# See the License for the specific language governing permissions and #
# limitations under the License. #
################################################################################
-
+{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
+{{- $topCtx := . }}
+{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
+{{- $secretPath := .Values.appmgr.appsecretpath | default "/opt/ric/secret" }}
apiVersion: apps/v1
kind: Deployment
metadata:
release: {{ .Release.Name }}
template:
metadata:
+ {{- if .Values.appmgr.annotations }}
+ annotations:
+ {{- .Values.appmgr.annotations | nindent 8 -}}
+ {{ end }}
labels:
app: {{ include "common.namespace.platform" . }}-{{ include "common.name.appmgr" . }}
release: {{ .Release.Name }}
serviceAccountName: {{ include "common.serviceaccountname.appmgr" . }}
imagePullSecrets:
- name: {{ include "common.repositoryCred" . }}
+{{- if or (eq ( include "common.tillerTLSVerify" $ctx ) "true" ) (eq ( include "common.tillerTLSAuthenticate" $ctx ) "true") }}
+ initContainers:
+ - name: {{ include "common.containername.appmgr" . }}-copy-tiller-secret
+ image: {{ include "common.repository" . }}/{{ .Values.appmgr.image.init.name }}:{{ .Values.appmgr.image.init.tag }}
+ imagePullPolicy: {{ default "IfNotPresent" .pullPolicy }}
+ env:
+ - name: SVCACCT_NAME
+ value: {{ include "common.serviceaccountname.appmgr" . }}
+ - name: CLUSTER_NAME
+ value: {{ default "kubernetes" .Values.global.clusterName }}
+ - name: KUBECONFIG
+ value: /tmp/kubeconfig
+ - name: K8S_API_HOST
+ value: "kubernetes.default.svc.{{ default "cluster.local" .Values.global.dnsDomain }}"
+ - name: SECRET_NAMESPACE
+ value: {{ include "common.tillerDeployNameSpace" $ctx }}
+ - name: SECRET_NAME
+ value: {{ include "common.tillerHelmClientTLSSecret" $ctx }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.configmapname.appmgr" . }}-env
+ command: ["/appmgr-tiller-secret-copier.sh"]
+ volumeMounts:
+ - name: helm-secret-volume
+ mountPath: {{ $secretPath }}
+ readOnly: false
+ - name: appmgr-bin-volume
+ mountPath: /svcacct-to-kubeconfig.sh
+ subPath: svcacct-to-kubeconfig.sh
+ - name: appmgr-bin-volume
+ mountPath: /appmgr-tiller-secret-copier.sh
+ subPath: appmgr-tiller-secret-copier.sh
+{{- end }}
containers:
- name: {{ include "common.containername.appmgr" . }}
image: {{ include "common.repository" . }}/{{ .Values.appmgr.image.name }}:{{ .Values.appmgr.image.tag }}
imagePullPolicy: {{ include "common.pullPolicy" . }}
ports:
- name: http
- containerPort: {{ .Values.appmgr.service.http.containerPort }}
+ containerPort: {{ include "common.serviceport.appmgr.http" . }}
protocol: TCP
- name: rmrroute
- containerPort: {{ .Values.appmgr.service.rmr.route.port }}
+ containerPort: {{ include "common.serviceport.appmgr.rmr.route" . }}
protocol: TCP
- name: rmrdata
- containerPort: {{ .Values.appmgr.service.rmr.data.port }}
+ containerPort: {{ include "common.serviceport.appmgr.rmr.data" . }}
protocol: TCP
volumeMounts:
- name: config-volume
mountPath: {{ .Values.appmgr.appconfigpath }}/appmgr.yaml
subPath: appmgr.yaml
- - name: secret-volume
- mountPath: {{ .Values.appmgr.appsecretpath }}
- name: cert-volume
mountPath: {{ .Values.appmgr.appcertpath }}
+ - name: helm-secret-volume
+ mountPath: {{ $secretPath }}
+ readOnly: false
+ - name: secret-volume
+ mountPath: {{ $secretPath }}/helm_repo_username
+ subPath: helm_repo_username
+ - name: secret-volume
+ mountPath: {{ $secretPath }}/helm_repo_password
+ subPath: helm_repo_password
envFrom:
- configMapRef:
name: {{ include "common.configmapname.appmgr" . }}-env
- name: config-volume
configMap:
name: {{ include "common.configmapname.appmgr" . }}-appconfig
+ - name: cert-volume
+ configMap:
+ name: {{ include "common.helmrepositorycert" . }}
- name: secret-volume
secret:
secretName: {{ include "common.helmrepositorycred" . }}
- - name: cert-volume
+ - name: helm-secret-volume
+ emptyDir: {}
+ - name: appmgr-bin-volume
configMap:
- name: {{ include "common.helmrepositorycert" . }}
+ name: {{ include "common.configmapname.appmgr" . }}-bin
+ defaultMode: 0755