{{- if .Values.envoy.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "envoy.appName" . }} labels: {{ include "envoy.labels" . | indent 4 }} spec: {{- if not .Values.envoy.autoscaling.enabled }} replicas: {{ .Values.envoy.replicaCount }} {{- end }} selector: matchLabels: {{- include "envoy.selectorLabels" . | nindent 6 }} strategy: type: {{ .Values.envoy.strategy.type }} rollingUpdate: maxSurge: {{ .Values.envoy.strategy.rollingUpdate.maxSurge }} maxUnavailable: {{ .Values.envoy.strategy.rollingUpdate.maxUnavailable }} template: metadata: labels: {{- include "envoy.selectorLabels" . | nindent 8 }} {{- if .Values.envoy.podLabels }} ## Custom pod labels {{- range $key, $value := .Values.envoy.podLabels }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} annotations: checksum/config: {{ include (print .Template.BasePath "/envoy/configmap.yaml") . | sha256sum }} {{- if .Values.envoy.podAnnotations }} ## Custom pod annotations {{- range $key, $value := .Values.envoy.podAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: {{- with .Values.global.image.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.envoy.podSecurityContextEnabled }} securityContext: {{ toYaml .Values.envoy.podSecurityContext | nindent 8 }} {{- end }} {{- if .Values.envoy.serviceAccount.enabled }} serviceAccountName: {{ include "envoy.serviceAccountName" . }} {{- end }} terminationGracePeriodSeconds: {{ .Values.envoy.terminationGracePeriodSeconds }} #forces the use of tcp for dns resolutions dnsConfig: options: - name: use-vc {{- if .Values.fluentBit.enabled }} {{- include "dataplane.createLogDirectoryInitContainer" (dict "serviceName" "envoy" "securityContext" .Values.envoy.securityContext "additionalPathParam" "" "root" .) | nindent 6 }} {{- end }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.envoy.securityContext | nindent 12 }} image: "{{ default .Values.global.image.repository .Values.envoy.image.repository }}/{{ .Values.envoy.image.name }}:{{ .Values.envoy.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.global.image.pullPolicy }} envFrom: - secretRef: name: {{ .Values.common.clusterDetails.name }} - configMapRef: name: configmap-common command: {{ toYaml .Values.envoy.command | nindent 12 }} args: {{- if $.Values.envoy.argsTemplate }} {{ tpl $.Values.envoy.argsTemplate $ | nindent 12}} {{- else }} {{ toYaml .Values.envoy.args | nindent 12 }} {{- end }} ports: {{- with .Values.envoy.adminPorts }} {{- range $key, $port := . }} - name: {{ $key }} {{ toYaml $port | nindent 14 }} {{- end }} {{- end }} {{- if .Values.global.multihost.enabled }} - name: ssh protocol: TCP containerPort: 2222 - name: tls protocol: TCP containerPort: 8443 - name: http protocol: TCP containerPort: 9080 {{- else }} {{- with .Values.envoy.ports }} {{- range $key, $port := . }} - name: {{ $key }} {{ toYaml $port | nindent 14 }} {{- end }} {{- end }} {{- end }} livenessProbe: {{- toYaml .Values.envoy.livenessProbe | nindent 12 }} startupProbe: {{- toYaml .Values.envoy.startupProbe | nindent 12 }} readinessProbe: {{- toYaml .Values.envoy.readinessProbe | nindent 12 }} env: - name: server_truststore_password valueFrom: secretKeyRef: key: password name: certificate-password - name: server_cert_password valueFrom: secretKeyRef: key: password name: certificate-password - name: sftp_server_cert_password valueFrom: secretKeyRef: key: password name: certificate-password - name: LOGLEVEL value: "{{ .Values.envoy.logLevel }}" {{- with .Values.envoy.env }} {{- toYaml . | nindent 12 }} {{- end }} resources: {{ toYaml .Values.envoy.resources | nindent 12 }} volumeMounts: - name: config mountPath: /config - name: {{ .Values.global.volumeStorageName }} mountPath: /efs {{- range $key, $value := .Values.envoy.secretMounts }} - name: {{ $key }} mountPath: {{ $value.mountPath }} {{- end }} - mountPath: "/certificate/{{ .Values.common.certificate.name }}" subPath: {{ .Values.common.certificate.name }} name: domain-certificate lifecycle: {{ toYaml .Values.envoy.lifecycle | nindent 12 }} {{- with .Values.envoy.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} {{- with .Values.envoy.affinity }} affinity: {{ toYaml . | nindent 8 }} {{- end }} {{- with .Values.envoy.tolerations }} tolerations: {{ toYaml . | nindent 8 }} {{- end }} volumes: - name: config projected: defaultMode: 420 sources: - configMap: name: {{ template "envoy.appName" . }} - name: workdir emptyDir: {} - name: {{ .Values.global.volumeStorageName }} persistentVolumeClaim: claimName: {{ .Release.Namespace }}-{{ .Values.global.claimName }} {{- range $key, $value := .Values.envoy.secretMounts }} - name: {{ $key }} secret: secretName: {{ $value.secretName }} defaultMode: {{ $value.defaultMode }} {{- end }} - name: cert emptyDir: {} - name: domain-certificate secret: secretName: domain-certificate items: - key: {{ .Values.common.certificate.name }} path: {{ .Values.common.certificate.name }} {{- end }}