github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/charts/gateways/templates/deployment.yaml (about) 1 {{- range $key, $spec := .Values }} 2 {{- if and (ne $key "global") (ne $key "enabled") }} 3 {{- if $spec.enabled }} 4 apiVersion: extensions/v1beta1 5 kind: Deployment 6 metadata: 7 name: {{ $key }} 8 namespace: {{ $spec.namespace | default $.Release.Namespace }} 9 labels: 10 chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} 11 release: {{ $.Release.Name }} 12 heritage: {{ $.Release.Service }} 13 {{- range $key, $val := $spec.labels }} 14 {{ $key }}: {{ $val }} 15 {{- end }} 16 spec: 17 replicas: {{ $spec.replicaCount }} 18 template: 19 metadata: 20 labels: 21 {{- range $key, $val := $spec.labels }} 22 {{ $key }}: {{ $val }} 23 {{- end }} 24 annotations: 25 sidecar.istio.io/inject: "false" 26 scheduler.alpha.kubernetes.io/critical-pod: "" 27 spec: 28 serviceAccountName: {{ $key }}-service-account 29 {{- if $.Values.global.priorityClassName }} 30 priorityClassName: "{{ $.Values.global.priorityClassName }}" 31 {{- end }} 32 {{- if $.Values.global.proxy.enableCoreDump }} 33 initContainers: 34 - name: enable-core-dump 35 {{- if contains "/" $.Values.global.proxy_init.image }} 36 image: "{{ $.Values.global.proxy_init.image }}" 37 {{- else }} 38 image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy_init.image }}:{{ $.Values.global.tag }}" 39 {{- end }} 40 imagePullPolicy: IfNotPresent 41 command: 42 - /bin/sh 43 args: 44 - -c 45 - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited 46 securityContext: 47 privileged: true 48 {{- end }} 49 containers: 50 - name: istio-proxy 51 {{- if contains "/" $.Values.global.proxy.image }} 52 image: "{{ $.Values.global.proxy.image }}" 53 {{- else }} 54 image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}" 55 {{- end }} 56 imagePullPolicy: {{ $.Values.global.imagePullPolicy }} 57 ports: 58 {{- range $key, $val := $spec.ports }} 59 - containerPort: {{ $val.port }} 60 {{- end }} 61 {{ if ne $.Values.global.proxy.stats.prometheusPort 0. }} 62 - containerPort: {{ $.Values.global.proxy.stats.prometheusPort }} 63 protocol: TCP 64 name: http-envoy-prom 65 {{ end }} 66 args: 67 - proxy 68 - router 69 - -v 70 - "2" 71 - --discoveryRefreshDelay 72 - '1s' #discoveryRefreshDelay 73 - --drainDuration 74 - '45s' #drainDuration 75 - --parentShutdownDuration 76 - '1m0s' #parentShutdownDuration 77 - --connectTimeout 78 - '10s' #connectTimeout 79 - --serviceCluster 80 - {{ $key }} 81 - --zipkinAddress 82 {{- if $.Values.global.istioNamespace }} 83 - zipkin.{{ $.Values.global.istioNamespace }}:9411 84 {{- else }} 85 - zipkin:9411 86 {{- end }} 87 {{- if $.Values.global.proxy.envoyStatsd.enabled }} 88 - --statsdUdpAddress 89 - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }} 90 {{- end }} 91 - --proxyAdminPort 92 - "15000" 93 {{- if $.Values.global.controlPlaneSecurityEnabled }} 94 - --controlPlaneAuthPolicy 95 - MUTUAL_TLS 96 - --discoveryAddress 97 {{- if $.Values.global.istioNamespace }} 98 - istio-pilot.{{ $.Values.global.istioNamespace }}:15005 99 {{- else }} 100 - istio-pilot:15005 101 {{- end }} 102 {{- else }} 103 - --controlPlaneAuthPolicy 104 - NONE 105 - --discoveryAddress 106 {{- if $.Values.global.istioNamespace }} 107 - istio-pilot.{{ $.Values.global.istioNamespace }}:8080 108 {{- else }} 109 - istio-pilot:8080 110 {{- end }} 111 {{- end }} 112 resources: 113 {{- if $spec.resources }} 114 {{ toYaml $spec.resources | indent 12 }} 115 {{- else }} 116 {{ toYaml $.Values.global.defaultResources | indent 12 }} 117 {{- end }} 118 env: 119 - name: POD_NAME 120 valueFrom: 121 fieldRef: 122 apiVersion: v1 123 fieldPath: metadata.name 124 - name: POD_NAMESPACE 125 valueFrom: 126 fieldRef: 127 apiVersion: v1 128 fieldPath: metadata.namespace 129 - name: INSTANCE_IP 130 valueFrom: 131 fieldRef: 132 apiVersion: v1 133 fieldPath: status.podIP 134 - name: ISTIO_META_POD_NAME 135 valueFrom: 136 fieldRef: 137 fieldPath: metadata.name 138 volumeMounts: 139 - name: istio-certs 140 mountPath: /etc/certs 141 readOnly: true 142 {{- range $spec.secretVolumes }} 143 - name: {{ .name }} 144 mountPath: {{ .mountPath | quote }} 145 readOnly: true 146 {{- end }} 147 {{- if $spec.additionalContainers }} 148 {{ toYaml $spec.additionalContainers | indent 8 }} 149 {{- end }} 150 volumes: 151 - name: istio-certs 152 secret: 153 secretName: istio.{{ $key }}-service-account 154 optional: true 155 {{- range $spec.secretVolumes }} 156 - name: {{ .name }} 157 secret: 158 secretName: {{ .secretName | quote }} 159 optional: true 160 {{- end }} 161 {{- range $spec.configVolumes }} 162 - name: {{ .name }} 163 configMap: 164 name: {{ .configMapName | quote }} 165 optional: true 166 {{- end }} 167 affinity: 168 {{- include "nodeaffinity" $ | indent 6 }} 169 --- 170 {{- end }} 171 {{- end }} 172 {{- end }}