181 lines
6.6 KiB
YAML
181 lines
6.6 KiB
YAML
{{- if .Values.envoy.enabled }}
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ template "envoy.appName" . }}
|
|
labels:
|
|
{{ include "envoy.labels" . | indent 4 }}
|
|
spec:
|
|
{{- if not .Values.envoy.autoscaling.enabled }}
|
|
replicas: {{ .Values.envoy.replicaCount }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "envoy.selectorLabels" . | nindent 6 }}
|
|
strategy:
|
|
type: {{ .Values.envoy.strategy.type }}
|
|
rollingUpdate:
|
|
maxSurge: {{ .Values.envoy.strategy.rollingUpdate.maxSurge }}
|
|
maxUnavailable: {{ .Values.envoy.strategy.rollingUpdate.maxUnavailable }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
{{- include "envoy.selectorLabels" . | nindent 8 }}
|
|
{{- if .Values.envoy.podLabels }}
|
|
## Custom pod labels
|
|
{{- range $key, $value := .Values.envoy.podLabels }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
annotations:
|
|
checksum/config: {{ include (print .Template.BasePath "/envoy/configmap.yaml") . | sha256sum }}
|
|
{{- if .Values.envoy.podAnnotations }}
|
|
## Custom pod annotations
|
|
{{- range $key, $value := .Values.envoy.podAnnotations }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
spec:
|
|
{{- with .Values.global.image.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.envoy.podSecurityContextEnabled }}
|
|
securityContext:
|
|
{{ toYaml .Values.envoy.podSecurityContext | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.envoy.serviceAccount.enabled }}
|
|
serviceAccountName: {{ include "envoy.serviceAccountName" . }}
|
|
{{- end }}
|
|
terminationGracePeriodSeconds: {{ .Values.envoy.terminationGracePeriodSeconds }}
|
|
#forces the use of tcp for dns resolutions
|
|
dnsConfig:
|
|
options:
|
|
- name: use-vc
|
|
{{- if .Values.fluentBit.enabled }}
|
|
{{- include "dataplane.createLogDirectoryInitContainer" (dict "serviceName" "envoy" "securityContext" .Values.envoy.securityContext "additionalPathParam" "" "root" .) | nindent 6 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
{{- toYaml .Values.envoy.securityContext | nindent 12 }}
|
|
image: "{{ default .Values.global.image.repository .Values.envoy.image.repository }}/{{ .Values.envoy.image.name }}:{{ .Values.envoy.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
|
|
envFrom:
|
|
- secretRef:
|
|
name: {{ .Values.common.clusterDetails.name }}
|
|
- configMapRef:
|
|
name: configmap-common
|
|
command:
|
|
{{ toYaml .Values.envoy.command | nindent 12 }}
|
|
args:
|
|
{{- if $.Values.envoy.argsTemplate }}
|
|
{{ tpl $.Values.envoy.argsTemplate $ | nindent 12}}
|
|
{{- else }}
|
|
{{ toYaml .Values.envoy.args | nindent 12 }}
|
|
{{- end }}
|
|
ports:
|
|
{{- with .Values.envoy.adminPorts }}
|
|
{{- range $key, $port := . }}
|
|
- name: {{ $key }}
|
|
{{ toYaml $port | nindent 14 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if .Values.global.multihost.enabled }}
|
|
- name: ssh
|
|
protocol: TCP
|
|
containerPort: 2222
|
|
- name: tls
|
|
protocol: TCP
|
|
containerPort: 8443
|
|
- name: http
|
|
protocol: TCP
|
|
containerPort: 9080
|
|
{{- else }}
|
|
{{- with .Values.envoy.ports }}
|
|
{{- range $key, $port := . }}
|
|
- name: {{ $key }}
|
|
{{ toYaml $port | nindent 14 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
livenessProbe: {{- toYaml .Values.envoy.livenessProbe | nindent 12 }}
|
|
startupProbe: {{- toYaml .Values.envoy.startupProbe | nindent 12 }}
|
|
readinessProbe: {{- toYaml .Values.envoy.readinessProbe | nindent 12 }}
|
|
env:
|
|
- name: server_truststore_password
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: password
|
|
name: certificate-password
|
|
- name: server_cert_password
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: password
|
|
name: certificate-password
|
|
- name: sftp_server_cert_password
|
|
valueFrom:
|
|
secretKeyRef:
|
|
key: password
|
|
name: certificate-password
|
|
- name: LOGLEVEL
|
|
value: "{{ .Values.envoy.logLevel }}"
|
|
{{- with .Values.envoy.env }}
|
|
{{- toYaml . | nindent 12 }}
|
|
{{- end }}
|
|
resources:
|
|
{{ toYaml .Values.envoy.resources | nindent 12 }}
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /config
|
|
- name: {{ .Values.global.volumeStorageName }}
|
|
mountPath: /efs
|
|
{{- range $key, $value := .Values.envoy.secretMounts }}
|
|
- name: {{ $key }}
|
|
mountPath: {{ $value.mountPath }}
|
|
{{- end }}
|
|
- mountPath: "/certificate/{{ .Values.common.certificate.name }}"
|
|
subPath: {{ .Values.common.certificate.name }}
|
|
name: domain-certificate
|
|
lifecycle:
|
|
{{ toYaml .Values.envoy.lifecycle | nindent 12 }}
|
|
{{- with .Values.envoy.nodeSelector }}
|
|
nodeSelector:
|
|
{{ toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.envoy.affinity }}
|
|
affinity:
|
|
{{ toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.envoy.tolerations }}
|
|
tolerations:
|
|
{{ toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
- name: config
|
|
projected:
|
|
defaultMode: 420
|
|
sources:
|
|
- configMap:
|
|
name: {{ template "envoy.appName" . }}
|
|
- name: workdir
|
|
emptyDir: {}
|
|
- name: {{ .Values.global.volumeStorageName }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Release.Namespace }}-{{ .Values.global.claimName }}
|
|
{{- range $key, $value := .Values.envoy.secretMounts }}
|
|
- name: {{ $key }}
|
|
secret:
|
|
secretName: {{ $value.secretName }}
|
|
defaultMode: {{ $value.defaultMode }}
|
|
{{- end }}
|
|
- name: cert
|
|
emptyDir: {}
|
|
- name: domain-certificate
|
|
secret:
|
|
secretName: domain-certificate
|
|
items:
|
|
- key: {{ .Values.common.certificate.name }}
|
|
path: {{ .Values.common.certificate.name }}
|
|
{{- end }}
|