github.com/Azure/aad-pod-identity@v1.8.17/charts/aad-pod-identity/templates/mic-deployment.yaml (about) 1 {{- if eq .Values.operationMode "standard" }} 2 apiVersion: apps/v1 3 kind: Deployment 4 metadata: 5 name: {{ template "aad-pod-identity.mic.fullname" . }} 6 namespace: {{ .Release.Namespace }} 7 labels: 8 {{- include "aad-pod-identity.labels" . | nindent 4 }} 9 app.kubernetes.io/component: mic 10 annotations: 11 description: {{ .Chart.Description }} 12 spec: 13 replicas: {{ .Values.mic.replicas }} 14 selector: 15 matchLabels: 16 {{- include "aad-pod-identity.selectors" . | nindent 6 }} 17 app.kubernetes.io/component: mic 18 template: 19 metadata: 20 labels: 21 {{- include "aad-pod-identity.labels" . | nindent 8 }} 22 app.kubernetes.io/component: mic 23 {{- if .Values.mic.podLabels }} 24 {{- toYaml .Values.mic.podLabels | nindent 8 }} 25 {{- end }} 26 annotations: 27 checksum/config: {{ include (print $.Template.BasePath "/mic-secret.yaml") . | sha256sum }} 28 {{- if .Values.mic.podAnnotations }} 29 {{ toYaml .Values.mic.podAnnotations | nindent 8 }} 30 {{- end }} 31 spec: 32 {{- if .Values.imagePullSecrets }} 33 imagePullSecrets: 34 {{ toYaml .Values.imagePullSecrets | indent 8 }} 35 {{- end }} 36 {{- if .Values.rbac.enabled }} 37 serviceAccountName: {{ template "aad-pod-identity.mic.fullname" . }} 38 {{- end }} 39 {{- if .Values.mic.priorityClassName }} 40 priorityClassName: {{ .Values.mic.priorityClassName | quote }} 41 {{- end }} 42 containers: 43 - name: mic 44 image: "{{ .Values.image.repository }}/{{ .Values.mic.image }}:{{ .Values.mic.tag }}" 45 imagePullPolicy: {{ .Values.image.imagePullPolicy }} 46 args: 47 {{- if not .Values.adminsecret }} 48 - "--cloudconfig={{ .Values.mic.cloudConfig }}" 49 {{- end }} 50 - "--logtostderr" 51 {{- if .Values.mic.loggingFormat }} 52 - --log-format={{ .Values.mic.loggingFormat }} 53 {{- end}} 54 {{- if .Values.mic.logVerbosity }} 55 - -v={{ .Values.mic.logVerbosity }} 56 {{- end }} 57 {{- if .Values.mic.leaderElection.instance }} 58 - --leader-election-instance={{ .Values.mic.leaderElection.instance }} 59 {{- end }} 60 {{- if .Values.mic.leaderElection.namespace }} 61 - --leader-election-namespace={{ .Values.mic.leaderElection.namespace }} 62 {{- end }} 63 {{- if .Values.mic.leaderElection.name }} 64 - --leader-election-name={{ .Values.mic.leaderElection.name }} 65 {{- end }} 66 {{- if .Values.mic.leaderElection.duration }} 67 - --leader-election-duration={{ .Values.mic.leaderElection.duration }} 68 {{- end }} 69 {{- if .Values.mic.probePort }} 70 - --http-probe-port={{ .Values.mic.probePort }} 71 {{- end }} 72 {{- if .Values.mic.createDeleteBatch }} 73 - --createDeleteBatch={{ .Values.mic.createDeleteBatch }} 74 {{- end }} 75 {{- if .Values.mic.clientQps }} 76 - --clientQps={{ .Values.mic.clientQps }} 77 {{- end }} 78 {{- if .Values.mic.immutableUserMSIs }} 79 - "--immutable-user-msis={{- join "," .Values.mic.immutableUserMSIs}}" 80 {{- end }} 81 {{- if .Values.mic.prometheusPort }} 82 - --prometheus-port={{ .Values.mic.prometheusPort }} 83 {{- end }} 84 {{- if.Values.mic.syncRetryDuration }} 85 - --syncRetryDuration={{ .Values.mic.syncRetryDuration }} 86 {{- end}} 87 {{- if .Values.mic.updateUserMSIMaxRetry }} 88 - --update-user-msi-max-retry={{ .Values.mic.updateUserMSIMaxRetry }} 89 {{- end }} 90 {{- if .Values.mic.updateUserMSIRetryInterval }} 91 - --update-user-msi-retry-interval={{ .Values.mic.updateUserMSIRetryInterval }} 92 {{- end }} 93 {{- if .Values.mic.identityAssignmentReconcileInterval }} 94 - --identity-assignment-reconcile-interval={{ .Values.mic.identityAssignmentReconcileInterval }} 95 {{- end }} 96 {{- if .Values.customUserAgent }} 97 - --custom-user-agent={{ .Values.customUserAgent }} 98 {{- end }} 99 securityContext: 100 {{- if not .Values.adminsecret }} 101 runAsUser: 0 102 {{- end }} 103 readOnlyRootFilesystem: true 104 env: 105 - name: MIC_POD_NAMESPACE 106 valueFrom: 107 fieldRef: 108 fieldPath: metadata.namespace 109 - name: FORCENAMESPACED 110 value: "{{ .Values.forceNamespaced }}" 111 {{- if .Values.adminsecret }} 112 - name: CLOUD 113 valueFrom: 114 secretKeyRef: 115 key: Cloud 116 name: {{ template "aad-pod-identity.mic.fullname" . }} 117 - name: SUBSCRIPTION_ID 118 valueFrom: 119 secretKeyRef: 120 key: SubscriptionID 121 name: {{ template "aad-pod-identity.mic.fullname" . }} 122 - name: RESOURCE_GROUP 123 valueFrom: 124 secretKeyRef: 125 key: ResourceGroup 126 name: {{ template "aad-pod-identity.mic.fullname" . }} 127 - name: VM_TYPE 128 valueFrom: 129 secretKeyRef: 130 key: VMType 131 name: {{ template "aad-pod-identity.mic.fullname" . }} 132 - name: TENANT_ID 133 valueFrom: 134 secretKeyRef: 135 key: TenantID 136 name: {{ template "aad-pod-identity.mic.fullname" . }} 137 - name: CLIENT_ID 138 valueFrom: 139 secretKeyRef: 140 key: ClientID 141 name: {{ template "aad-pod-identity.mic.fullname" . }} 142 - name: CLIENT_SECRET 143 valueFrom: 144 secretKeyRef: 145 key: ClientSecret 146 name: {{ template "aad-pod-identity.mic.fullname" . }} 147 {{- if .Values.adminsecret.useMSI }} 148 - name: USE_MSI 149 valueFrom: 150 secretKeyRef: 151 key: UseMSI 152 name: {{ template "aad-pod-identity.mic.fullname" . }} 153 - name: USER_ASSIGNED_MSI_CLIENT_ID 154 valueFrom: 155 secretKeyRef: 156 key: UserAssignedMSIClientID 157 name: {{ template "aad-pod-identity.mic.fullname" . }} 158 {{- end }} 159 {{- end }} 160 {{- if .Values.mic.customCloud.enabled }} 161 - name: AZURE_ENVIRONMENT_FILEPATH 162 value: "{{ .Values.mic.customCloud.configPath }}" 163 {{- end }} 164 {{- if .Values.mic.prometheusPort }} 165 ports: 166 - containerPort: {{ .Values.mic.prometheusPort }} 167 name: metrics 168 protocol: TCP 169 {{- end }} 170 {{- if or (not .Values.adminsecret) .Values.mic.customCloud.enabled }} 171 volumeMounts: 172 {{- if not .Values.adminsecret }} 173 - name: k8s-azure-file 174 mountPath: {{ .Values.mic.cloudConfig }} 175 readOnly: true 176 {{- end }} 177 {{- if .Values.mic.customCloud.enabled }} 178 - name: custom-env-file 179 mountPath: {{ .Values.mic.customCloud.configPath }} 180 readOnly: true 181 {{- end }} 182 {{- end }} 183 livenessProbe: 184 httpGet: 185 path: /healthz 186 {{- if .Values.mic.probePort }} 187 port: {{ .Values.mic.probePort }} 188 {{- else }} 189 port: 8080 190 {{- end }} 191 initialDelaySeconds: 10 192 periodSeconds: 5 193 {{- with .Values.mic.resources }} 194 resources: 195 {{ toYaml . | indent 12 }} 196 {{- end }} 197 {{- if or (not .Values.adminsecret) .Values.mic.customCloud.enabled }} 198 volumes: 199 {{- if not .Values.adminsecret }} 200 - name: k8s-azure-file 201 hostPath: 202 path: {{ .Values.mic.cloudConfig }} 203 {{- end }} 204 {{- if .Values.mic.customCloud.enabled }} 205 - name: custom-env-file 206 hostPath: 207 path: {{ .Values.mic.customCloud.configPath }} 208 {{- end }} 209 {{- end }} 210 {{- with .Values.mic.nodeSelector }} 211 nodeSelector: 212 {{ toYaml . | indent 8 }} 213 {{- end }} 214 {{- with .Values.mic.affinity }} 215 affinity: 216 {{ toYaml . | indent 8 }} 217 {{- end }} 218 {{- with .Values.mic.tolerations }} 219 tolerations: 220 {{ toYaml . | indent 8 }} 221 {{- end }} 222 {{- with .Values.mic.topologySpreadConstraints }} 223 topologySpreadConstraints: 224 {{ toYaml . | indent 8 }} 225 {{- end }} 226 {{- end -}}