github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/controller-deployment.yaml (about) 1 {{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}} 2 {{- include "isControllerTagValid" . -}} 3 apiVersion: apps/v1 4 kind: Deployment 5 metadata: 6 labels: 7 {{- include "ingress-nginx.labels" . | nindent 4 }} 8 app.kubernetes.io/component: controller 9 {{- with .Values.controller.labels }} 10 {{- toYaml . | nindent 4 }} 11 {{- end }} 12 name: {{ include "ingress-nginx.controller.fullname" . }} 13 namespace: {{ .Release.Namespace }} 14 {{- if .Values.controller.annotations }} 15 annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} 16 {{- end }} 17 spec: 18 selector: 19 matchLabels: 20 {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} 21 app.kubernetes.io/component: controller 22 {{- if not .Values.controller.autoscaling.enabled }} 23 replicas: {{ .Values.controller.replicaCount }} 24 {{- end }} 25 revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} 26 {{- if .Values.controller.updateStrategy }} 27 strategy: 28 {{ toYaml .Values.controller.updateStrategy | nindent 4 }} 29 {{- end }} 30 minReadySeconds: {{ .Values.controller.minReadySeconds }} 31 template: 32 metadata: 33 {{- if .Values.controller.podAnnotations }} 34 annotations: 35 {{- range $key, $value := .Values.controller.podAnnotations }} 36 {{ $key }}: {{ $value | quote }} 37 {{- end }} 38 {{- end }} 39 labels: 40 {{- include "ingress-nginx.labels" . | nindent 8 }} 41 app.kubernetes.io/component: controller 42 {{- with .Values.controller.labels }} 43 {{- toYaml . | nindent 8 }} 44 {{- end }} 45 {{- if .Values.controller.podLabels }} 46 {{- toYaml .Values.controller.podLabels | nindent 8 }} 47 {{- end }} 48 spec: 49 {{- if .Values.controller.dnsConfig }} 50 dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} 51 {{- end }} 52 {{- if .Values.controller.hostname }} 53 hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} 54 {{- end }} 55 dnsPolicy: {{ .Values.controller.dnsPolicy }} 56 {{- if .Values.imagePullSecrets }} 57 imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} 58 {{- end }} 59 {{- if .Values.controller.priorityClassName }} 60 priorityClassName: {{ .Values.controller.priorityClassName | quote }} 61 {{- end }} 62 {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} 63 securityContext: 64 {{- end }} 65 {{- if .Values.controller.podSecurityContext }} 66 {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} 67 {{- end }} 68 {{- if .Values.controller.sysctls }} 69 sysctls: 70 {{- range $sysctl, $value := .Values.controller.sysctls }} 71 - name: {{ $sysctl | quote }} 72 value: {{ $value | quote }} 73 {{- end }} 74 {{- end }} 75 {{- if .Values.controller.shareProcessNamespace }} 76 shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} 77 {{- end }} 78 containers: 79 - name: {{ .Values.controller.containerName }} 80 {{- with .Values.controller.image }} 81 image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" 82 {{- end }} 83 imagePullPolicy: {{ .Values.controller.image.pullPolicy }} 84 {{- if .Values.controller.lifecycle }} 85 lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} 86 {{- end }} 87 args: 88 {{- include "ingress-nginx.params" . | nindent 12 }} 89 securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} 90 env: 91 - name: POD_NAME 92 valueFrom: 93 fieldRef: 94 fieldPath: metadata.name 95 - name: POD_NAMESPACE 96 valueFrom: 97 fieldRef: 98 fieldPath: metadata.namespace 99 {{- if .Values.controller.enableMimalloc }} 100 - name: LD_PRELOAD 101 value: /usr/local/lib/libmimalloc.so 102 {{- end }} 103 {{- if .Values.controller.extraEnvs }} 104 {{- toYaml .Values.controller.extraEnvs | nindent 12 }} 105 {{- end }} 106 {{- if .Values.controller.startupProbe }} 107 startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} 108 {{- end }} 109 {{- if .Values.controller.livenessProbe }} 110 livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} 111 {{- end }} 112 {{- if .Values.controller.readinessProbe }} 113 readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} 114 {{- end }} 115 ports: 116 {{- range $key, $value := .Values.controller.containerPort }} 117 - name: {{ $key }} 118 containerPort: {{ $value }} 119 protocol: TCP 120 {{- if $.Values.controller.hostPort.enabled }} 121 hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} 122 {{- end }} 123 {{- end }} 124 {{- if .Values.controller.metrics.enabled }} 125 - name: {{ .Values.controller.metrics.portName }} 126 containerPort: {{ .Values.controller.metrics.port }} 127 protocol: TCP 128 {{- end }} 129 {{- if .Values.controller.admissionWebhooks.enabled }} 130 - name: webhook 131 containerPort: {{ .Values.controller.admissionWebhooks.port }} 132 protocol: TCP 133 {{- end }} 134 {{- range $key, $value := .Values.tcp }} 135 - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp 136 containerPort: {{ $key }} 137 protocol: TCP 138 {{- if $.Values.controller.hostPort.enabled }} 139 hostPort: {{ $key }} 140 {{- end }} 141 {{- end }} 142 {{- range $key, $value := .Values.udp }} 143 - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp 144 containerPort: {{ $key }} 145 protocol: UDP 146 {{- if $.Values.controller.hostPort.enabled }} 147 hostPort: {{ $key }} 148 {{- end }} 149 {{- end }} 150 {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} 151 volumeMounts: 152 {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} 153 - name: modules 154 {{ if .Values.controller.image.chroot }} 155 mountPath: /chroot/modules_mount 156 {{ else }} 157 mountPath: /modules_mount 158 {{ end }} 159 {{- end }} 160 {{- if .Values.controller.customTemplate.configMapName }} 161 - mountPath: /etc/nginx/template 162 name: nginx-template-volume 163 readOnly: true 164 {{- end }} 165 {{- if .Values.controller.admissionWebhooks.enabled }} 166 - name: webhook-cert 167 mountPath: /usr/local/certificates/ 168 readOnly: true 169 {{- end }} 170 {{- if .Values.controller.extraVolumeMounts }} 171 {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} 172 {{- end }} 173 {{- end }} 174 {{- if .Values.controller.resources }} 175 resources: {{ toYaml .Values.controller.resources | nindent 12 }} 176 {{- end }} 177 {{- if .Values.controller.extraContainers }} 178 {{ toYaml .Values.controller.extraContainers | nindent 8 }} 179 {{- end }} 180 {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} 181 initContainers: 182 {{- if .Values.controller.extraInitContainers }} 183 {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} 184 {{- end }} 185 {{- if .Values.controller.extraModules }} 186 {{- range .Values.controller.extraModules }} 187 {{ $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} 188 {{ include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | indent 8 }} 189 {{- end }} 190 {{- end }} 191 {{- if .Values.controller.opentelemetry.enabled}} 192 {{ $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }} 193 {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext) | nindent 8}} 194 {{- end}} 195 {{- end }} 196 {{- if .Values.controller.hostNetwork }} 197 hostNetwork: {{ .Values.controller.hostNetwork }} 198 {{- end }} 199 {{- if .Values.controller.nodeSelector }} 200 nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} 201 {{- end }} 202 {{- if .Values.controller.tolerations }} 203 tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} 204 {{- end }} 205 {{- if .Values.controller.affinity }} 206 affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} 207 {{- end }} 208 {{- if .Values.controller.topologySpreadConstraints }} 209 topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }} 210 {{- end }} 211 serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} 212 terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} 213 {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} 214 volumes: 215 {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}} 216 - name: modules 217 emptyDir: {} 218 {{- end }} 219 {{- if .Values.controller.customTemplate.configMapName }} 220 - name: nginx-template-volume 221 configMap: 222 name: {{ .Values.controller.customTemplate.configMapName }} 223 items: 224 - key: {{ .Values.controller.customTemplate.configMapKey }} 225 path: nginx.tmpl 226 {{- end }} 227 {{- if .Values.controller.admissionWebhooks.enabled }} 228 - name: webhook-cert 229 secret: 230 secretName: {{ include "ingress-nginx.fullname" . }}-admission 231 {{- if .Values.controller.admissionWebhooks.certManager.enabled }} 232 items: 233 - key: tls.crt 234 path: cert 235 - key: tls.key 236 path: key 237 {{- end }} 238 {{- end }} 239 {{- if .Values.controller.extraVolumes }} 240 {{ toYaml .Values.controller.extraVolumes | nindent 8 }} 241 {{- end }} 242 {{- end }} 243 {{- end }}