github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/kiali-server/templates/deployment.yaml (about) 1 --- 2 apiVersion: apps/v1 3 kind: Deployment 4 metadata: 5 name: {{ include "kiali-server.fullname" . }} 6 namespace: {{ .Release.Namespace }} 7 labels: 8 {{- include "kiali-server.labels" . | nindent 4 }} 9 spec: 10 replicas: {{ .Values.deployment.replicas }} 11 selector: 12 matchLabels: 13 {{- include "kiali-server.selectorLabels" . | nindent 6 }} 14 strategy: 15 rollingUpdate: 16 maxSurge: 1 17 maxUnavailable: 1 18 type: RollingUpdate 19 template: 20 metadata: 21 name: {{ include "kiali-server.fullname" . }} 22 labels: 23 {{- include "kiali-server.labels" . | nindent 8 }} 24 {{- if .Values.deployment.pod_labels }} 25 {{- toYaml .Values.deployment.pod_labels | nindent 8 }} 26 {{- end }} 27 annotations: 28 traffic.sidecar.istio.io/excludeOutboundPorts: 443,6443 29 checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} 30 {{- if .Values.server.metrics_enabled }} 31 prometheus.io/scrape: "true" 32 prometheus.io/port: {{ .Values.server.metrics_port | quote }} 33 {{- else }} 34 prometheus.io/scrape: "false" 35 prometheus.io/port: "" 36 {{- end }} 37 kiali.io/dashboards: go,kiali 38 {{- if .Values.deployment.pod_annotations }} 39 {{- toYaml .Values.deployment.pod_annotations | nindent 8 }} 40 {{- end }} 41 spec: 42 serviceAccountName: {{ include "kiali-server.fullname" . }} 43 {{- if .Values.deployment.priority_class_name }} 44 priorityClassName: {{ .Values.deployment.priority_class_name | quote }} 45 {{- end }} 46 {{- if .Values.deployment.image_pull_secrets }} 47 imagePullSecrets: 48 {{- range .Values.deployment.image_pull_secrets }} 49 - name: {{ . }} 50 {{- end }} 51 {{- end }} 52 {{- if .Values.deployment.host_aliases }} 53 hostAliases: 54 {{- toYaml .Values.deployment.host_aliases | nindent 6 }} 55 {{- end }} 56 {{- if .Values.deployment.pod_security_context }} 57 securityContext: 58 {{- toYaml .Values.deployment.pod_security_context | nindent 8 }} 59 {{- end }} 60 containers: 61 - image: "{{ .Values.deployment.image_name }}{{ if .Values.deployment.image_digest }}@{{ .Values.deployment.image_digest }}{{ end }}:{{ .Values.deployment.image_version }}" 62 imagePullPolicy: {{ .Values.deployment.image_pull_policy | default "Always" }} 63 name: {{ include "kiali-server.fullname" . }} 64 command: 65 - "/opt/kiali/kiali" 66 - "-config" 67 - "/kiali-configuration/config.yaml" 68 securityContext: 69 {{- if .Values.deployment.security_context}} 70 {{- toYaml .Values.deployment.security_context | nindent 10 }} 71 {{- else }} 72 allowPrivilegeEscalation: false 73 privileged: false 74 readOnlyRootFilesystem: true 75 runAsNonRoot: true 76 capabilities: 77 drop: 78 - ALL 79 {{- end }} 80 ports: 81 - name: api-port 82 containerPort: {{ .Values.server.port | default 20001 }} 83 {{- if .Values.server.metrics_enabled }} 84 - name: http-metrics 85 containerPort: {{ .Values.server.metrics_port | default 9090 }} 86 {{- end }} 87 readinessProbe: 88 httpGet: 89 path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz 90 port: api-port 91 {{- if (include "kiali-server.identity.cert_file" .) }} 92 scheme: HTTPS 93 {{- else }} 94 scheme: HTTP 95 {{- end }} 96 initialDelaySeconds: 5 97 periodSeconds: 30 98 livenessProbe: 99 httpGet: 100 path: {{ include "kiali-server.server.web_root" . | trimSuffix "/" }}/healthz 101 port: api-port 102 {{- if (include "kiali-server.identity.cert_file" .) }} 103 scheme: HTTPS 104 {{- else }} 105 scheme: HTTP 106 {{- end }} 107 initialDelaySeconds: 5 108 periodSeconds: 30 109 env: 110 - name: ACTIVE_NAMESPACE 111 valueFrom: 112 fieldRef: 113 fieldPath: metadata.namespace 114 - name: LOG_LEVEL 115 value: "{{ include "kiali-server.logLevel" . }}" 116 - name: LOG_FORMAT 117 value: "{{ .Values.deployment.logger.log_format }}" 118 - name: LOG_TIME_FIELD_FORMAT 119 value: "{{ .Values.deployment.logger.time_field_format }}" 120 - name: LOG_SAMPLER_RATE 121 value: "{{ .Values.deployment.logger.sampler_rate }}" 122 volumeMounts: 123 - name: {{ include "kiali-server.fullname" . }}-configuration 124 mountPath: "/kiali-configuration" 125 - name: {{ include "kiali-server.fullname" . }}-cert 126 mountPath: "/kiali-cert" 127 - name: {{ include "kiali-server.fullname" . }}-secret 128 mountPath: "/kiali-secret" 129 - name: {{ include "kiali-server.fullname" . }}-cabundle 130 mountPath: "/kiali-cabundle" 131 {{- range .Values.deployment.custom_secrets }} 132 - name: {{ .name }} 133 mountPath: "{{ .mount }}" 134 {{- end }} 135 {{- range $key, $val := (include "kiali-server.remote-cluster-secrets" .) | fromJson }} 136 - name: {{ $key }} 137 mountPath: "/kiali-remote-cluster-secrets/{{ $val }}" 138 {{- end }} 139 {{- range .Values.kiali_feature_flags.clustering.clusters }} 140 - name: {{ .name }} 141 mountPath: "/kiali-remote-cluster-secrets/{{ .secret_name }}" 142 {{- end }} 143 {{- if .Values.deployment.resources }} 144 resources: 145 {{- toYaml .Values.deployment.resources | nindent 10 }} 146 {{- end }} 147 volumes: 148 - name: {{ include "kiali-server.fullname" . }}-configuration 149 configMap: 150 name: {{ include "kiali-server.fullname" . }} 151 - name: {{ include "kiali-server.fullname" . }}-cert 152 secret: 153 {{- if .Capabilities.APIVersions.Has "route.openshift.io/v1" }} 154 secretName: {{ include "kiali-server.fullname" . }}-cert-secret 155 {{- else }} 156 secretName: istio.{{ include "kiali-server.fullname" . }}-service-account 157 {{- end }} 158 {{- if not (include "kiali-server.identity.cert_file" .) }} 159 optional: true 160 {{- end }} 161 - name: {{ include "kiali-server.fullname" . }}-secret 162 secret: 163 secretName: {{ .Values.deployment.secret_name }} 164 optional: true 165 - name: {{ include "kiali-server.fullname" . }}-cabundle 166 configMap: 167 name: {{ include "kiali-server.fullname" . }}-cabundle 168 {{- if not (.Capabilities.APIVersions.Has "route.openshift.io/v1") }} 169 optional: true 170 {{- end }} 171 {{- range .Values.deployment.custom_secrets }} 172 - name: {{ .name }} 173 secret: 174 secretName: {{ .name }} 175 optional: {{ .optional | default false }} 176 {{- end }} 177 {{- range $key, $val := (include "kiali-server.remote-cluster-secrets" .) | fromJson }} 178 - name: {{ $key }} 179 secret: 180 secretName: {{ $val }} 181 {{- end }} 182 {{- range .Values.kiali_feature_flags.clustering.clusters }} 183 - name: {{ .name }} 184 secret: 185 secretName: {{ .secret_name }} 186 {{- end }} 187 {{- if or (.Values.deployment.affinity.node) (or (.Values.deployment.affinity.pod) (.Values.deployment.affinity.pod_anti)) }} 188 affinity: 189 {{- if .Values.deployment.affinity.node }} 190 nodeAffinity: 191 {{- toYaml .Values.deployment.affinity.node | nindent 10 }} 192 {{- end }} 193 {{- if .Values.deployment.affinity.pod }} 194 podAffinity: 195 {{- toYaml .Values.deployment.affinity.pod | nindent 10 }} 196 {{- end }} 197 {{- if .Values.deployment.affinity.pod_anti }} 198 podAntiAffinity: 199 {{- toYaml .Values.deployment.affinity.pod_anti | nindent 10 }} 200 {{- end }} 201 {{- end }} 202 {{- if .Values.deployment.tolerations }} 203 tolerations: 204 {{- toYaml .Values.deployment.tolerations | nindent 8 }} 205 {{- end }} 206 {{- if .Values.deployment.node_selector }} 207 nodeSelector: 208 {{- toYaml .Values.deployment.node_selector | nindent 8 }} 209 {{- end }} 210 ...