github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/charts/gateways/templates/deployment.yaml

{{- range $key, $spec := .Values }}
{{- if and (ne $key "global") (ne $key "enabled") }}
{{- if $spec.enabled }}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: {{ $key }}
  namespace: {{ $spec.namespace | default $.Release.Namespace }}
  labels:
    chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }}
    release: {{ $.Release.Name }}
    heritage: {{ $.Release.Service }}
    {{- range $key, $val := $spec.labels }}
    {{ $key }}: {{ $val }}
    {{- end }}
spec:
  replicas: {{ $spec.replicaCount }}
  template:
    metadata:
      labels:
        {{- range $key, $val := $spec.labels }}
        {{ $key }}: {{ $val }}
        {{- end }}
      annotations:
        sidecar.istio.io/inject: "false"
        scheduler.alpha.kubernetes.io/critical-pod: ""
    spec:
      serviceAccountName: {{ $key }}-service-account
{{- if $.Values.global.priorityClassName }}
      priorityClassName: "{{ $.Values.global.priorityClassName }}"
{{- end }}
{{- if $.Values.global.proxy.enableCoreDump }}
      initContainers:
        - name: enable-core-dump
{{- if contains "/" $.Values.global.proxy_init.image }}
          image: "{{ $.Values.global.proxy_init.image }}"
{{- else }}
          image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy_init.image }}:{{ $.Values.global.tag }}"
{{- end }}
          imagePullPolicy: IfNotPresent
          command:
            - /bin/sh
          args:
            - -c
            - sysctl -w kernel.core_pattern=/var/lib/istio/core.proxy && ulimit -c unlimited
          securityContext:
            privileged: true
{{- end }}
      containers:
        - name: istio-proxy
{{- if contains "/" $.Values.global.proxy.image }}
          image: "{{ $.Values.global.proxy.image }}"
{{- else }}
          image: "{{ $.Values.global.hub }}/{{ $.Values.global.proxy.image }}:{{ $.Values.global.tag }}"
{{- end }}
          imagePullPolicy: {{ $.Values.global.imagePullPolicy }}
          ports:
            {{- range $key, $val := $spec.ports }}
            - containerPort: {{ $val.port }}
            {{- end }}
{{ if ne $.Values.global.proxy.stats.prometheusPort 0. }}
            - containerPort: {{ $.Values.global.proxy.stats.prometheusPort }}
              protocol: TCP
              name: http-envoy-prom
{{ end }}
          args:
          - proxy
          - router
          - -v
          - "2"
          - --discoveryRefreshDelay
          - '1s' #discoveryRefreshDelay
          - --drainDuration
          - '45s' #drainDuration
          - --parentShutdownDuration
          - '1m0s' #parentShutdownDuration
          - --connectTimeout
          - '10s' #connectTimeout
          - --serviceCluster
          - {{ $key }}
          - --zipkinAddress
        {{- if $.Values.global.istioNamespace }}
          - zipkin.{{ $.Values.global.istioNamespace }}:9411
        {{- else }}
          - zipkin:9411
        {{- end }}
        {{- if $.Values.global.proxy.envoyStatsd.enabled }}
          - --statsdUdpAddress
          - {{ $.Values.global.proxy.envoyStatsd.host }}:{{ $.Values.global.proxy.envoyStatsd.port }}
        {{- end }}
          - --proxyAdminPort
          - "15000"
        {{- if $.Values.global.controlPlaneSecurityEnabled }}
          - --controlPlaneAuthPolicy
          - MUTUAL_TLS
          - --discoveryAddress
          {{- if $.Values.global.istioNamespace }}
          - istio-pilot.{{ $.Values.global.istioNamespace }}:15005
          {{- else }}
          - istio-pilot:15005
          {{- end }}
        {{- else }}
          - --controlPlaneAuthPolicy
          - NONE
          - --discoveryAddress
          {{- if $.Values.global.istioNamespace }}
          - istio-pilot.{{ $.Values.global.istioNamespace }}:8080
          {{- else }}
          - istio-pilot:8080
          {{- end }}
        {{- end }}
          resources:
{{- if $spec.resources }}
{{ toYaml $spec.resources | indent 12 }}
{{- else }}
{{ toYaml $.Values.global.defaultResources | indent 12 }}
{{- end }}
          env:
          - name: POD_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          - name: INSTANCE_IP
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: status.podIP
          - name: ISTIO_META_POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          volumeMounts:
          - name: istio-certs
            mountPath: /etc/certs
            readOnly: true
          {{- range $spec.secretVolumes }}
          - name: {{ .name }}
            mountPath: {{ .mountPath | quote }}
            readOnly: true
          {{- end }}
{{- if $spec.additionalContainers }}
{{ toYaml $spec.additionalContainers | indent 8 }}
{{- end }}
      volumes:
      - name: istio-certs
        secret:
          secretName: istio.{{ $key }}-service-account
          optional: true
      {{- range $spec.secretVolumes }}
      - name: {{ .name }}
        secret:
          secretName: {{ .secretName | quote }}
          optional: true
      {{- end }}
      {{- range $spec.configVolumes }}
      - name: {{ .name }}
        configMap:
          name: {{ .configMapName | quote }}
          optional: true
      {{- end }}
      affinity:
      {{- include "nodeaffinity" $ | indent 6 }}
---
{{- end }}
{{- end }}
{{- end }}