X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=helm%2Finfrastructure%2Fsubcharts%2Fkong%2Ftemplates%2Fdeployment.yaml;h=de07aa738c4ce88f9acf193ee218bbb757ba82d2;hb=7a43fbd4642448783aaf708d07ca883bf9bc5afd;hp=9bcbab076b45229f3c9bf4c22da6428af8346a31;hpb=282e7af25ec053ae6d1c5a399c91c2c323f705cd;p=ric-plt%2Fric-dep.git

diff --git a/helm/infrastructure/subcharts/kong/templates/deployment.yaml b/helm/infrastructure/subcharts/kong/templates/deployment.yaml
index 9bcbab0..de07aa7 100755
--- a/helm/infrastructure/subcharts/kong/templates/deployment.yaml
+++ b/helm/infrastructure/subcharts/kong/templates/deployment.yaml
@@ -1,20 +1,15 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: "{{ template "kong.fullname" . }}"
+  name: {{ template "kong.fullname" . }}
   labels:
-    app: "{{ template "kong.name" . }}"
-    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    release: "{{ .Release.Name }}"
-    heritage: "{{ .Release.Service }}"
-    component: app
+    {{- include "kong.metaLabels" . | nindent 4 }}
+    app.kubernetes.io/component: app
 spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      app: {{ template "kong.name" . }}
-      release: {{ .Release.Name }}
-      component: app
+      {{- include "kong.selectorLabels" . | nindent 6 }}
   {{- if .Values.updateStrategy }}
   strategy:
 {{ toYaml .Values.updateStrategy | indent 4 }}
@@ -23,6 +18,9 @@ spec:
   template:
     metadata:
       annotations:
+        {{- if .Values.ingressController.admissionWebhook.enabled }}
+        checksum/admission-webhook.yaml: {{ include (print $.Template.BasePath "/admission-webhook.yaml") . | sha256sum }}
+        {{- end }}
         {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off" )) }}
         {{- if .Values.dblessConfig.config }}
         checksum/dbless.config: {{ toYaml .Values.dblessConfig.config | sha256sum }}
@@ -32,11 +30,10 @@ spec:
 {{ toYaml .Values.podAnnotations | indent 8 }}
         {{- end }}
       labels:
-        app: {{ template "kong.name" . }}
-        release: {{ .Release.Name }}
-        component: app
+        {{- include "kong.metaLabels" . | nindent 8 }}
+        app.kubernetes.io/component: app
     spec:
-      {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+      {{- if or .Values.ingressController.enabled .Values.podSecurityPolicy.enabled }}
       serviceAccountName: {{ template "kong.serviceAccountName" . }}
       {{ end }}
       {{- if .Values.image.pullSecrets }}
@@ -50,123 +47,18 @@ spec:
       {{- include "kong.wait-for-db" . | nindent 6 }}
       {{ end }}
       containers:
-      {{- if (and (.Values.ingressController.enabled) (eq .Values.env.database "off")) }}
+      {{- if .Values.ingressController.enabled }}
       {{- include "kong.controller-container" . | nindent 6 }}
       {{ end }}
-      - name: {{ template "kong.name" . }}
+      - name: "proxy"
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         env:
-        {{- if not .Values.env.admin_listen }}
-        {{- if .Values.admin.useTLS }}
-        - name: KONG_ADMIN_LISTEN
-          value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl"
-        {{- else }}
-        - name: KONG_ADMIN_LISTEN
-          value: 0.0.0.0:{{ .Values.admin.containerPort }}
-        {{- end }}
-        {{- end }}
-        {{- if not .Values.env.proxy_listen }}
-        - name: KONG_PROXY_LISTEN
-          value: {{ template "kong.kongProxyListenValue" . }}
-        {{- end }}
-        {{- if and (not .Values.env.admin_gui_listen) (.Values.enterprise.enabled) }}
-        - name: KONG_ADMIN_GUI_LISTEN
-          value: {{ template "kong.kongManagerListenValue" . }}
-        {{- end }}
-        {{- if and (not .Values.env.portal_gui_listen) (.Values.enterprise.enabled) (.Values.enterprise.portal.enabled) }}
-        - name: KONG_PORTAL_GUI_LISTEN
-          value: {{ template "kong.kongPortalListenValue" . }}
-        {{- end }}
-        {{- if and (not .Values.env.portal_api_listen) (.Values.enterprise.enabled) (.Values.enterprise.portal.enabled) }}
-        - name: KONG_PORTAL_API_LISTEN
-          value: {{ template "kong.kongPortalApiListenValue" . }}
-        {{- end }}
-        - name: KONG_NGINX_DAEMON
-          value: "off"
-        {{- if .Values.enterprise.enabled }}
-        {{- if .Values.enterprise.vitals.enabled }}
-        - name: KONG_VITALS
-          value: "on"
-        {{- end }}
-        {{- if .Values.enterprise.portal.enabled }}
-        - name: KONG_PORTAL
-          value: "on"
-        {{- if .Values.enterprise.portal.portal_auth }}
-        - name: KONG_PORTAL_AUTH
-          value: {{ .Values.enterprise.portal.portal_auth }}
-        - name: KONG_PORTAL_SESSION_CONF
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Values.enterprise.portal.session_conf_secret }}
-              key: portal_session_conf
-        {{- end }}
-        {{- end }}
-        {{- if .Values.enterprise.rbac.enabled }}
-        - name: KONG_ENFORCE_RBAC
-          value: "on"
-        - name: KONG_ADMIN_GUI_AUTH
-          value: {{ .Values.enterprise.rbac.admin_gui_auth | default "basic-auth" }}
-        - name: KONG_ADMIN_GUI_AUTH_CONF
-          value: '{{ toJson .Values.enterprise.rbac.admin_gui_auth_conf }}'
-        - name: KONG_ADMIN_GUI_SESSION_CONF
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Values.enterprise.rbac.session_conf_secret }}
-              key: admin_gui_session_conf
-        {{- end }}
-        {{- if .Values.enterprise.smtp.enabled }}
-        - name: KONG_PORTAL_EMAILS_FROM
-          value: {{ .Values.enterprise.smtp.portal_emails_from }}
-        - name: KONG_PORTAL_EMAILS_REPLY_TO
-          value: {{ .Values.enterprise.smtp.portal_emails_reply_to }}
-        - name: KONG_ADMIN_EMAILS_FROM
-          value: {{ .Values.enterprise.smtp.admin_emails_from }}
-        - name: KONG_ADMIN_EMAILS_REPLY_TO
-          value: {{ .Values.enterprise.smtp.admin_emails_reply_to }}
-        - name: KONG_SMTP_HOST
-          value: {{ .Values.enterprise.smtp.smtp_host }}
-        - name: KONG_SMTP_PORT
-          value: {{ .Values.enterprise.smtp.smtp_port }}
-        - name: KONG_SMTP_STARTTLS
-          value: {{ .Values.enterprise.smtp.smtp_starttls }}
-        {{- if .Values.enterprise.smtp.auth.smtp_username }}
-        - name: KONG_SMTP_USERNAME
-          value: {{ .Values.enterprise.smtp.auth.smtp_username }}
-        - name: KONG_SMTP_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Values.enterprise.smtp.auth.smtp_password }}
-              key: smtp_password
-        {{- end }}
-        {{- else }}
-        - name: KONG_SMTP_MOCK
-          value: "on"
-        {{- end }}
-        {{- include "kong.license" . | nindent 8 }}
-        {{- end }}
-        - name: KONG_NGINX_HTTP_INCLUDE
-          value: /kong/servers.conf
-        {{- if .Values.postgresql.enabled }}
-        - name: KONG_PG_HOST
-          value: {{ template "kong.postgresql.fullname" . }}
-        - name: KONG_PG_PORT
-          value: "{{ .Values.postgresql.service.port }}"
-        - name: KONG_PG_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ template "kong.postgresql.fullname" . }}
-              key: postgresql-password
-        {{- end }}
-        {{- if .Values.cassandra.enabled }}
-        - name: KONG_CASSANDRA_CONTACT_POINTS
-          value: {{ template "kong.cassandra.fullname" . }}
-        {{- end }}
-        {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
-        - name: KONG_DECLARATIVE_CONFIG
-          value: "/kong_dbless/kong.yml"
-        {{- end }}
-        {{- include "kong.env" .  | indent 8 }}
+        {{- include "kong.final_env" . | nindent 8 }}
+        lifecycle:
+          preStop:
+            exec:
+              command: [ "/bin/sh", "-c", "kong quit" ]
         ports:
         - name: admin
           containerPort: {{ .Values.admin.containerPort }}
@@ -193,6 +85,11 @@ spec:
         - name: metrics
           containerPort: 9542
           protocol: TCP
+        {{- if .Values.ingressController.admissionWebhook.enabled }}
+        - name: webhook
+          containerPort: {{ .Values.ingressController.admissionWebhook.port }}
+          protocol: TCP
+        {{- end }}
         {{- if .Values.enterprise.enabled }}
         {{- if .Values.manager.http.enabled }}
         - name: manager
@@ -244,12 +141,7 @@ spec:
         {{- end }}
         {{- end }}
         volumeMounts:
-          - name: custom-nginx-template-volume
-            mountPath: /kong
-          {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
-          - name: kong-custom-dbless-config-volume
-            mountPath: /kong_dbless/
-          {{- end }}
+        {{- include "kong.volumeMounts" . | nindent 10 }}
         readinessProbe:
 {{ toYaml .Values.readinessProbe | indent 10 }}
         livenessProbe:
@@ -260,6 +152,8 @@ spec:
       affinity:
 {{ toYaml .Values.affinity | indent 8 }}
     {{- end }}
+      securityContext:
+      {{- include "kong.podsecuritycontext" . | nindent 8 }}
     {{- if .Values.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.nodeSelector | indent 8 }}
@@ -267,15 +161,4 @@ spec:
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
       volumes:
-        - name: custom-nginx-template-volume
-          configMap:
-            name: {{ template "kong.fullname" . }}-default-custom-server-blocks
-{{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off")) }}
-        - name: kong-custom-dbless-config-volume
-          configMap:
-            {{- if .Values.dblessConfig.configMap }}
-            name: {{ .Values.dblessConfig.configMap }}
-            {{- else }}
-            name: {{ template "kong.dblessConfig.fullname" . }}
-            {{- end }}
-{{- end }}
+      {{- include "kong.volumes" . | nindent 8 -}}