github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/charts/security/templates/deployment.yaml

github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/charts/security/templates/deployment.yaml (about)

     1  # istio CA watching all namespaces
     2  apiVersion: extensions/v1beta1
     3  kind: Deployment
     4  metadata:
     5    name: istio-citadel
     6    namespace: {{ .Release.Namespace }}
     7    labels:
     8      app: {{ template "security.name" . }}
     9      chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    10      release: {{ .Release.Name }}
    11      heritage: {{ .Release.Service }}
    12      istio: citadel
    13  spec:
    14    replicas: {{ .Values.replicaCount }}
    15    template:
    16      metadata:
    17        labels:
    18          istio: citadel
    19        annotations:
    20          sidecar.istio.io/inject: "false"
    21          scheduler.alpha.kubernetes.io/critical-pod: ""
    22      spec:
    23        serviceAccountName: istio-citadel-service-account
    24  {{- if .Values.global.priorityClassName }}
    25        priorityClassName: "{{ .Values.global.priorityClassName }}"
    26  {{- end }}
    27        containers:
    28          - name: citadel
    29            image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
    30            imagePullPolicy: {{ .Values.global.imagePullPolicy }}
    31            args:
    32              - --append-dns-names=true
    33              - --grpc-port=8060
    34              - --grpc-hostname=citadel
    35              - --citadel-storage-namespace={{ .Release.Namespace }}
    36              - --custom-dns-names=istio-pilot-service-account.{{ .Release.Namespace }}:istio-pilot.{{ .Release.Namespace }},istio-ingressgateway-service-account.{{ .Release.Namespace }}:istio-ingressgateway.{{ .Release.Namespace }}
    37            {{- if .Values.selfSigned }}
    38              - --self-signed-ca=true
    39            {{- else }}
    40              - --self-signed-ca=false
    41              - --signing-cert=/etc/cacerts/ca-cert.pem
    42              - --signing-key=/etc/cacerts/ca-key.pem
    43              - --root-cert=/etc/cacerts/root-cert.pem
    44              - --cert-chain=/etc/cacerts/cert-chain.pem
    45            {{- end }}
    46            resources:
    47  {{- if .Values.resources }}
    48  {{ toYaml .Values.resources | indent 12 }}
    49  {{- else }}
    50  {{ toYaml .Values.global.defaultResources | indent 12 }}
    51  {{- end }}
    52  {{- if not .Values.selfSigned }}
    53            volumeMounts:
    54            - name: cacerts
    55              mountPath: /etc/cacerts
    56              readOnly: true
    57        volumes:
    58        - name: cacerts
    59          secret:
    60           secretName: cacerts
    61           optional: true
    62  {{- end }}
    63        affinity:
    64        {{- include "nodeaffinity" . | indent 6 }}