--- /dev/null
+{{- if (and (.Values.ingressController.enabled) (not (eq .Values.env.database "off"))) }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: "{{ template "kong.fullname" . }}-controller"
+ labels:
+ app: "{{ template "kong.name" . }}"
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ component: "controller"
+spec:
+ replicas: {{ .Values.ingressController.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ template "kong.name" . }}
+ release: {{ .Release.Name }}
+ component: "controller"
+ template:
+ metadata:
+ {{- if .Values.podAnnotations }}
+ annotations:
+{{ toYaml .Values.podAnnotations | indent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "kong.name" . }}
+ release: {{ .Release.Name }}
+ component: "controller"
+ spec:
+ serviceAccountName: {{ template "kong.serviceAccountName" . }}
+ {{- if .Values.image.pullSecrets }}
+ imagePullSecrets:
+ {{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+ initContainers:
+ {{- include "kong.wait-for-db" . | nindent 6 }}
+ containers:
+ - name: admin-api
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: KONG_PROXY_LISTEN
+ value: 'off'
+ {{- if .Values.enterprise.enabled }}
+ {{- if .Values.enterprise.rbac.enabled }}
+ # TODO: uncomment this once we have a means of securely providing the
+ # controller its token using a secret.
+ #- name: KONG_ENFORCE_RBAC
+ # value: "on"
+ {{- end }}
+ # the controller admin API should not receive requests to create admins or developers
+ # never enable SMTP on it as such
+ {{- if .Values.enterprise.smtp.enabled }}
+ - name: KONG_SMTP_MOCK
+ value: "on"
+ {{- else }}
+ - name: KONG_SMTP_MOCK
+ value: "on"
+ {{- end }}
+ {{- include "kong.license" . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.admin.useTLS }}
+ - name: KONG_ADMIN_LISTEN
+ value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl"
+ {{- else }}
+ - name: KONG_ADMIN_LISTEN
+ value: 0.0.0.0:{{ .Values.admin.containerPort }}
+ {{- end }}
+ {{- if .Values.postgresql.enabled }}
+ - name: KONG_PG_HOST
+ value: {{ template "kong.postgresql.fullname" . }}
+ - name: KONG_PG_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "kong.postgresql.fullname" . }}
+ key: postgresql-password
+ {{- end }}
+ {{- if .Values.cassandra.enabled }}
+ - name: KONG_CASSANDRA_CONTACT_POINTS
+ value: {{ template "kong.cassandra.fullname" . }}
+ {{- end }}
+ {{- include "kong.env" . | indent 8 }}
+ ports:
+ - name: admin
+ containerPort: {{ .Values.admin.containerPort }}
+ protocol: TCP
+ readinessProbe:
+{{ toYaml .Values.readinessProbe | indent 10 }}
+ livenessProbe:
+{{ toYaml .Values.livenessProbe | indent 10 }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ {{- include "kong.controller-container" . | nindent 6 }}
+{{- end -}}