github.com/oam-dev/cluster-gateway@v1.9.0/charts/cluster-gateway/templates/cluster-gateway-apiserver.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: gateway-deployment 5 namespace: {{ .Release.Namespace }} 6 labels: 7 app: gateway 8 spec: 9 replicas: {{ .Values.replicas }} 10 selector: 11 matchLabels: 12 app: gateway 13 template: 14 metadata: 15 labels: 16 app: gateway 17 spec: 18 serviceAccount: cluster-gateway 19 volumes: 20 - name: proxy-client 21 secret: 22 secretName: proxy-client 23 - name: proxy-server-ca 24 secret: 25 secretName: proxy-server-ca 26 containers: 27 - name: gateway 28 image: {{ .Values.image }}:{{ .Values.tag | default (print "v" .Chart.Version) }} 29 imagePullPolicy: IfNotPresent 30 args: 31 - --secure-port=9443 32 - --secret-namespace={{ .Values.secretNamespace }} 33 {{ if .Values.ocmIntegration.enabled }} 34 - --ocm-integration=true 35 {{ if .Values.ocmIntegration.clusterProxy.enabled }} 36 - --proxy-host={{ .Values.ocmIntegration.clusterProxy.endpoint.host }} 37 - --proxy-port={{ .Values.ocmIntegration.clusterProxy.endpoint.port }} 38 - --proxy-ca-cert=/etc/ca/ca.crt 39 - --proxy-cert=/etc/tls/tls.crt 40 - --proxy-key=/etc/tls/tls.key 41 {{ end }} 42 {{ end }} 43 - --feature-gates={{ if .Values.featureGate.healthiness }}HealthinessCheck=true,{{ end }}{{ if .Values.featureGate.secretCache }}SecretCache=true,{{ end }} 44 # TODO: certificate rotation, otherwise the self-signed will expire in 1 year 45 {{ if .Values.ocmIntegration.clusterProxy.enabled }} 46 volumeMounts: 47 - name: proxy-client 48 mountPath: "/etc/tls/" 49 readOnly: true 50 - name: proxy-server-ca 51 mountPath: "/etc/ca/" 52 readOnly: true 53 {{ end }} 54 ports: 55 - containerPort: 9443