+++ /dev/null
-{{- if (and (.Values.ingressController.enabled) (not (eq .Values.env.database "off"))) }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: "{{ template "kong.fullname" . }}-controller"
- labels:
- app: "{{ template "kong.name" . }}"
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- component: "controller"
-spec:
- replicas: {{ .Values.ingressController.replicaCount }}
- selector:
- matchLabels:
- app: {{ template "kong.name" . }}
- release: {{ .Release.Name }}
- component: "controller"
- template:
- metadata:
- {{- if .Values.podAnnotations }}
- annotations:
-{{ toYaml .Values.podAnnotations | indent 8 }}
- {{- end }}
- labels:
- app: {{ template "kong.name" . }}
- release: {{ .Release.Name }}
- component: "controller"
- spec:
- serviceAccountName: {{ template "kong.serviceAccountName" . }}
- {{- if .Values.image.pullSecrets }}
- imagePullSecrets:
- {{- range .Values.image.pullSecrets }}
- - name: {{ . }}
- {{- end }}
- {{- end }}
- initContainers:
- {{- include "kong.wait-for-db" . | nindent 6 }}
- containers:
- - name: admin-api
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- env:
- - name: KONG_PROXY_LISTEN
- value: 'off'
- {{- if .Values.enterprise.enabled }}
- {{- if .Values.enterprise.rbac.enabled }}
- # TODO: uncomment this once we have a means of securely providing the
- # controller its token using a secret.
- #- name: KONG_ENFORCE_RBAC
- # value: "on"
- {{- end }}
- # the controller admin API should not receive requests to create admins or developers
- # never enable SMTP on it as such
- {{- if .Values.enterprise.smtp.enabled }}
- - name: KONG_SMTP_MOCK
- value: "on"
- {{- else }}
- - name: KONG_SMTP_MOCK
- value: "on"
- {{- end }}
- {{- include "kong.license" . | nindent 8 }}
- {{- end }}
- {{- if .Values.admin.useTLS }}
- - name: KONG_ADMIN_LISTEN
- value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl"
- {{- else }}
- - name: KONG_ADMIN_LISTEN
- value: 0.0.0.0:{{ .Values.admin.containerPort }}
- {{- end }}
- {{- if .Values.postgresql.enabled }}
- - name: KONG_PG_HOST
- value: {{ template "kong.postgresql.fullname" . }}
- - name: KONG_PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "kong.postgresql.fullname" . }}
- key: postgresql-password
- {{- end }}
- {{- if .Values.cassandra.enabled }}
- - name: KONG_CASSANDRA_CONTACT_POINTS
- value: {{ template "kong.cassandra.fullname" . }}
- {{- end }}
- {{- include "kong.env" . | indent 8 }}
- ports:
- - name: admin
- containerPort: {{ .Values.admin.containerPort }}
- protocol: TCP
- readinessProbe:
-{{ toYaml .Values.readinessProbe | indent 10 }}
- livenessProbe:
-{{ toYaml .Values.livenessProbe | indent 10 }}
- resources:
-{{ toYaml .Values.resources | indent 10 }}
- {{- include "kong.controller-container" . | nindent 6 }}
-{{- end -}}