istio

injected-deployment.yaml
147 строк · 5.0 Кб
Перенос по словам
1
{{- $gateway := index .Values "gateways" "istio-egressgateway" }}
2
{{- if ne $gateway.injectionTemplate "" }}
3
{{/* This provides a minimal gateway, ready to be injected.
4
     Any settings from values.gateways should be here - these are options specific to the gateway.
5
     Global settings, like the image, various env vars and volumes, etc will be injected.
6
     The normal Deployment is not suitable for this, as the original pod spec will override the injection template. */}}
7
apiVersion: apps/v1
8
kind: Deployment
9
metadata:
10
  name: {{ $gateway.name | default "istio-egressgateway" }}
11
  namespace: {{ .Release.Namespace }}
12
  labels:
13
{{ $gateway.labels | toYaml | indent 4 }}
14
    release: {{ .Release.Name }}
15
    istio.io/rev: {{ .Values.revision | default "default" }}
16
    install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
17
    operator.istio.io/component: "EgressGateways"
18
spec:
19
{{- if not $gateway.autoscaleEnabled }}
20
{{- if $gateway.replicaCount }}
21
  replicas: {{ $gateway.replicaCount }}
22
{{- end }}
23
{{- end }}
24
  selector:
25
    matchLabels:
26
{{ $gateway.labels | toYaml | indent 6 }}
27
  strategy:
28
    rollingUpdate:
29
      maxSurge: {{ $gateway.rollingMaxSurge }}
30
      maxUnavailable: {{ $gateway.rollingMaxUnavailable }}
31
  template:
32
    metadata:
33
      labels:
34
{{ $gateway.labels | toYaml | indent 8 }}
35
{{- if eq .Release.Namespace "istio-system"}}
36
        heritage: Tiller
37
        release: istio
38
        chart: gateways
39
{{- end }}
40
        install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
41
        operator.istio.io/component: "EgressGateways"
42
        sidecar.istio.io/inject: "true"
43
        {{- with .Values.revision }}
44
        istio.io/rev: {{ . }}
45
        {{- end }}
46
      annotations:
47
        {{- if .Values.meshConfig.enablePrometheusMerge }}
48
        prometheus.io/port: "15020"
49
        prometheus.io/scrape: "true"
50
        prometheus.io/path: "/stats/prometheus"
51
        {{- end }}
52
        sidecar.istio.io/inject: "true"
53
        inject.istio.io/templates: "{{ $gateway.injectionTemplate }}"
54
{{- if $gateway.podAnnotations }}
55
{{ toYaml $gateway.podAnnotations | indent 8 }}
56
{{ end }}
57
    spec:
58
{{- if not $gateway.runAsRoot }}
59
      securityContext:
60
{{- if not (eq .Values.global.platform "openshift") }}
61
        runAsUser: 1337
62
        runAsGroup: 1337
63
{{- end }}
64
        runAsNonRoot: true
65
{{- end }}
66
      serviceAccountName: {{ $gateway.name | default "istio-egressgateway" }}-service-account
67
{{- if .Values.global.priorityClassName }}
68
      priorityClassName: "{{ .Values.global.priorityClassName }}"
69
{{- end }}
70
      containers:
71
        - name: istio-proxy
72
          image: auto
73
{{- if .Values.global.imagePullPolicy }}
74
          imagePullPolicy: {{ .Values.global.imagePullPolicy }}
75
{{- end }}
76
          ports:
77
            {{- range $key, $val := $gateway.ports }}
78
            - containerPort: {{ $val.targetPort | default $val.port }}
79
              protocol: {{ $val.protocol | default "TCP" }}
80
            {{- end }}
81
            - containerPort: 15090
82
              protocol: TCP
83
              name: http-envoy-prom
84
        {{- if not $gateway.runAsRoot }}
85
          securityContext:
86
            allowPrivilegeEscalation: false
87
            capabilities:
88
              drop:
89
              - ALL
90
            privileged: false
91
            readOnlyRootFilesystem: true
92
        {{- end }}
93
          resources:
94
{{- if $gateway.resources }}
95
{{ toYaml $gateway.resources | indent 12 }}
96
{{- else }}
97
{{ toYaml .Values.global.defaultResources | indent 12 }}
98
{{- end }}
99
          env:
100
          {{- if not $gateway.runAsRoot }}
101
          - name: ISTIO_META_UNPRIVILEGED_POD
102
            value: "true"
103
          {{- end }}
104
          {{- range $key, $val := $gateway.env }}
105
          - name: {{ $key }}
106
            value: {{ $val | quote }}
107
          {{- end }}
108
          volumeMounts:
109
          {{- range $gateway.secretVolumes }}
110
          - name: {{ .name }}
111
            mountPath: {{ .mountPath | quote }}
112
            readOnly: true
113
          {{- end }}
114
          {{- range $gateway.configVolumes }}
115
          {{- if .mountPath }}
116
          - name: {{ .name }}
117
            mountPath: {{ .mountPath | quote }}
118
            readOnly: true
119
          {{- end }}
120
          {{- end }}
121
{{- if $gateway.additionalContainers }}
122
{{ toYaml $gateway.additionalContainers | indent 8 }}
123
{{- end }}
124
      volumes:
125
      {{- range $gateway.secretVolumes }}
126
      - name: {{ .name }}
127
        secret:
128
          secretName: {{ .secretName | quote }}
129
          optional: true
130
      {{- end }}
131
      {{- range $gateway.configVolumes }}
132
      - name: {{ .name }}
133
        configMap:
134
          name: {{ .configMapName | quote }}
135
          optional: true
136
      {{- end }}
137
      affinity:
138
{{ include "nodeaffinity" (dict "global" .Values.global "nodeSelector" $gateway.nodeSelector) | trim | indent 8 }}
139
      {{- include "podAntiAffinity" $gateway | indent 6 }}
140
{{- if $gateway.tolerations }}
141
      tolerations:
142
{{ toYaml $gateway.tolerations | indent 6 }}
143
{{- else if .Values.global.defaultTolerations }}
144
      tolerations:
145
{{ toYaml .Values.global.defaultTolerations | indent 6 }}
146
{{- end }}
147
{{- end }}
148
istio

Использование cookies
