github.com/replicatedhq/ship@v0.55.0/integration/failing/init/concourse/expected/.ship/upstream/templates/web-deployment.yaml (about) 1 apiVersion: extensions/v1beta1 2 kind: Deployment 3 metadata: 4 name: {{ template "concourse.web.fullname" . }} 5 labels: 6 app: {{ template "concourse.web.fullname" . }} 7 chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 release: "{{ .Release.Name }}" 9 heritage: "{{ .Release.Service }}" 10 spec: 11 replicas: {{ .Values.web.replicas }} 12 template: 13 metadata: 14 labels: 15 app: {{ template "concourse.web.fullname" . }} 16 release: "{{ .Release.Name }}" 17 annotations: 18 {{ toYaml .Values.web.annotations | indent 8 }} 19 spec: 20 {{- with .Values.web.nodeSelector }} 21 nodeSelector: 22 {{ toYaml . | indent 8 }} 23 {{- end }} 24 serviceAccountName: {{ if .Values.rbac.create }}{{ template "concourse.web.fullname" . }}{{ else }}{{ .Values.rbac.webServiceAccountName }}{{ end }} 25 tolerations: 26 {{ toYaml .Values.web.tolerations | indent 8 }} 27 {{- if .Values.imagePullSecrets }} 28 imagePullSecrets: 29 {{- range .Values.imagePullSecrets }} 30 - name: {{ . }} 31 {{- end }} 32 {{- end }} 33 containers: 34 - name: {{ template "concourse.web.fullname" . }} 35 {{- if .Values.imageDigest }} 36 image: "{{ .Values.image }}@{{ .Values.imageDigest }}" 37 {{- else }} 38 image: "{{ .Values.image }}:{{ .Values.imageTag }}" 39 {{- end }} 40 imagePullPolicy: {{ .Values.imagePullPolicy | quote }} 41 args: 42 - "web" 43 {{- if and (.Values.concourse.web.awsSecretsManager.enabled) (.Values.concourse.web.awsSecretsManager.region) }} 44 - '--aws-secretsmanager-region={{ .Values.concourse.web.awsSecretsManager.region | quote }}' 45 {{- end }} 46 {{- if and (.Values.concourse.web.awsSsm.enabled) (.Values.concourse.web.awsSsm.region) }} 47 - '--aws-ssm-region={{ .Values.concourse.web.awsSsm.region | quote }}' 48 {{- end }} 49 env: 50 {{- if .Values.concourse.web.logLevel }} 51 - name: CONCOURSE_LOG_LEVEL 52 value: {{ .Values.concourse.web.logLevel | quote }} 53 {{- end }} 54 {{- if .Values.concourse.web.bindPort }} 55 - name: CONCOURSE_BIND_PORT 56 value: {{ .Values.concourse.web.bindPort | quote }} 57 {{- end }} 58 {{- if .Values.concourse.web.bindIp }} 59 - name: CONCOURSE_BIND_IP 60 value: {{ .Values.concourse.web.bindIp | quote }} 61 {{- end }} 62 {{- if .Values.concourse.web.localAuth.enabled }} 63 - name: CONCOURSE_ADD_LOCAL_USER 64 valueFrom: 65 secretKeyRef: 66 name: {{ template "concourse.concourse.fullname" . }} 67 key: local-users 68 {{- end }} 69 {{- if .Values.concourse.web.tls.enabled }} 70 - name: CONCOURSE_TLS_BIND_PORT 71 value: {{ .Values.concourse.web.tls.bindPort | default "443" | quote }} 72 - name: CONCOURSE_TLS_CERT 73 value: "{{ .Values.web.tlsSecretsPath }}/client.cert" 74 - name: CONCOURSE_TLS_KEY 75 value: "{{ .Values.web.tlsSecretsPath }}/client.key" 76 {{- end }} 77 {{- if .Values.concourse.web.tls.enabled }} 78 - name: CONCOURSE_EXTERNAL_URL 79 value: {{ required "Must specify HTTPS external URL when concourse.web.tls.enabled is true" .Values.concourse.web.externalUrl | quote }} 80 {{- else }} 81 {{- if .Values.concourse.web.externalUrl }} 82 - name: CONCOURSE_EXTERNAL_URL 83 value: 84 value: {{ .Values.concourse.web.externalUrl | quote }} 85 {{- end }} 86 {{- end }} 87 {{- if .Values.concourse.web.peerUrl }} 88 - name: CONCOURSE_PEER_URL 89 value: {{ .Values.concourse.web.peerUrl | quote }} 90 {{- else }} 91 - name: POD_IP 92 valueFrom: 93 fieldRef: 94 fieldPath: status.podIP 95 - name: CONCOURSE_PEER_URL 96 value: "http://$(POD_IP):$(CONCOURSE_BIND_PORT)" 97 {{- end }} 98 {{- if .Values.concourse.web.encryption.enabled }} 99 - name: CONCOURSE_ENCRYPTION_KEY 100 valueFrom: 101 secretKeyRef: 102 name: {{ template "concourse.concourse.fullname" . }} 103 key: encryption-key 104 - name: CONCOURSE_OLD_ENCRYPTION_KEY 105 valueFrom: 106 secretKeyRef: 107 name: {{ template "concourse.concourse.fullname" . }} 108 key: old-encryption-key 109 {{- end }} 110 {{- if .Values.concourse.web.debugBindIp }} 111 - name: CONCOURSE_DEBUG_BIND_IP 112 value: {{ .Values.concourse.web.debugBindIp | quote }} 113 {{- end }} 114 {{- if .Values.concourse.web.debugBindPort }} 115 - name: CONCOURSE_DEBUG_BIND_PORT 116 value: {{ .Values.concourse.web.debugBindPort | quote }} 117 {{- end }} 118 {{- if .Values.concourse.web.interceptIdleTimeout }} 119 - name: CONCOURSE_INTERCEPT_IDLE_TIMEOUT 120 value: {{ .Values.concourse.web.interceptIdleTimeout | quote }} 121 {{- end }} 122 {{- if .Values.concourse.web.globalResourceCheckTimeout }} 123 - name: CONCOURSE_GLOBAL_RESOURCE_CHECK_TIMEOUT 124 value: {{ .Values.concourse.web.globalResourceCheckTimeout | quote }} 125 {{- end }} 126 {{- if .Values.concourse.web.resourceCheckingInterval }} 127 - name: CONCOURSE_RESOURCE_CHECKING_INTERVAL 128 value: {{ .Values.concourse.web.resourceCheckingInterval | quote }} 129 {{- end }} 130 {{- if .Values.concourse.web.resourceTypeCheckingInterval }} 131 - name: CONCOURSE_RESOURCE_TYPE_CHECKING_INTERVAL 132 value: {{ .Values.concourse.web.resourceTypeCheckingInterval | quote }} 133 {{- end }} 134 {{- if .Values.concourse.web.containerPlacementStrategy }} 135 - name: CONCOURSE_CONTAINER_PLACEMENT_STRATEGY 136 value: {{ .Values.concourse.web.containerPlacementStrategy | quote }} 137 {{- end }} 138 {{- if .Values.concourse.web.baggageclaimResponseHeaderTimeout }} 139 - name: CONCOURSE_BAGGAGECLAIM_RESPONSE_HEADER_TIMEOUT 140 value: {{ .Values.concourse.web.baggageclaimResponseHeaderTimeout | quote }} 141 {{- end }} 142 {{- if .Values.concourse.web.cliArtifactsDir }} 143 - name: CONCOURSE_CLI_ARTIFACTS_DIR 144 value: {{ .Values.concourse.web.cliArtifactsDir | quote }} 145 {{- end }} 146 {{- if .Values.concourse.web.logDbQueries }} 147 - name: CONCOURSE_LOG_DB_QUERIES 148 value: {{ .Values.concourse.web.logDbQueries | quote }} 149 {{- end }} 150 {{- if .Values.concourse.web.buildTrackerInterval }} 151 - name: CONCOURSE_BUILD_TRACKER_INTERVAL 152 value: {{ .Values.concourse.web.buildTrackerInterval | quote }} 153 {{- end }} 154 {{- if .Values.concourse.web.defaultBuildLogsToRetain }} 155 - name: CONCOURSE_DEFAULT_BUILD_LOGS_TO_RETAIN 156 value: {{ .Values.concourse.web.defaultBuildLogsToRetain | quote }} 157 {{- end }} 158 {{- if .Values.concourse.web.maxBuildLogsToRetain }} 159 - name: CONCOURSE_MAX_BUILD_LOGS_TO_RETAIN 160 value: {{ .Values.concourse.web.maxBuildLogsToRetain | quote }} 161 {{- end }} 162 {{- if .Values.concourse.web.defaultTaskCpuLimit }} 163 - name: CONCOURSE_DEFAULT_TASK_CPU_LIMIT 164 value: {{ .Values.concourse.web.defaultTaskCpuLimit | quote }} 165 {{- end }} 166 {{- if .Values.concourse.web.defaultTaskMemoryLimit }} 167 - name: CONCOURSE_DEFAULT_TASK_MEMORY_LIMIT 168 value: {{ .Values.concourse.web.defaultTaskMemoryLimit | quote }} 169 {{- end }} 170 171 {{- if .Values.postgresql.enabled }} 172 - name: CONCOURSE_POSTGRES_HOST 173 value: {{ template "concourse.postgresql.fullname" . }} 174 - name: CONCOURSE_POSTGRES_USER 175 value: {{ .Values.postgresql.postgresUser | quote }} 176 - name: CONCOURSE_POSTGRES_PASSWORD 177 valueFrom: 178 secretKeyRef: 179 name: {{ template "concourse.postgresql.fullname" . }} 180 key: postgres-password 181 - name: CONCOURSE_POSTGRES_DATABASE 182 value: {{ .Values.postgresql.postgresDatabase | quote }} 183 {{- else }} 184 {{- if .Values.concourse.web.postgres.host }} 185 - name: CONCOURSE_POSTGRES_HOST 186 value: {{ .Values.concourse.web.postgres.host | quote }} 187 {{- end }} 188 {{- if .Values.concourse.web.postgres.port }} 189 - name: CONCOURSE_POSTGRES_PORT 190 value: {{ .Values.concourse.web.postgres.port | quote }} 191 {{- end }} 192 {{- if .Values.concourse.web.postgres.socket }} 193 - name: CONCOURSE_POSTGRES_SOCKET 194 value: {{ .Values.concourse.web.postgres.socket | quote }} 195 {{- end }} 196 - name: CONCOURSE_POSTGRES_USER 197 valueFrom: 198 secretKeyRef: 199 name: {{ template "concourse.concourse.fullname" . }} 200 key: postgresql-user 201 - name: CONCOURSE_POSTGRES_PASSWORD 202 valueFrom: 203 secretKeyRef: 204 name: {{ template "concourse.concourse.fullname" . }} 205 key: postgresql-password 206 {{- if .Values.concourse.web.postgres.sslmode }} 207 - name: CONCOURSE_POSTGRES_SSLMODE 208 value: {{ .Values.concourse.web.postgres.sslmode | quote }} 209 {{- end }} 210 {{- if .Values.secrets.postgresCaCert }} 211 - name: CONCOURSE_POSTGRES_CA_CERT 212 value: "{{ .Values.web.postgresqlSecretsPath }}/ca.cert" 213 {{- end }} 214 {{- if .Values.secrets.postgresClientCert }} 215 - name: CONCOURSE_POSTGRES_CLIENT_CERT 216 value: "{{ .Values.web.postgresqlSecretsPath }}/client.cert" 217 {{- end }} 218 {{- if .Values.secrets.postgresClientKey }} 219 - name: CONCOURSE_POSTGRES_CLIENT_KEY 220 value: "{{ .Values.web.postgresqlSecretsPath }}/client.key" 221 {{- end }} 222 {{- if .Values.concourse.web.postgres.connectTimeout }} 223 - name: CONCOURSE_POSTGRES_CONNECT_TIMEOUT 224 value: {{ .Values.concourse.web.postgres.connectTimeout | quote }} 225 {{- end }} 226 {{- if .Values.concourse.web.postgres.database }} 227 - name: CONCOURSE_POSTGRES_DATABASE 228 value: {{ .Values.concourse.web.postgres.database | quote }} 229 {{- end }} 230 {{- end }} 231 232 {{- if .Values.concourse.web.kubernetes.enabled }} 233 - name: CONCOURSE_KUBERNETES_IN_CLUSTER 234 value: "true" 235 - name: CONCOURSE_KUBERNETES_NAMESPACE_PREFIX 236 value: {{ template "concourse.namespacePrefix" . }} 237 {{- else}} 238 {{- if .Values.concourse.web.kubernetes.configPath }} 239 - name: CONCOURSE_KUBERNETES_CONFIG_PATH 240 value: {{ .Values.concourse.web.kubernetes.configPath | quote }} 241 {{- end }} 242 {{- if .Values.concourse.web.kubernetes.namespacePrefix }} 243 - name: CONCOURSE_KUBERNETES_NAMESPACE_PREFIX 244 value: {{ .Values.concourse.web.kubernetes.namespacePrefix | quote }} 245 {{- end }} 246 {{- end }} 247 248 {{- if .Values.concourse.web.awsSecretsManager.enabled }} 249 - name: CONCOURSE_AWS_SECRETSMANAGER_ACCESS_KEY 250 valueFrom: 251 secretKeyRef: 252 name: {{ template "concourse.concourse.fullname" . }} 253 key: aws-secretsmanager-access-key 254 - name: CONCOURSE_AWS_SECRETSMANAGER_SECRET_KEY 255 valueFrom: 256 secretKeyRef: 257 name: {{ template "concourse.concourse.fullname" . }} 258 key: aws-secretsmanager-secret-key 259 {{- if .Values.secrets.awsSecretsManagerSessionToken }} 260 - name: CONCOURSE_AWS_SECRETSMANAGER_SESSION_TOKEN 261 valueFrom: 262 secretKeyRef: 263 name: {{ template "concourse.concourse.fullname" . }} 264 key: aws-secretsmanager-session-token 265 {{- end }} 266 {{- if .Values.concourse.web.awsSecretsManager.pipelineSecretTemplate }} 267 - name: CONCOURSE_AWS_SECRETSMANAGER_PIPELINE_SECRET_TEMPLATE 268 value: {{ .Values.concourse.web.awsSecretsManager.pipelineSecretTemplate | quote }} 269 {{- end }} 270 {{- if .Values.concourse.web.awsSecretsManager.teamSecretTemplate }} 271 - name: CONCOURSE_AWS_SECRETSMANAGER_TEAM_SECRET_TEMPLATE 272 value: {{ .Values.concourse.web.awsSecretsManager.teamSecretTemplate | quote }} 273 {{- end }} 274 {{- end }} 275 276 {{- if .Values.concourse.web.awsSsm.enabled }} 277 - name: CONCOURSE_AWS_SSM_ACCESS_KEY 278 valueFrom: 279 secretKeyRef: 280 name: {{ template "concourse.concourse.fullname" . }} 281 key: aws-ssm-access-key 282 - name: CONCOURSE_AWS_SSM_SECRET_KEY 283 valueFrom: 284 secretKeyRef: 285 name: {{ template "concourse.concourse.fullname" . }} 286 key: aws-ssm-secret-key 287 {{- if .Values.secrets.awsSsmSessionToken }} 288 - name: CONCOURSE_AWS_SSM_SESSION_TOKEN 289 valueFrom: 290 secretKeyRef: 291 name: {{ template "concourse.concourse.fullname" . }} 292 key: aws-ssm-session-token 293 {{- end }} 294 {{- if .Values.concourse.web.awsSsm.pipelineSecretTemplate }} 295 - name: CONCOURSE_AWS_SSM_PIPELINE_SECRET_TEMPLATE 296 value: {{ .Values.concourse.web.awsSsm.pipelineSecretTemplate | quote }} 297 {{- end }} 298 {{- if .Values.concourse.web.awsSsm.teamSecretTemplate }} 299 - name: CONCOURSE_AWS_SSM_TEAM_SECRET_TEMPLATE 300 value: {{ .Values.concourse.web.awsSsm.teamSecretTemplate | quote }} 301 {{- end }} 302 {{- end }} 303 304 {{- if .Values.concourse.web.vault.enabled }} 305 - name: CONCOURSE_VAULT_URL 306 value: {{ .Values.concourse.web.vault.url | quote }} 307 - name: CONCOURSE_VAULT_PATH_PREFIX 308 value: {{ .Values.concourse.web.vault.pathPrefix | quote }} 309 - name: CONCOURSE_VAULT_AUTH_BACKEND 310 value: {{ .Values.concourse.web.vault.authBackend | quote }} 311 {{- if .Values.concourse.web.vault.useCaCert }} 312 - name: CONCOURSE_VAULT_CA_CERT 313 value: "{{ .Values.web.vaultSecretsPath }}/ca.cert" 314 {{- end }} 315 {{- if eq (default "" .Values.concourse.web.vault.authBackend) "token" }} 316 - name: CONCOURSE_VAULT_CLIENT_TOKEN 317 valueFrom: 318 secretKeyRef: 319 name: {{ template "concourse.concourse.fullname" . }} 320 key: vault-client-token 321 {{- end }} 322 {{- if eq (default "" .Values.concourse.web.vault.authBackend) "cert" }} 323 - name: CONCOURSE_VAULT_CLIENT_CERT 324 value: "{{ .Values.web.vaultSecretsPath }}/client.cert" 325 - name: CONCOURSE_VAULT_CLIENT_KEY 326 value: "{{ .Values.web.vaultSecretsPath }}/client.key" 327 {{- end }} 328 {{- if eq (default "" .Values.concourse.web.vault.authBackend) "approle" }} 329 - name: CONCOURSE_VAULT_AUTH_PARAM 330 valueFrom: 331 secretKeyRef: 332 name: {{ template "concourse.concourse.fullname" . }} 333 key: vault-client-auth-param 334 {{- end }} 335 {{- if .Values.concourse.web.vault.authBackendMaxTtl }} 336 - name: CONCOURSE_VAULT_AUTH_BACKEND_MAX_TTL 337 value: {{ .Values.concourse.web.vault.authBackendMaxTtl | quote }} 338 {{- end }} 339 {{- if .Values.concourse.web.vault.cache }} 340 - name: CONCOURSE_VAULT_CACHE 341 value: {{ .Values.concourse.web.vault.cache | quote }} 342 {{- end }} 343 {{- if .Values.concourse.web.vault.caPath }} 344 - name: CONCOURSE_VAULT_CA_PATH 345 value: {{ .Values.concourse.web.vault.caPath | quote }} 346 {{- end }} 347 {{- if .Values.concourse.web.vault.insecureSkipVerify }} 348 - name: CONCOURSE_VAULT_INSECURE_SKIP_VERIFY 349 value: {{ .Values.concourse.web.vault.insecureSkipVerify | quote }} 350 {{- end }} 351 {{- if .Values.concourse.web.vault.maxLease }} 352 - name: CONCOURSE_VAULT_MAX_LEASE 353 value: {{ .Values.concourse.web.vault.maxLease | quote }} 354 {{- end }} 355 {{- if .Values.concourse.web.vault.retryInitial }} 356 - name: CONCOURSE_VAULT_RETRY_INITIAL 357 value: {{ .Values.concourse.web.vault.retryInitial | quote }} 358 {{- end }} 359 {{- if .Values.concourse.web.vault.retryMax }} 360 - name: CONCOURSE_VAULT_RETRY_MAX 361 value: {{ .Values.concourse.web.vault.retryMax | quote }} 362 {{- end }} 363 {{- if .Values.concourse.web.vault.serverName }} 364 - name: CONCOURSE_VAULT_SERVER_NAME 365 value: {{ .Values.concourse.web.vault.serverName | quote }} 366 {{- end }} 367 {{- end }} 368 369 {{- if .Values.concourse.web.noop }} 370 - name: CONCOURSE_NOOP 371 value: {{ .Values.concourse.web.noop | quote }} 372 {{- end }} 373 374 {{- if .Values.concourse.web.staticWorker.enabled }} 375 {{- if .Values.concourse.web.staticWorker.gardenUrl }} 376 - name: CONCOURSE_WORKER_GARDEN_URL 377 value: {{ .Values.concourse.web.staticWorker.gardenUrl | quote }} 378 {{- end }} 379 {{- if .Values.concourse.web.staticWorker.baggageclaimUrl }} 380 - name: CONCOURSE_WORKER_BAGGAGECLAIM_URL 381 value: {{ .Values.concourse.web.staticWorker.baggageclaimUrl | quote }} 382 {{- end }} 383 {{- if .Values.concourse.web.staticWorker.resource }} 384 - name: CONCOURSE_WORKER_RESOURCE 385 value: {{ .Values.concourse.web.staticWorker.resource | quote }} 386 {{- end }} 387 {{- end }} 388 389 {{- if .Values.concourse.web.metrics.hostName }} 390 - name: CONCOURSE_METRICS_HOST_NAME 391 value: {{ .Values.concourse.web.metrics.hostName | quote }} 392 {{- end }} 393 {{- if .Values.concourse.web.metrics.attribute }} 394 - name: CONCOURSE_METRICS_ATTRIBUTE 395 value: {{ .Values.concourse.web.metrics.attribute | quote }} 396 {{- end }} 397 398 {{- if .Values.concourse.web.datadog.enabled }} 399 - name: CONCOURSE_DATADOG_AGENT_HOST 400 {{- if .Values.concourse.web.datadog.agentHostUseHostIP }} 401 valueFrom: 402 fieldRef: 403 fieldPath: status.hostIP 404 {{- else }} 405 value: {{ .Values.concourse.web.datadog.agentHost | quote }} 406 {{- end }} 407 - name: CONCOURSE_DATADOG_AGENT_PORT 408 value: {{ .Values.concourse.web.datadog.agentPort | quote }} 409 {{- if .Values.concourse.web.datadog.prefix }} 410 - name: CONCOURSE_DATADOG_PREFIX 411 value: {{ .Values.concourse.web.datadog.prefix | quote }} 412 {{- end }} 413 {{- end }} 414 415 {{- if .Values.concourse.web.influxdb.enabled }} 416 - name: CONCOURSE_INFLUXDB_URL 417 value: {{ .Values.concourse.web.influxdb.url | quote }} 418 - name: CONCOURSE_INFLUXDB_DATABASE 419 value: {{ .Values.concourse.web.influxdb.database | quote }} 420 - name: CONCOURSE_INFLUXDB_USERNAME 421 value: {{ .Values.concourse.web.influxdb.username | quote }} 422 - name: CONCOURSE_INFLUXDB_PASSWORD 423 valueFrom: 424 secretKeyRef: 425 name: {{ template "concourse.concourse.fullname" . }} 426 key: influxdb-password 427 - name: CONCOURSE_INFLUXDB_INSECURE_SKIP_VERIFY 428 value: {{ .Values.concourse.web.influxdb.insecureSkipVerify | quote}} 429 {{- end }} 430 431 {{- if .Values.concourse.web.emitToLogs }} 432 - name: CONCOURSE_EMIT_TO_LOGS 433 value: {{ .Values.concourse.web.emitToLogs | quote }} 434 {{- end }} 435 436 {{- if .Values.concourse.web.newrelic.enabled }} 437 {{- if .Values.concourse.web.newrelic.accountId }} 438 - name: CONCOURSE_NEWRELIC_ACCOUNT_ID 439 value: {{ .Values.concourse.web.newrelic.accountId | quote }} 440 {{- end }} 441 {{- if .Values.concourse.web.newrelic.apiKey }} 442 - name: CONCOURSE_NEWRELIC_API_KEY 443 value: {{ .Values.concourse.web.newrelic.apiKey | quote }} 444 {{- end }} 445 {{- if .Values.concourse.web.newrelic.servicePrefix }} 446 - name: CONCOURSE_NEWRELIC_SERVICE_PREFIX 447 value: {{ .Values.concourse.web.newrelic.servicePrefix | quote }} 448 {{- end }} 449 {{- end }} 450 451 {{- if .Values.concourse.web.prometheus.enabled }} 452 - name: CONCOURSE_PROMETHEUS_BIND_IP 453 value: {{ .Values.concourse.web.prometheus.bindIp | quote }} 454 - name: CONCOURSE_PROMETHEUS_BIND_PORT 455 value: {{ .Values.concourse.web.prometheus.bindPort | quote }} 456 {{- end }} 457 458 {{- if .Values.concourse.web.riemann.enabled }} 459 {{- if .Values.concourse.web.riemann.host }} 460 - name: CONCOURSE_RIEMANN_HOST 461 value: {{ .Values.concourse.web.riemann.host | quote }} 462 {{- end }} 463 {{- if .Values.concourse.web.riemann.port }} 464 - name: CONCOURSE_RIEMANN_PORT 465 value: {{ .Values.concourse.web.riemann.port | quote }} 466 {{- end }} 467 {{- if .Values.concourse.web.riemann.servicePrefix }} 468 - name: CONCOURSE_RIEMANN_SERVICE_PREFIX 469 value: {{ .Values.concourse.web.riemann.servicePrefix | quote }} 470 {{- end }} 471 {{- if .Values.concourse.web.riemann.tag }} 472 - name: CONCOURSE_RIEMANN_TAG 473 value: {{ .Values.concourse.web.riemann.tag | quote }} 474 {{- end }} 475 {{- end }} 476 477 {{- if .Values.concourse.web.xFrameOptions }} 478 - name: CONCOURSE_X_FRAME_OPTIONS 479 value: {{ .Values.concourse.web.xFrameOptions | quote }} 480 {{- end }} 481 482 {{- if .Values.concourse.web.gc.overrideDefaults }} 483 {{- if .Values.concourse.web.gc.interval }} 484 - name: CONCOURSE_GC_INTERVAL 485 value: {{ .Values.concourse.web.gc.interval | quote }} 486 {{- end }} 487 {{- if .Values.concourse.web.gc.oneOffGracePeriod }} 488 - name: CONCOURSE_GC_ONE_OFF_GRACE_PERIOD 489 value: {{ .Values.concourse.web.gc.oneOffGracePeriod | quote }} 490 {{- end }} 491 {{- end }} 492 493 {{- if .Values.concourse.web.syslog.enabled }} 494 {{- if .Values.concourse.web.syslog.hostname }} 495 - name: CONCOURSE_SYSLOG_HOSTNAME 496 value: {{ .Values.concourse.web.syslog.hostname | quote }} 497 {{- end }} 498 {{- if .Values.concourse.web.syslog.address }} 499 - name: CONCOURSE_SYSLOG_ADDRESS 500 value: {{ .Values.concourse.web.syslog.address | quote }} 501 {{- end }} 502 {{- if .Values.concourse.web.syslog.transport }} 503 - name: CONCOURSE_SYSLOG_TRANSPORT 504 value: {{ .Values.concourse.web.syslog.transport | quote }} 505 {{- end }} 506 {{- if .Values.concourse.web.syslog.drainInterval }} 507 - name: CONCOURSE_SYSLOG_DRAIN_INTERVAL 508 value: {{ .Values.concourse.web.syslog.drainInterval | quote }} 509 {{- end }} 510 {{- if .Values.concourse.web.syslog.useCaCert }} 511 - name: CONCOURSE_SYSLOG_CA_CERT 512 value: "{{ .Values.web.syslogSecretsPath }}/ca.cert" 513 {{- end }} 514 {{- end }} 515 516 {{- if .Values.concourse.web.auth.cookieSecure }} 517 - name: CONCOURSE_COOKIE_SECURE 518 value: {{ .Values.concourse.web.auth.cookieSecure | quote }} 519 {{- end }} 520 {{- if .Values.concourse.web.auth.duration }} 521 - name: CONCOURSE_AUTH_DURATION 522 value: {{ .Values.concourse.web.auth.duration | quote }} 523 {{- end }} 524 - name: CONCOURSE_SESSION_SIGNING_KEY 525 value: "{{ .Values.web.keySecretsPath }}/session_signing_key" 526 527 {{- if .Values.concourse.web.auth.mainTeam.localUser }} 528 - name: CONCOURSE_MAIN_TEAM_LOCAL_USER 529 value: {{ .Values.concourse.web.auth.mainTeam.localUser | quote }} 530 {{- end }} 531 {{- if .Values.concourse.web.auth.mainTeam.allowAllUsers }} 532 - name: CONCOURSE_MAIN_TEAM_ALLOW_ALL_USERS 533 value: {{ .Values.concourse.web.auth.mainTeam.allowAllUsers | quote }} 534 {{- end }} 535 536 {{- if .Values.concourse.web.auth.mainTeam.cf.org }} 537 - name: CONCOURSE_MAIN_TEAM_CF_ORG 538 value: {{ .Values.concourse.web.auth.mainTeam.cf.org | quote }} 539 {{- end }} 540 {{- if .Values.concourse.web.auth.mainTeam.cf.space }} 541 - name: CONCOURSE_MAIN_TEAM_CF_SPACE 542 value: {{ .Values.concourse.web.auth.mainTeam.cf.space | quote }} 543 {{- end }} 544 {{- if .Values.concourse.web.auth.mainTeam.cf.spaceGuid }} 545 - name: CONCOURSE_MAIN_TEAM_CF_SPACE_GUID 546 value: {{ .Values.concourse.web.auth.mainTeam.cf.spaceGuid | quote }} 547 {{- end }} 548 {{- if .Values.concourse.web.auth.mainTeam.cf.user }} 549 - name: CONCOURSE_MAIN_TEAM_CF_USER 550 value: {{ .Values.concourse.web.auth.mainTeam.cf.user | quote }} 551 {{- end }} 552 553 {{- if .Values.concourse.web.auth.mainTeam.github.user }} 554 - name: CONCOURSE_MAIN_TEAM_GITHUB_USER 555 value: {{ .Values.concourse.web.auth.mainTeam.github.user | quote }} 556 {{- end }} 557 {{- if .Values.concourse.web.auth.mainTeam.github.org }} 558 - name: CONCOURSE_MAIN_TEAM_GITHUB_ORG 559 value: {{ .Values.concourse.web.auth.mainTeam.github.org | quote }} 560 {{- end }} 561 {{- if .Values.concourse.web.auth.mainTeam.github.team }} 562 - name: CONCOURSE_MAIN_TEAM_GITHUB_TEAM 563 value: {{ .Values.concourse.web.auth.mainTeam.github.team | quote }} 564 {{- end }} 565 566 {{- if .Values.concourse.web.auth.mainTeam.gitlab.user }} 567 - name: CONCOURSE_MAIN_TEAM_GITLAB_USER 568 value: {{ .Values.concourse.web.auth.mainTeam.gitlab.user | quote }} 569 {{- end }} 570 {{- if .Values.concourse.web.auth.mainTeam.gitlab.group }} 571 - name: CONCOURSE_MAIN_TEAM_GITLAB_GROUP 572 value: {{ .Values.concourse.web.auth.mainTeam.gitlab.group | quote }} 573 {{- end }} 574 575 {{- if .Values.concourse.web.auth.mainTeam.ldap.user }} 576 - name: CONCOURSE_MAIN_TEAM_LDAP_USER 577 value: {{ .Values.concourse.web.auth.mainTeam.ldap.user | quote }} 578 {{- end }} 579 {{- if .Values.concourse.web.auth.mainTeam.ldap.group }} 580 - name: CONCOURSE_MAIN_TEAM_LDAP_GROUP 581 value: {{ .Values.concourse.web.auth.mainTeam.ldap.group | quote }} 582 {{- end }} 583 584 {{- if .Values.concourse.web.auth.mainTeam.oauth.user }} 585 - name: CONCOURSE_MAIN_TEAM_OAUTH_USER 586 value: {{ .Values.concourse.web.auth.mainTeam.oauth.user | quote }} 587 {{- end }} 588 {{- if .Values.concourse.web.auth.mainTeam.oauth.group }} 589 - name: CONCOURSE_MAIN_TEAM_OAUTH_GROUP 590 value: {{ .Values.concourse.web.auth.mainTeam.oauth.group | quote }} 591 {{- end }} 592 593 {{- if .Values.concourse.web.auth.mainTeam.oidc.group }} 594 - name: CONCOURSE_MAIN_TEAM_OIDC_GROUP 595 value: {{ .Values.concourse.web.auth.mainTeam.oidc.group | quote }} 596 {{- end }} 597 {{- if .Values.concourse.web.auth.mainTeam.oidc.user }} 598 - name: CONCOURSE_MAIN_TEAM_OIDC_USER 599 value: {{ .Values.concourse.web.auth.mainTeam.oidc.user | quote }} 600 {{- end }} 601 602 {{- if .Values.concourse.web.auth.cf.enabled }} 603 - name: CONCOURSE_CF_CLIENT_ID 604 valueFrom: 605 secretKeyRef: 606 name: {{ template "concourse.concourse.fullname" . }} 607 key: cf-client-id 608 - name: CONCOURSE_CF_CLIENT_SECRET 609 valueFrom: 610 secretKeyRef: 611 name: {{ template "concourse.concourse.fullname" . }} 612 key: cf-client-secret 613 {{- if .Values.concourse.web.auth.cf.apiUrl }} 614 - name: CONCOURSE_CF_API_URL 615 value: {{ .Values.concourse.web.auth.cf.apiUrl | quote }} 616 {{- end }} 617 {{- if .Values.concourse.web.auth.cf.useCaCert }} 618 - name: CONCOURSE_CF_CA_CERT 619 value: "{{ .Values.web.authSecretsPath }}/cf_ca.cert" 620 {{- end }} 621 {{- if .Values.concourse.web.auth.cf.skipSslValidation }} 622 - name: CONCOURSE_CF_SKIP_SSL_VALIDATION 623 value: {{ .Values.concourse.web.auth.cf.skipSslValidation | quote }} 624 {{- end }} 625 {{- end }} 626 627 {{- if .Values.concourse.web.auth.github.enabled }} 628 - name: CONCOURSE_GITHUB_CLIENT_ID 629 valueFrom: 630 secretKeyRef: 631 name: {{ template "concourse.concourse.fullname" . }} 632 key: github-client-id 633 - name: CONCOURSE_GITHUB_CLIENT_SECRET 634 valueFrom: 635 secretKeyRef: 636 name: {{ template "concourse.concourse.fullname" . }} 637 key: github-client-secret 638 {{- if .Values.concourse.web.auth.github.host }} 639 - name: CONCOURSE_GITHUB_HOST 640 value: {{ .Values.concourse.web.auth.github.host | quote }} 641 {{- end }} 642 {{- if .Values.concourse.web.auth.github.useCaCert }} 643 - name: CONCOURSE_GITHUB_CA_CERT 644 value: "{{ .Values.web.authSecretsPath }}/github_ca.cert" 645 {{- end }} 646 {{- end }} 647 648 {{- if .Values.concourse.web.auth.gitlab.enabled }} 649 - name: CONCOURSE_GITLAB_CLIENT_ID 650 valueFrom: 651 secretKeyRef: 652 name: {{ template "concourse.concourse.fullname" . }} 653 key: gitlab-client-id 654 - name: CONCOURSE_GITLAB_CLIENT_SECRET 655 valueFrom: 656 secretKeyRef: 657 name: {{ template "concourse.concourse.fullname" . }} 658 key: gitlab-client-secret 659 {{- if .Values.concourse.web.auth.gitlab.host }} 660 - name: CONCOURSE_GITLAB_HOST 661 value: {{ .Values.concourse.web.auth.gitlab.host | quote }} 662 {{- end }} 663 {{- end }} 664 665 {{- if .Values.concourse.web.auth.ldap.enabled }} 666 {{- if .Values.concourse.web.auth.ldap.bindDn }} 667 - name: CONCOURSE_LDAP_BIND_DN 668 value: {{ .Values.concourse.web.auth.ldap.bindDn | quote }} 669 {{- end }} 670 {{- if .Values.concourse.web.auth.ldap.bindPw }} 671 - name: CONCOURSE_LDAP_BIND_PW 672 value: {{ .Values.concourse.web.auth.ldap.bindPw | quote }} 673 {{- end }} 674 {{- if .Values.concourse.web.auth.ldap.useCaCert }} 675 - name: CONCOURSE_LDAP_CA_CERT 676 value: "{{ .Values.web.authSecretsPath }}/ldap_ca.cert" 677 {{- end }} 678 {{- if .Values.concourse.web.auth.ldap.displayName }} 679 - name: CONCOURSE_LDAP_DISPLAY_NAME 680 value: {{ .Values.concourse.web.auth.ldap.displayName | quote }} 681 {{- end }} 682 {{- if .Values.concourse.web.auth.ldap.groupSearchBaseDn }} 683 - name: CONCOURSE_LDAP_GROUP_SEARCH_BASE_DN 684 value: {{ .Values.concourse.web.auth.ldap.groupSearchBaseDn | quote }} 685 {{- end }} 686 {{- if .Values.concourse.web.auth.ldap.groupSearchFilter }} 687 - name: CONCOURSE_LDAP_GROUP_SEARCH_FILTER 688 value: {{ .Values.concourse.web.auth.ldap.groupSearchFilter | quote }} 689 {{- end }} 690 {{- if .Values.concourse.web.auth.ldap.groupSearchGroupAttr }} 691 - name: CONCOURSE_LDAP_GROUP_SEARCH_GROUP_ATTR 692 value: {{ .Values.concourse.web.auth.ldap.groupSearchGroupAttr | quote }} 693 {{- end }} 694 {{- if .Values.concourse.web.auth.ldap.groupSearchNameAttr }} 695 - name: CONCOURSE_LDAP_GROUP_SEARCH_NAME_ATTR 696 value: {{ .Values.concourse.web.auth.ldap.groupSearchNameAttr | quote }} 697 {{- end }} 698 {{- if .Values.concourse.web.auth.ldap.groupSearchScope }} 699 - name: CONCOURSE_LDAP_GROUP_SEARCH_SCOPE 700 value: {{ .Values.concourse.web.auth.ldap.groupSearchScope | quote }} 701 {{- end }} 702 {{- if .Values.concourse.web.auth.ldap.groupSearchUserAttr }} 703 - name: CONCOURSE_LDAP_GROUP_SEARCH_USER_ATTR 704 value: {{ .Values.concourse.web.auth.ldap.groupSearchUserAttr | quote }} 705 {{- end }} 706 {{- if .Values.concourse.web.auth.ldap.host }} 707 - name: CONCOURSE_LDAP_HOST 708 value: {{ .Values.concourse.web.auth.ldap.host | quote }} 709 {{- end }} 710 {{- if .Values.concourse.web.auth.ldap.insecureNoSsl }} 711 - name: CONCOURSE_LDAP_INSECURE_NO_SSL 712 value: {{ .Values.concourse.web.auth.ldap.insecureNoSsl | quote }} 713 {{- end }} 714 {{- if .Values.concourse.web.auth.ldap.insecureSkipVerify }} 715 - name: CONCOURSE_LDAP_INSECURE_SKIP_VERIFY 716 value: {{ .Values.concourse.web.auth.ldap.insecureSkipVerify | quote }} 717 {{- end }} 718 {{- if .Values.concourse.web.auth.ldap.startTls }} 719 - name: CONCOURSE_LDAP_START_TLS 720 value: {{ .Values.concourse.web.auth.ldap.startTls | quote }} 721 {{- end }} 722 {{- if .Values.concourse.web.auth.ldap.userSearchBaseDn }} 723 - name: CONCOURSE_LDAP_USER_SEARCH_BASE_DN 724 value: {{ .Values.concourse.web.auth.ldap.userSearchBaseDn | quote }} 725 {{- end }} 726 {{- if .Values.concourse.web.auth.ldap.userSearchEmailAttr }} 727 - name: CONCOURSE_LDAP_USER_SEARCH_EMAIL_ATTR 728 value: {{ .Values.concourse.web.auth.ldap.userSearchEmailAttr | quote }} 729 {{- end }} 730 {{- if .Values.concourse.web.auth.ldap.userSearchFilter }} 731 - name: CONCOURSE_LDAP_USER_SEARCH_FILTER 732 value: {{ .Values.concourse.web.auth.ldap.userSearchFilter | quote }} 733 {{- end }} 734 {{- if .Values.concourse.web.auth.ldap.userSearchIdAttr }} 735 - name: CONCOURSE_LDAP_USER_SEARCH_ID_ATTR 736 value: {{ .Values.concourse.web.auth.ldap.userSearchIdAttr | quote }} 737 {{- end }} 738 {{- if .Values.concourse.web.auth.ldap.userSearchNameAttr }} 739 - name: CONCOURSE_LDAP_USER_SEARCH_NAME_ATTR 740 value: {{ .Values.concourse.web.auth.ldap.userSearchNameAttr | quote }} 741 {{- end }} 742 {{- if .Values.concourse.web.auth.ldap.userSearchScope }} 743 - name: CONCOURSE_LDAP_USER_SEARCH_SCOPE 744 value: {{ .Values.concourse.web.auth.ldap.userSearchScope | quote }} 745 {{- end }} 746 {{- if .Values.concourse.web.auth.ldap.userSearchUsername }} 747 - name: CONCOURSE_LDAP_USER_SEARCH_USERNAME 748 value: {{ .Values.concourse.web.auth.ldap.userSearchUsername | quote }} 749 {{- end }} 750 {{- end }} 751 752 {{- if .Values.concourse.web.auth.oauth.enabled }} 753 {{- if .Values.concourse.web.auth.oauth.displayName }} 754 - name: CONCOURSE_OAUTH_DISPLAY_NAME 755 value: {{ .Values.concourse.web.auth.oauth.displayName | quote }} 756 {{- end }} 757 - name: CONCOURSE_OAUTH_CLIENT_ID 758 valueFrom: 759 secretKeyRef: 760 name: {{ template "concourse.concourse.fullname" . }} 761 key: oauth-client-id 762 - name: CONCOURSE_OAUTH_CLIENT_SECRET 763 valueFrom: 764 secretKeyRef: 765 name: {{ template "concourse.concourse.fullname" . }} 766 key: oauth-client-secret 767 {{- if .Values.concourse.web.auth.oauth.authUrl }} 768 - name: CONCOURSE_OAUTH_AUTH_URL 769 value: {{ .Values.concourse.web.auth.oauth.authUrl | quote }} 770 {{- end }} 771 {{- if .Values.concourse.web.auth.oauth.tokenUrl }} 772 - name: CONCOURSE_OAUTH_TOKEN_URL 773 value: {{ .Values.concourse.web.auth.oauth.tokenUrl | quote }} 774 {{- end }} 775 {{- if .Values.concourse.web.auth.oauth.userinfoUrl }} 776 - name: CONCOURSE_OAUTH_USERINFO_URL 777 value: {{ .Values.concourse.web.auth.oauth.userinfoUrl | quote }} 778 {{- end }} 779 {{- if .Values.concourse.web.auth.oauth.scope }} 780 - name: CONCOURSE_OAUTH_SCOPE 781 value: {{ .Values.concourse.web.auth.oauth.scope | quote }} 782 {{- end }} 783 {{- if .Values.concourse.web.auth.oauth.groupsKey }} 784 - name: CONCOURSE_OAUTH_GROUPS_KEY 785 value: {{ .Values.concourse.web.auth.oauth.groupsKey | quote }} 786 {{- end }} 787 {{- if .Values.concourse.web.auth.oauth.useCaCert }} 788 - name: CONCOURSE_OAUTH_CA_CERT 789 value: "{{ .Values.web.authSecretsPath }}/oauth_ca.cert" 790 {{- end }} 791 {{- if .Values.concourse.web.auth.oauth.skipSslValidation }} 792 - name: CONCOURSE_OAUTH_SKIP_SSL_VALIDATION 793 value: {{ .Values.concourse.web.auth.oauth.skipSslValidation | quote }} 794 {{- end }} 795 {{- end }} 796 797 {{- if .Values.concourse.web.auth.oidc.enabled }} 798 {{- if .Values.concourse.web.auth.oidc.displayName }} 799 - name: CONCOURSE_OIDC_DISPLAY_NAME 800 value: {{ .Values.concourse.web.auth.oidc.displayName | quote }} 801 {{- end }} 802 {{- if .Values.concourse.web.auth.oidc.issuer }} 803 - name: CONCOURSE_OIDC_ISSUER 804 value: {{ .Values.concourse.web.auth.oidc.issuer | quote }} 805 {{- end }} 806 - name: CONCOURSE_OIDC_CLIENT_ID 807 valueFrom: 808 secretKeyRef: 809 name: {{ template "concourse.concourse.fullname" . }} 810 key: oidc-client-id 811 - name: CONCOURSE_OIDC_CLIENT_SECRET 812 valueFrom: 813 secretKeyRef: 814 name: {{ template "concourse.concourse.fullname" . }} 815 key: oidc-client-secret 816 {{- if .Values.concourse.web.auth.oidc.scope }} 817 - name: CONCOURSE_OIDC_SCOPE 818 value: {{ .Values.concourse.web.auth.oidc.scope | quote }} 819 {{- end }} 820 {{- if .Values.concourse.web.auth.oidc.groupsKey }} 821 - name: CONCOURSE_OIDC_GROUPS_KEY 822 value: {{ .Values.concourse.web.auth.oidc.groupsKey | quote}} 823 {{- end }} 824 {{- if .Values.concourse.web.auth.oidc.hostedDomains }} 825 - name: CONCOURSE_OIDC_HOSTED_DOMAINS 826 value: {{ .Values.concourse.web.auth.oidc.hostedDomains | quote }} 827 {{- end }} 828 {{- if .Values.concourse.web.auth.oidc.useCaCert }} 829 - name: CONCOURSE_OIDC_CA_CERT 830 value: "{{ .Values.web.authSecretsPath }}/oidc_ca.cert" 831 {{- end }} 832 {{- if .Values.concourse.web.auth.oidc.skipSslValidation }} 833 - name: CONCOURSE_OIDC_SKIP_SSL_VALIDATION 834 value: {{ .Values.concourse.web.auth.oidc.skipSslValidation | quote }} 835 {{- end }} 836 {{- end }} 837 838 {{- if .Values.concourse.web.tsa.logLevel }} 839 - name: CONCOURSE_TSA_LOG_LEVEL 840 value: {{ .Values.concourse.web.tsa.logLevel | quote }} 841 {{- end }} 842 {{- if .Values.concourse.web.tsa.bindIp }} 843 - name: CONCOURSE_TSA_BIND_IP 844 value: {{ .Values.concourse.web.tsa.bindIp | quote }} 845 {{- end }} 846 - name: CONCOURSE_TSA_BIND_PORT 847 value: {{ .Values.concourse.web.tsa.bindPort | quote }} 848 {{- if .Values.concourse.web.tsa.bindDebugPort }} 849 - name: CONCOURSE_TSA_BIND_DEBUG_PORT 850 value: {{ .Values.concourse.web.tsa.bindDebugPort | quote }} 851 {{- end }} 852 {{- if .Values.concourse.web.tsa.peerIp }} 853 - name: CONCOURSE_TSA_PEER_IP 854 value: {{ .Values.concourse.web.tsa.peerIp | quote }} 855 {{- end }} 856 - name: CONCOURSE_TSA_HOST_KEY 857 value: "{{ .Values.web.keySecretsPath }}/host_key" 858 - name: CONCOURSE_TSA_AUTHORIZED_KEYS 859 value: "{{ .Values.web.keySecretsPath }}/worker_key.pub" 860 {{- if .Values.concourse.web.tsa.teamAuthorizedKeys }} 861 - name: CONCOURSE_TSA_TEAM_AUTHORIZED_KEYS 862 value: {{ .Values.concourse.web.tsa.teamAuthorizedKeys | quote }} 863 {{- end }} 864 {{- if .Values.concourse.web.tsa.atcUrl }} 865 - name: CONCOURSE_TSA_ATC_URL 866 value: {{ .Values.concourse.web.tsa.atcUrl | quote }} 867 {{- end }} 868 {{- if .Values.concourse.web.tsa.sessionSigningKey }} 869 - name: CONCOURSE_TSA_SESSION_SIGNING_KEY 870 value: {{ .Values.concourse.web.tsa.sessionSigningKey | quote }} 871 {{- end }} 872 {{- if .Values.concourse.web.tsa.heartbeatInterval }} 873 - name: CONCOURSE_TSA_HEARTBEAT_INTERVAL 874 value: {{ .Values.concourse.web.tsa.heartbeatInterval | quote }} 875 {{- end }} 876 {{- if .Values.web.env }} 877 {{ toYaml .Values.web.env | indent 12 }} 878 {{- end }} 879 ports: 880 - name: atc 881 containerPort: {{ .Values.concourse.web.bindPort }} 882 {{- if .Values.concourse.web.tls.enabled }} 883 - name: atc-tls 884 containerPort: {{ .Values.concourse.web.tls.bindPort }} 885 {{- end }} 886 - name: tsa 887 containerPort: {{ .Values.concourse.web.tsa.bindPort }} 888 {{- if .Values.concourse.web.debugBindPort }} 889 - name: atc-debug 890 containerPort: {{ .Values.concourse.web.debugBindPort }} 891 {{- end }} 892 {{- if .Values.concourse.web.tsa.bindDebugPort }} 893 - name: tsa-debug 894 containerPort: {{ .Values.concourse.web.tsa.bindDebugPort }} 895 {{- end }} 896 {{- if .Values.concourse.web.prometheus.enabled }} 897 - name: prometheus 898 containerPort: {{ .Values.concourse.web.prometheus.bindPort }} 899 {{- end }} 900 livenessProbe: 901 {{ toYaml .Values.web.livenessProbe | indent 12 }} 902 readinessProbe: 903 {{ toYaml .Values.web.readinessProbe | indent 12 }} 904 resources: 905 {{ toYaml .Values.web.resources | indent 12 }} 906 volumeMounts: 907 - name: concourse-keys 908 mountPath: {{ .Values.web.keySecretsPath | quote }} 909 readOnly: true 910 {{- if .Values.concourse.web.tls.enabled }} 911 - name: web-tls 912 mountPath: {{ .Values.web.tlsSecretsPath | quote }} 913 readOnly: true 914 {{- end }} 915 {{- if .Values.concourse.web.vault.enabled }} 916 - name: vault-keys 917 mountPath: {{ .Values.web.vaultSecretsPath | quote }} 918 readOnly: true 919 {{- end }} 920 {{- if not (eq (default "disable" .Values.concourse.web.postgres.sslmode) "disable") }} 921 - name: postgresql-keys 922 mountPath: {{ .Values.web.postgresqlSecretsPath | quote }} 923 readOnly: true 924 {{- end }} 925 {{- if .Values.concourse.web.syslog.enabled }} 926 - name: syslog-keys 927 mountPath: {{ .Values.web.syslogSecretsPath | quote }} 928 readOnly: true 929 {{- end }} 930 - name: auth-keys 931 mountPath: {{ .Values.web.authSecretsPath | quote }} 932 readOnly: true 933 {{- if .Values.web.additionalVolumeMounts }} 934 {{ toYaml .Values.web.additionalVolumeMounts | indent 12 }} 935 {{- end }} 936 affinity: 937 {{- if .Values.web.additionalAffinities }} 938 {{ toYaml .Values.web.additionalAffinities | indent 8 }} 939 {{- end }} 940 volumes: 941 {{- if .Values.web.additionalVolumes }} 942 {{ toYaml .Values.web.additionalVolumes | indent 8 }} 943 {{- end }} 944 - name: concourse-keys 945 secret: 946 secretName: {{ template "concourse.concourse.fullname" . }} 947 defaultMode: 0400 948 items: 949 - key: host-key 950 path: host_key 951 - key: session-signing-key 952 path: session_signing_key 953 - key: worker-key-pub 954 path: worker_key.pub 955 {{- if .Values.concourse.web.tls.enabled }} 956 - name: web-tls 957 secret: 958 secretName: {{ template "concourse.concourse.fullname" . }} 959 defaultMode: 0400 960 items: 961 - key: web-tls-cert 962 path: client.cert 963 - key: web-tls-key 964 path: client.key 965 {{- end }} 966 {{- if .Values.concourse.web.vault.enabled }} 967 - name: vault-keys 968 secret: 969 secretName: {{ template "concourse.concourse.fullname" . }} 970 defaultMode: 0400 971 items: 972 {{- if .Values.concourse.web.vault.useCaCert }} 973 - key: vault-ca-cert 974 path: ca.cert 975 {{- end }} 976 {{- if eq (default "" .Values.concourse.web.vault.authBackend) "cert" }} 977 - key: vault-client-cert 978 path: client.cert 979 - key: vault-client-key 980 path: client.key 981 {{- end }} 982 {{- end }} 983 {{- if not (eq (default "disable" .Values.concourse.web.postgres.sslmode) "disable") }} 984 - name: postgresql-keys 985 secret: 986 secretName: {{ template "concourse.concourse.fullname" . }} 987 defaultMode: 0400 988 items: 989 - key: postgresql-ca-cert 990 path: ca.cert 991 - key: postgresql-client-cert 992 path: client.cert 993 - key: postgresql-client-key 994 path: client.key 995 {{- end }} 996 {{- if .Values.concourse.web.syslog.enabled }} 997 - name: syslog-keys 998 secret: 999 secretName: {{ template "concourse.concourse.fullname" . }} 1000 defaultMode: 0400 1001 items: 1002 - key: syslog-ca-cert 1003 path: ca.cert 1004 {{- end }} 1005 - name: auth-keys 1006 secret: 1007 secretName: {{ template "concourse.concourse.fullname" . }} 1008 defaultMode: 0400 1009 items: 1010 {{- if .Values.concourse.web.auth.cf.useCaCert }} 1011 - key: cf-ca-cert 1012 path: cf_ca.cert 1013 {{- end }} 1014 {{- if .Values.concourse.web.auth.github.useCaCert }} 1015 - key: github-ca-cert 1016 path: github_ca.cert 1017 {{- end }} 1018 {{- if .Values.concourse.web.auth.ldap.useCaCert }} 1019 - key: ldap-ca-cert 1020 path: ldap_ca.cert 1021 {{- end }} 1022 {{- if .Values.concourse.web.auth.oauth.useCaCert }} 1023 - key: oauth-ca-cert 1024 path: oauth_ca.cert 1025 {{- end }} 1026 {{- if .Values.concourse.web.auth.oidc.useCaCert }} 1027 - key: oidc-ca-cert 1028 path: oidc_ca.cert 1029 {{- end }}