111 lines
3.3 KiB
YAML
111 lines
3.3 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "trusted-certificate-issuer.fullname" . }}
|
|
labels:
|
|
{{- include "trusted-certificate-issuer.labels" . | nindent 4 }}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
{{- include "trusted-certificate-issuer.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
{{- with .Values.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "trusted-certificate-issuer.selectorLabels" . | nindent 8 }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ include "trusted-certificate-issuer.serviceAccountName" . }}
|
|
securityContext:
|
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
|
containers:
|
|
- args:
|
|
- --leader-elect
|
|
- --zap-devel
|
|
- --zap-log-level=5
|
|
- --metrics-bind-address=:8082
|
|
- --health-probe-bind-address=:8083
|
|
- --user-pin=$USER_PIN
|
|
- --so-pin=$SO_PIN
|
|
{{- if .Values.controllerExtraArgs }}
|
|
{{- with .Values.controllerExtraArgs }}
|
|
{{- tpl . $ | trim | indent 8 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
command:
|
|
- /tcs-issuer
|
|
env:
|
|
- name: USER_PIN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: userpin
|
|
name: tcs-issuer-pkcs11-conf
|
|
- name: SO_PIN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: sopin
|
|
name: tcs-issuer-pkcs11-conf
|
|
name: {{ .Chart.Name }}
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
readOnlyRootFilesystem: true
|
|
image: "{{ .Values.image.hub }}/{{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
ports:
|
|
- name: http
|
|
containerPort: 80
|
|
protocol: TCP
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8083
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 180
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: 8083
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 5
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
volumeMounts:
|
|
- mountPath: /home/tcs-issuer/tokens
|
|
name: tokens-dir
|
|
initContainers:
|
|
- command:
|
|
- /bin/chown
|
|
- -R
|
|
- 5000:5000
|
|
- /home/tcs-issuer/tokens
|
|
image: busybox
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
name: init
|
|
volumeMounts:
|
|
- mountPath: /home/tcs-issuer/tokens
|
|
name: tokens-dir
|
|
volumes:
|
|
- hostPath:
|
|
path: /var/lib/tcs-issuer/tokens
|
|
type: DirectoryOrCreate
|
|
name: tokens-dir
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|