X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=helm%2Finfrastructure%2Fsubcharts%2Fkong%2Ftemplates%2Fdeployment.yaml;h=6e9bba8d3ba85e6851514ca3905c8e67247c354f;hb=refs%2Fchanges%2F69%2F12969%2F1;hp=9bcbab076b45229f3c9bf4c22da6428af8346a31;hpb=38dc857062b14145f5b9db89d10eba0ae5b90d11;p=ric-plt%2Fric-dep.git diff --git a/helm/infrastructure/subcharts/kong/templates/deployment.yaml b/helm/infrastructure/subcharts/kong/templates/deployment.yaml old mode 100755 new mode 100644 index 9bcbab0..6e9bba8 --- a/helm/infrastructure/subcharts/kong/templates/deployment.yaml +++ b/helm/infrastructure/subcharts/kong/templates/deployment.yaml @@ -1,43 +1,84 @@ +{{- if or .Values.deployment.kong.enabled .Values.ingressController.enabled }} apiVersion: apps/v1 +{{- if .Values.deployment.daemonset }} +kind: DaemonSet +{{- else }} kind: Deployment +{{- end }} metadata: - name: "{{ template "kong.fullname" . }}" + name: {{ template "kong.fullname" . }} + namespace: {{ template "kong.namespace" . }} labels: - app: "{{ template "kong.name" . }}" - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - component: app + {{- include "kong.metaLabels" . | nindent 4 }} + app.kubernetes.io/component: app + {{- if .Values.deploymentAnnotations }} + annotations: + {{- range $key, $value := .Values.deploymentAnnotations }} + {{ $key }}: {{ include "kong.renderTpl" (dict "value" $value "context" $) | quote }} + {{- end }} + {{- end }} spec: + {{- if not .Values.autoscaling.enabled }} + {{- if not .Values.deployment.daemonset }} replicas: {{ .Values.replicaCount }} + {{- end }} + {{- end }} selector: matchLabels: - app: {{ template "kong.name" . }} - release: {{ .Release.Name }} - component: app + {{- include "kong.selectorLabels" . | nindent 6 }} {{- if .Values.updateStrategy }} + {{- if .Values.deployment.daemonset }} + updateStrategy: + {{- else }} strategy: + {{- end }} {{ toYaml .Values.updateStrategy | indent 4 }} {{- end }} + {{- if .Values.deployment.minReadySeconds }} + minReadySeconds: {{ .Values.deployment.minReadySeconds }} + {{- end }} template: metadata: annotations: + {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} + kuma.io/service-account-token-volume: {{ template "kong.serviceAccountTokenName" . }} + {{- end }} {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off" )) }} {{- if .Values.dblessConfig.config }} checksum/dbless.config: {{ toYaml .Values.dblessConfig.config | sha256sum }} {{- end }} {{- end }} {{- if .Values.podAnnotations }} -{{ toYaml .Values.podAnnotations | indent 8 }} + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ include "kong.renderTpl" (dict "value" $value "context" $) | quote }} + {{- end }} {{- end }} labels: - app: {{ template "kong.name" . }} - release: {{ .Release.Name }} - component: app + {{- include "kong.metaLabels" . | nindent 8 }} + app.kubernetes.io/component: app + app: {{ template "kong.fullname" . }} + version: {{ .Chart.AppVersion | quote }} + {{- if .Values.podLabels }} + {{ include "kong.renderTpl" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} spec: - {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }} + {{- if .Values.deployment.hostname }} + hostname: {{ .Values.deployment.hostname }} + {{- end }} + {{- if .Values.deployment.hostNetwork }} + hostNetwork: true + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} serviceAccountName: {{ template "kong.serviceAccountName" . }} + {{- end }} + {{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }} + automountServiceAccountToken: true + {{- else }} + automountServiceAccountToken: false {{ end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: @@ -45,136 +86,78 @@ spec: - name: {{ . }} {{- end }} {{- end }} - {{- if not (eq .Values.env.database "off") }} + {{- if .Values.deployment.kong.enabled }} initContainers: - {{- include "kong.wait-for-db" . | nindent 6 }} - {{ end }} + - name: clear-stale-pid + image: {{ include "kong.getRepoTag" .Values.image }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{ toYaml .Values.containerSecurityContext | nindent 10 }} + resources: +{{ toYaml .Values.resources | indent 10 }} + command: + - "rm" + - "-vrf" + - "$KONG_PREFIX/pids" + env: + {{- include "kong.env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} + volumeMounts: + {{- include "kong.volumeMounts" . | nindent 8 }} + {{- if .Values.deployment.initContainers }} + {{- toYaml .Values.deployment.initContainers | nindent 6 }} + {{- end }} + {{- if (and (not (eq .Values.env.database "off")) .Values.waitImage.enabled) }} + {{- include "kong.wait-for-db" . | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.hostAliases }} + hostAliases: + {{- toYaml .Values.deployment.hostAliases | nindent 6 }} + {{- end}} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} containers: - {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }} + {{- if .Values.ingressController.enabled }} {{- include "kong.controller-container" . | nindent 6 }} {{ end }} - - name: {{ template "kong.name" . }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- if .Values.deployment.sidecarContainers }} + {{- toYaml .Values.deployment.sidecarContainers | nindent 6 }} + {{- end }} + {{- if .Values.deployment.kong.enabled }} + - name: "proxy" + image: {{ include "kong.getRepoTag" .Values.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{ toYaml .Values.containerSecurityContext | nindent 10 }} env: - {{- if not .Values.env.admin_listen }} - {{- if .Values.admin.useTLS }} - - name: KONG_ADMIN_LISTEN - value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl" - {{- else }} - - name: KONG_ADMIN_LISTEN - value: 0.0.0.0:{{ .Values.admin.containerPort }} - {{- end }} - {{- end }} - {{- if not .Values.env.proxy_listen }} - - name: KONG_PROXY_LISTEN - value: {{ template "kong.kongProxyListenValue" . }} - {{- end }} - {{- if and (not .Values.env.admin_gui_listen) (.Values.enterprise.enabled) }} - - name: KONG_ADMIN_GUI_LISTEN - value: {{ template "kong.kongManagerListenValue" . }} - {{- end }} - {{- if and (not .Values.env.portal_gui_listen) (.Values.enterprise.enabled) (.Values.enterprise.portal.enabled) }} - - name: KONG_PORTAL_GUI_LISTEN - value: {{ template "kong.kongPortalListenValue" . }} - {{- end }} - {{- if and (not .Values.env.portal_api_listen) (.Values.enterprise.enabled) (.Values.enterprise.portal.enabled) }} - - name: KONG_PORTAL_API_LISTEN - value: {{ template "kong.kongPortalApiListenValue" . }} - {{- end }} - - name: KONG_NGINX_DAEMON - value: "off" - {{- if .Values.enterprise.enabled }} - {{- if .Values.enterprise.vitals.enabled }} - - name: KONG_VITALS - value: "on" - {{- end }} - {{- if .Values.enterprise.portal.enabled }} - - name: KONG_PORTAL - value: "on" - {{- if .Values.enterprise.portal.portal_auth }} - - name: KONG_PORTAL_AUTH - value: {{ .Values.enterprise.portal.portal_auth }} - - name: KONG_PORTAL_SESSION_CONF - valueFrom: - secretKeyRef: - name: {{ .Values.enterprise.portal.session_conf_secret }} - key: portal_session_conf - {{- end }} - {{- end }} - {{- if .Values.enterprise.rbac.enabled }} - - name: KONG_ENFORCE_RBAC - value: "on" - - name: KONG_ADMIN_GUI_AUTH - value: {{ .Values.enterprise.rbac.admin_gui_auth | default "basic-auth" }} - - name: KONG_ADMIN_GUI_AUTH_CONF - value: '{{ toJson .Values.enterprise.rbac.admin_gui_auth_conf }}' - - name: KONG_ADMIN_GUI_SESSION_CONF - valueFrom: - secretKeyRef: - name: {{ .Values.enterprise.rbac.session_conf_secret }} - key: admin_gui_session_conf - {{- end }} - {{- if .Values.enterprise.smtp.enabled }} - - name: KONG_PORTAL_EMAILS_FROM - value: {{ .Values.enterprise.smtp.portal_emails_from }} - - name: KONG_PORTAL_EMAILS_REPLY_TO - value: {{ .Values.enterprise.smtp.portal_emails_reply_to }} - - name: KONG_ADMIN_EMAILS_FROM - value: {{ .Values.enterprise.smtp.admin_emails_from }} - - name: KONG_ADMIN_EMAILS_REPLY_TO - value: {{ .Values.enterprise.smtp.admin_emails_reply_to }} - - name: KONG_SMTP_HOST - value: {{ .Values.enterprise.smtp.smtp_host }} - - name: KONG_SMTP_PORT - value: {{ .Values.enterprise.smtp.smtp_port }} - - name: KONG_SMTP_STARTTLS - value: {{ .Values.enterprise.smtp.smtp_starttls }} - {{- if .Values.enterprise.smtp.auth.smtp_username }} - - name: KONG_SMTP_USERNAME - value: {{ .Values.enterprise.smtp.auth.smtp_username }} - - name: KONG_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.enterprise.smtp.auth.smtp_password }} - key: smtp_password - {{- end }} - {{- else }} - - name: KONG_SMTP_MOCK - value: "on" - {{- end }} - {{- include "kong.license" . | nindent 8 }} - {{- end }} - - name: KONG_NGINX_HTTP_INCLUDE - value: /kong/servers.conf - {{- if .Values.postgresql.enabled }} - - name: KONG_PG_HOST - value: {{ template "kong.postgresql.fullname" . }} - - name: KONG_PG_PORT - value: "{{ .Values.postgresql.service.port }}" - - name: KONG_PG_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "kong.postgresql.fullname" . }} - key: postgresql-password - {{- end }} - {{- if .Values.cassandra.enabled }} - - name: KONG_CASSANDRA_CONTACT_POINTS - value: {{ template "kong.cassandra.fullname" . }} - {{- end }} - {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }} - - name: KONG_DECLARATIVE_CONFIG - value: "/kong_dbless/kong.yml" - {{- end }} - {{- include "kong.env" . | indent 8 }} + {{- include "kong.no_daemon_env" . | nindent 8 }} + {{- include "kong.envFrom" .Values.envFrom | nindent 8 }} + lifecycle: + {{- toYaml .Values.lifecycle | nindent 10 }} ports: + {{- if (and .Values.admin.http.enabled .Values.admin.enabled) }} - name: admin - containerPort: {{ .Values.admin.containerPort }} - {{- if .Values.admin.hostPort }} - hostPort: {{ .Values.admin.hostPort }} + containerPort: {{ .Values.admin.http.containerPort }} + {{- if .Values.admin.http.hostPort }} + hostPort: {{ .Values.admin.http.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- if (and .Values.admin.tls.enabled .Values.admin.enabled) }} + - name: admin-tls + containerPort: {{ .Values.admin.tls.containerPort }} + {{- if .Values.admin.tls.hostPort }} + hostPort: {{ .Values.admin.tls.hostPort }} {{- end}} protocol: TCP - {{- if .Values.proxy.http.enabled }} + {{- end }} + {{- if (and .Values.proxy.http.enabled .Values.proxy.enabled) }} - name: proxy containerPort: {{ .Values.proxy.http.containerPort }} {{- if .Values.proxy.http.hostPort }} @@ -182,7 +165,7 @@ spec: {{- end}} protocol: TCP {{- end }} - {{- if .Values.proxy.tls.enabled }} + {{- if (and .Values.proxy.tls.enabled .Values.proxy.enabled)}} - name: proxy-tls containerPort: {{ .Values.proxy.tls.containerPort }} {{- if .Values.proxy.tls.hostPort }} @@ -190,11 +173,48 @@ spec: {{- end}} protocol: TCP {{- end }} - - name: metrics - containerPort: 9542 + {{- range .Values.proxy.stream }} + - name: stream{{ if (eq (default "TCP" .protocol) "UDP") }}udp{{ end }}-{{ .containerPort }} + containerPort: {{ .containerPort }} + {{- if .hostPort }} + hostPort: {{ .hostPort }} + {{- end}} + protocol: {{ .protocol }} + {{- end }} + {{- range .Values.udpProxy.stream }} + - name: streamudp-{{ .containerPort }} + containerPort: {{ .containerPort }} + {{- if .hostPort }} + hostPort: {{ .hostPort }} + {{- end}} + protocol: {{ .protocol }} + {{- end }} + {{- if (and .Values.status.http.enabled .Values.status.enabled)}} + - name: status + containerPort: {{ .Values.status.http.containerPort }} + {{- if .Values.status.http.hostPort }} + hostPort: {{ .Values.status.http.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- if (and .Values.status.tls.enabled .Values.status.enabled) }} + - name: status-tls + containerPort: {{ .Values.status.tls.containerPort }} + {{- if .Values.status.tls.hostPort }} + hostPort: {{ .Values.status.tls.hostPort }} + {{- end}} + protocol: TCP + {{- end }} + {{- if (and .Values.cluster.tls.enabled .Values.cluster.enabled) }} + - name: cluster-tls + containerPort: {{ .Values.cluster.tls.containerPort }} + {{- if .Values.cluster.tls.hostPort }} + hostPort: {{ .Values.cluster.tls.hostPort }} + {{- end}} protocol: TCP + {{- end }} {{- if .Values.enterprise.enabled }} - {{- if .Values.manager.http.enabled }} + {{- if (and .Values.manager.http.enabled .Values.manager.enabled) }} - name: manager containerPort: {{ .Values.manager.http.containerPort }} {{- if .Values.manager.http.hostPort }} @@ -202,7 +222,7 @@ spec: {{- end}} protocol: TCP {{- end }} - {{- if .Values.manager.tls.enabled }} + {{- if (and .Values.manager.tls.enabled .Values.manager.enabled) }} - name: manager-tls containerPort: {{ .Values.manager.tls.containerPort }} {{- if .Values.manager.tls.hostPort }} @@ -210,7 +230,7 @@ spec: {{- end}} protocol: TCP {{- end }} - {{- if .Values.portal.http.enabled }} + {{- if (and .Values.portal.http.enabled .Values.portal.enabled) }} - name: portal containerPort: {{ .Values.portal.http.containerPort }} {{- if .Values.portal.http.hostPort }} @@ -218,7 +238,7 @@ spec: {{- end}} protocol: TCP {{- end }} - {{- if .Values.portal.tls.enabled }} + {{- if (and .Values.portal.tls.enabled .Values.portal.enabled) }} - name: portal-tls containerPort: {{ .Values.portal.tls.containerPort }} {{- if .Values.portal.tls.hostPort }} @@ -226,7 +246,7 @@ spec: {{- end}} protocol: TCP {{- end }} - {{- if .Values.portalapi.http.enabled }} + {{- if (and .Values.portalapi.http.enabled .Values.portalapi.enabled) }} - name: portalapi containerPort: {{ .Values.portalapi.http.containerPort }} {{- if .Values.portalapi.http.hostPort }} @@ -234,7 +254,7 @@ spec: {{- end}} protocol: TCP {{- end }} - {{- if .Values.portalapi.tls.enabled }} + {{- if (and .Values.portalapi.tls.enabled .Values.portalapi.enabled) }} - name: portalapi-tls containerPort: {{ .Values.portalapi.tls.containerPort }} {{- if .Values.portalapi.tls.hostPort }} @@ -242,40 +262,49 @@ spec: {{- end}} protocol: TCP {{- end }} + {{- if (and .Values.clustertelemetry.tls.enabled .Values.clustertelemetry.enabled) }} + - name: clustert-tls + containerPort: {{ .Values.clustertelemetry.tls.containerPort }} + {{- if .Values.clustertelemetry.tls.hostPort }} + hostPort: {{ .Values.clustertelemetry.tls.hostPort }} + {{- end}} + protocol: TCP + {{- end }} {{- end }} volumeMounts: - - name: custom-nginx-template-volume - mountPath: /kong - {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }} - - name: kong-custom-dbless-config-volume - mountPath: /kong_dbless/ - {{- end }} + {{- include "kong.volumeMounts" . | nindent 10 }} + {{- include "kong.userDefinedVolumeMounts" .Values.deployment | nindent 10 }} readinessProbe: -{{ toYaml .Values.readinessProbe | indent 10 }} +{{ include "kong.proxy.compatibleReadiness" . | indent 10 }} livenessProbe: {{ toYaml .Values.livenessProbe | indent 10 }} + {{- if .Values.startupProbe }} + startupProbe: +{{ toYaml .Values.startupProbe | indent 10 }} + {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} + {{- end }} {{/* End of Kong container spec */}} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{ toYaml .Values.topologySpreadConstraints | indent 8 }} + {{- end }} + securityContext: + {{- include "kong.podsecuritycontext" . | nindent 8 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} + {{- end }} volumes: - - name: custom-nginx-template-volume - configMap: - name: {{ template "kong.fullname" . }}-default-custom-server-blocks -{{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }} - - name: kong-custom-dbless-config-volume - configMap: - {{- if .Values.dblessConfig.configMap }} - name: {{ .Values.dblessConfig.configMap }} - {{- else }} - name: {{ template "kong.dblessConfig.fullname" . }} - {{- end }} + {{- include "kong.volumes" . | nindent 8 -}} + {{- include "kong.userDefinedVolumes" . | nindent 8 -}} {{- end }}