1
{{- $gateway := index .Values "gateways" "istio-egressgateway" }}
2
{{- if ne $gateway.injectionTemplate "" }}
3
{{/* This provides a minimal gateway, ready to be injected.
4
Any settings from values.gateways should be here - these are options specific to the gateway.
5
Global settings, like the image, various env vars and volumes, etc will be injected.
6
The normal Deployment is not suitable for this, as the original pod spec will override the injection template. */}}
10
name: {{ $gateway.name | default "istio-egressgateway" }}
11
namespace: {{ .Release.Namespace }}
13
{{ $gateway.labels | toYaml | indent 4 }}
14
release: {{ .Release.Name }}
15
istio.io/rev: {{ .Values.revision | default "default" }}
16
install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
17
operator.istio.io/component: "EgressGateways"
19
{{- if not $gateway.autoscaleEnabled }}
20
{{- if $gateway.replicaCount }}
21
replicas: {{ $gateway.replicaCount }}
26
{{ $gateway.labels | toYaml | indent 6 }}
29
maxSurge: {{ $gateway.rollingMaxSurge }}
30
maxUnavailable: {{ $gateway.rollingMaxUnavailable }}
34
{{ $gateway.labels | toYaml | indent 8 }}
35
{{- if eq .Release.Namespace "istio-system"}}
40
install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }}
41
operator.istio.io/component: "EgressGateways"
42
sidecar.istio.io/inject: "true"
43
{{- with .Values.revision }}
47
{{- if .Values.meshConfig.enablePrometheusMerge }}
48
prometheus.io/port: "15020"
49
prometheus.io/scrape: "true"
50
prometheus.io/path: "/stats/prometheus"
52
sidecar.istio.io/inject: "true"
53
inject.istio.io/templates: "{{ $gateway.injectionTemplate }}"
54
{{- if $gateway.podAnnotations }}
55
{{ toYaml $gateway.podAnnotations | indent 8 }}
58
{{- if not $gateway.runAsRoot }}
60
{{- if not (eq .Values.global.platform "openshift") }}
66
serviceAccountName: {{ $gateway.name | default "istio-egressgateway" }}-service-account
67
{{- if .Values.global.priorityClassName }}
68
priorityClassName: "{{ .Values.global.priorityClassName }}"
73
{{- if .Values.global.imagePullPolicy }}
74
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
77
{{- range $key, $val := $gateway.ports }}
78
- containerPort: {{ $val.targetPort | default $val.port }}
79
protocol: {{ $val.protocol | default "TCP" }}
81
- containerPort: 15090
84
{{- if not $gateway.runAsRoot }}
86
allowPrivilegeEscalation: false
91
readOnlyRootFilesystem: true
94
{{- if $gateway.resources }}
95
{{ toYaml $gateway.resources | indent 12 }}
97
{{ toYaml .Values.global.defaultResources | indent 12 }}
100
{{- if not $gateway.runAsRoot }}
101
- name: ISTIO_META_UNPRIVILEGED_POD
104
{{- range $key, $val := $gateway.env }}
106
value: {{ $val | quote }}
109
{{- range $gateway.secretVolumes }}
111
mountPath: {{ .mountPath | quote }}
114
{{- range $gateway.configVolumes }}
117
mountPath: {{ .mountPath | quote }}
121
{{- if $gateway.additionalContainers }}
122
{{ toYaml $gateway.additionalContainers | indent 8 }}
125
{{- range $gateway.secretVolumes }}
128
secretName: {{ .secretName | quote }}
131
{{- range $gateway.configVolumes }}
134
name: {{ .configMapName | quote }}
138
{{ include "nodeaffinity" (dict "global" .Values.global "nodeSelector" $gateway.nodeSelector) | trim | indent 8 }}
139
{{- include "podAntiAffinity" $gateway | indent 6 }}
140
{{- if $gateway.tolerations }}
142
{{ toYaml $gateway.tolerations | indent 6 }}
143
{{- else if .Values.global.defaultTolerations }}
145
{{ toYaml .Values.global.defaultTolerations | indent 6 }}