171 lines
6.4 KiB
YAML
171 lines
6.4 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "kuma.name" . }}-control-plane
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{- include "kuma.labels" . | nindent 4 }}
|
|
app: {{ include "kuma.name" . }}-control-plane
|
|
spec:
|
|
replicas: {{ .Values.controlPlane.replicas }}
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 0
|
|
selector:
|
|
matchLabels:
|
|
{{- include "kuma.selectorLabels" . | nindent 6 }}
|
|
app: {{ include "kuma.name" . }}-control-plane
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
checksum/config: {{ include (print $.Template.BasePath "/cp-configmap.yaml") . | sha256sum }}
|
|
checksum/tls-secrets: {{ include (print $.Template.BasePath "/cp-webhooks-and-secrets.yaml") . | sha256sum }}
|
|
labels:
|
|
{{- include "kuma.selectorLabels" . | nindent 8 }}
|
|
app: {{ include "kuma.name" . }}-control-plane
|
|
spec:
|
|
{{- with .Values.controlPlane.affinity }}
|
|
affinity:
|
|
{{ toYaml . | nindent 8 }}
|
|
{{- else }}
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: In
|
|
values:
|
|
- {{ include "kuma.name" . }}-control-plane
|
|
topologyKey: kubernetes.io/hostname
|
|
{{- end }}
|
|
serviceAccountName: {{ include "kuma.name" . }}-control-plane
|
|
{{- with .Values.controlPlane.nodeSelector }}
|
|
nodeSelector:
|
|
{{ toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: control-plane
|
|
image: {{ include "kuma.formatImage" (dict "image" .Values.controlPlane.image "root" $) | quote }}
|
|
imagePullPolicy: {{ .Values.controlPlane.image.pullPolicy }}
|
|
env:
|
|
{{- $defaultEnv := include "kuma.defaultEnv" . | fromYaml | pluck "env" | first }}
|
|
{{- $defaultEnvDict := dict }}
|
|
{{- range $index, $item := $defaultEnv }}
|
|
{{- $name := $item.name | upper }}
|
|
{{- $defaultEnvDict := set $defaultEnvDict $name $item.value }}
|
|
{{- end }}
|
|
{{- $envVarsCopy := deepCopy .Values.controlPlane.envVars }}
|
|
{{- $mergedEnv := merge $envVarsCopy $defaultEnvDict }}
|
|
{{- range $key, $value := $mergedEnv }}
|
|
- name: {{ $key }}
|
|
value: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- range $element := .Values.controlPlane.secrets }}
|
|
- name: {{ $element.Env }}
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ $element.Secret }}
|
|
key: {{ $element.Key }}
|
|
{{- end }}
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
args:
|
|
- run
|
|
- --log-level={{ .Values.controlPlane.logLevel }}
|
|
- --config-file=/etc/kuma.io/kuma-control-plane/config.yaml
|
|
ports:
|
|
- containerPort: 5681
|
|
- containerPort: 5682
|
|
- containerPort: 5443
|
|
{{- if ne .Values.controlPlane.mode "global" }}
|
|
- containerPort: 5678
|
|
- containerPort: 5653
|
|
protocol: UDP
|
|
{{- end }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthy
|
|
port: 5680
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: 5680
|
|
resources:
|
|
{{- if .Values.controlPlane.resources }}
|
|
{{ .Values.controlPlane.resources | toYaml | nindent 12 }}
|
|
{{- else if eq .Values.controlPlane.mode "global" }}
|
|
requests:
|
|
cpu: 500m
|
|
memory: 256Mi
|
|
{{- else }}
|
|
requests:
|
|
cpu: 100m
|
|
memory: 256Mi
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: general-tls-cert
|
|
mountPath: /var/run/secrets/kuma.io/tls-cert
|
|
readOnly: true
|
|
- name: {{ include "kuma.name" . }}-control-plane-config
|
|
mountPath: /etc/kuma.io/kuma-control-plane
|
|
readOnly: true
|
|
{{- if .Values.controlPlane.tls.apiServer.secretName }}
|
|
- name: api-server-tls-cert
|
|
mountPath: /var/run/secrets/kuma.io/api-server-tls-cert
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.controlPlane.tls.apiServer.clientCertsSecretName }}
|
|
- name: api-server-client-certs
|
|
mountPath: /var/run/secrets/kuma.io/api-server-client-certs
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.controlPlane.tls.kdsGlobalServer.secretName }}
|
|
- name: kds-server-tls-cert
|
|
mountPath: /var/run/secrets/kuma.io/kds-server-tls-cert
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.controlPlane.tls.kdsZoneClient.secretName }}
|
|
- name: kds-client-tls-cert
|
|
mountPath: /var/run/secrets/kuma.io/kds-client-tls-cert
|
|
readOnly: true
|
|
{{- end }}
|
|
volumes:
|
|
{{- if .Values.controlPlane.tls.general.secretName }}
|
|
- name: general-tls-cert
|
|
secret:
|
|
secretName: {{ .Values.controlPlane.tls.general.secretName }}
|
|
{{- else }}
|
|
- name: general-tls-cert
|
|
secret:
|
|
secretName: {{ include "kuma.name" . }}-tls-cert
|
|
{{- end }}
|
|
{{- if .Values.controlPlane.tls.apiServer.secretName }}
|
|
- name: api-server-tls-cert
|
|
secret:
|
|
secretName: {{ .Values.controlPlane.tls.apiServer.secretName }}
|
|
{{- end }}
|
|
{{- if .Values.controlPlane.tls.apiServer.clientCertsSecretName }}
|
|
- name: api-server-client-certs
|
|
secret:
|
|
secretName: {{ .Values.controlPlane.tls.apiServer.clientCertsSecretName }}
|
|
{{- end }}
|
|
{{- if .Values.controlPlane.tls.kdsGlobalServer.secretName }}
|
|
- name: kds-server-tls-cert
|
|
secret:
|
|
secretName: {{ .Values.controlPlane.tls.kdsGlobalServer.secretName }}
|
|
{{- end }}
|
|
{{- if .Values.controlPlane.tls.kdsZoneClient.secretName }}
|
|
- name: kds-client-tls-cert
|
|
secret:
|
|
secretName: {{ .Values.controlPlane.tls.kdsZoneClient.secretName }}
|
|
{{- end }}
|
|
- name: {{ include "kuma.name" . }}-control-plane-config
|
|
configMap:
|
|
name: {{ include "kuma.name" . }}-control-plane-config
|