnotations }}
      annotations:
{{ toYaml .Values.controller.podAnnotations | indent 8 }}
      {{- end }}
    spec:
      serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
      terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if .Values.controller.dnsConfig }}
      dnsConfig:
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
{{- end }}
      dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.imageCredentials.registry }}
      imagePullSecrets:
      - name: {{ template "kubernetes-ingress.fullname" . }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
      priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
      containers:
        - name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
          image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}"
          imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
          args:
{{- if .Values.controller.defaultTLSSecret.secret }}
          - --default-ssl-certificate={{ .Release.Namespace }}/{{ .Values.controller.defaultTLSSecret.secret }}
{{- else }}
          - --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
{{- end }}
          - --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
{{- if .Values.defaultBackend.enabled }}
          - --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.ingressClass }}
          - --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if .Values.controller.publishService.enabled }}
          - --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}
{{- end }}
{{- if .Values.controller.logging.level }}
          - --log={{ .Values.controller.logging.level }}
{{- end }}
{{- range .Values.controller.extraArgs }}
          - {{ . }}
{{- end }}
          {{- if .Values.controller.unprivileged }}
          securityContext:
            runAsUser:  1000
            runAsGroup: 1000
            capabilities:
              drop:
                - ALL
              add:
                - NET_BIND_SERVICE
          {{- end }}
          ports:
          {{- range $key, $value := .Values.controller.containerPort }}
            - name: {{ $key }}
              containerPort: {{ $value }}
              protocol: TCP
          {{- end }}
          {{- range .Values.controller.service.tcpPorts }}
            - name: {{ .name }}-tcp
              containerPort: {{ .targetPort }}
              protocol: TCP
          {{- end }}
          livenessProbe:
            failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
            httpGet:
              path: {{ .Values.controller.livenessProbe.path }}
              port: {{ .Values.controller.livenessProbe.port }}
              scheme: {{ .Values.controller.livenessProbe.scheme }}
            initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
            successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
            timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
          readinessProbe:
            failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
            httpGet:
              path: {{ .Values.controller.readinessProbe.path }}
              port: {{ .Values.controller.readinessProbe.port }}
              scheme: {{ .Values.controller.readinessProbe.scheme }}
            initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
            timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
          startupProbe:
            failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
            httpGet:
              path: {{ .Values.controller.startupProbe.path }}
              port: {{ .Values.controller.startupProbe.port }}
              scheme: {{ .Values.controller.startupProbe.scheme }}
            initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
            successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
            timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
          env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          {{- range .Values.controller.extraEnvs }}
          - name: {{ .name }}
            value: {{ .value }}
          {{- end }}
          resources:
            {{- toYaml .Values.controller.resources | nindent 12 }}
          {{- if .Values.controller.lifecycle }}
          lifecycle:
            {{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
{{ tpl .Values.controller.lifecycle . | indent 12 }}
            {{- else }}
{{ toYaml .Values.controller.lifecycle | indent 12 }}
            {{- end }}
          {{- end }}
          {{- if .Values.controller.extraVolumeMounts }}
          volumeMounts:
            {{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
            {{- else }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
            {{- end }}
          {{- end}}
        {{- if .Values.controller.extraContainers }}
          {{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
{{ tpl .Values.controller.extraContainers . | indent 8 }}
          {{- else }}
{{ toYaml .Values.controller.extraContainers | indent 8 }}
          {{- end }}
        {{- end }}
      {{- if .Values.controller.extraVolumes }}
      volumes:
        {{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
{{ tpl .Values.controller.extraVolumes . | indent 8 }}
        {{- else }}
{{ toYaml .Values.controller.extraVolumes | indent 8 }}
        {{- end }}
      {{- end }}
      {{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
      initContainers:
        {{- if .Values.controller.unprivileged }}
        - name: sysctl
          image: busybox:musl
          command:
            - /bin/sh
            - -c
            - sysctl -w net.ipv4.ip_unprivileged_port_start=0
          securityContext:
            privileged: true
        {{- end }}
        {{- with.Values.controller.initContainers }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- end }}
      {{- with .Values.controller.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.controller.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.controller.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
{{- end }}