beppe/cicdTest
1
0
Fork 0
mirror of https://github.com/bvanroll/cicdTest.git synced 2025-08-29 12:02:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

helm consul toegevoegd ma nie als submodule?

Browse Source
This commit is contained in:
Beppe Vanrolleghem
2020-03-09 12:27:10 +01:00
parent 31368e50b2
commit 3432492589
157 changed files with 14508 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
consul-helm/templates/sync-catalog-deployment.yaml Normal file
View File

@@ -0,0 +1,185 @@
# The deployment for running the sync-catalog pod
{{- if (or (and (ne (.Values.syncCatalog.enabled | toString) "-") .Values.syncCatalog.enabled) (and (eq (.Values.syncCatalog.enabled | toString) "-") .Values.global.enabled)) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "consul.fullname" . }}-sync-catalog
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: sync-catalog
template:
metadata:
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
release: {{ .Release.Name }}
component: sync-catalog
annotations:
"consul.hashicorp.com/connect-inject": "false"
spec:
serviceAccountName: {{ template "consul.fullname" . }}-sync-catalog
{{- if .Values.global.tls.enabled }}
volumes:
- name: consul-ca-cert
secret:
{{- if .Values.global.tls.caCert.secretName }}
secretName: {{ .Values.global.tls.caCert.secretName }}
{{- else }}
secretName: {{ template "consul.fullname" . }}-ca-cert
{{- end }}
items:
- key: {{ default "tls.crt" .Values.global.tls.caCert.secretKey }}
path: tls.crt
{{- end }}
containers:
- name: consul-sync-catalog
image: "{{ default .Values.global.imageK8S .Values.syncCatalog.image }}"
env:
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if (and .Values.syncCatalog.aclSyncToken.secretName .Values.syncCatalog.aclSyncToken.secretKey) }}
- name: CONSUL_HTTP_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.syncCatalog.aclSyncToken.secretName }}
key: {{ .Values.syncCatalog.aclSyncToken.secretKey }}
{{- end }}
{{- if .Values.global.bootstrapACLs }}
- name: CONSUL_HTTP_TOKEN
valueFrom:
secretKeyRef:
name: "{{ template "consul.fullname" . }}-catalog-sync-acl-token"
key: "token"
{{- end}}
{{- if .Values.global.tls.enabled }}
- name: CONSUL_HTTP_ADDR
value: https://$(HOST_IP):8501
- name: CONSUL_CACERT
value: /consul/tls/ca/tls.crt
{{- else }}
- name: CONSUL_HTTP_ADDR
value: http://$(HOST_IP):8500
{{- end }}
{{- if .Values.global.tls.enabled }}
volumeMounts:
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
{{- end }}
command:
- "/bin/sh"
- "-ec"
- |
consul-k8s sync-catalog \
-k8s-default-sync={{ .Values.syncCatalog.default }} \
{{- if (not .Values.syncCatalog.toConsul) }}
-to-consul=false \
{{- end }}
{{- if (not .Values.syncCatalog.toK8S) }}
-to-k8s=false \
{{- end }}
-consul-domain={{ .Values.global.domain }} \
{{- if .Values.syncCatalog.k8sPrefix }}
-k8s-service-prefix="{{ .Values.syncCatalog.k8sPrefix}}" \
{{- end }}
{{- if .Values.syncCatalog.k8sSourceNamespace }}
-k8s-source-namespace="{{ .Values.syncCatalog.k8sSourceNamespace}}" \
{{- end }}
{{- range $value := .Values.syncCatalog.k8sAllowNamespaces }}
-allow-k8s-namespace="{{ $value }}" \
{{- end }}
{{- range $value := .Values.syncCatalog.k8sDenyNamespaces }}
-deny-k8s-namespace="{{ $value }}" \
{{- end }}
-k8s-write-namespace=${NAMESPACE} \
{{- if (not .Values.syncCatalog.syncClusterIPServices) }}
-sync-clusterip-services=false \
{{- end }}
{{- if .Values.syncCatalog.nodePortSyncType }}
-node-port-sync-type={{ .Values.syncCatalog.nodePortSyncType }} \
{{- end }}
{{- if .Values.syncCatalog.consulWriteInterval }}
-consul-write-interval={{ .Values.syncCatalog.consulWriteInterval }} \
{{- end }}
{{- if .Values.syncCatalog.logLevel }}
-log-level={{ .Values.syncCatalog.logLevel }} \
{{- end }}
{{- if .Values.syncCatalog.k8sTag }}
-consul-k8s-tag={{ .Values.syncCatalog.k8sTag }} \
{{- end }}
{{- if .Values.syncCatalog.consulPrefix}}
-consul-service-prefix="{{ .Values.syncCatalog.consulPrefix}}" \
{{- end}}
{{- if .Values.syncCatalog.addK8SNamespaceSuffix}}
-add-k8s-namespace-suffix \
{{- end}}
{{- if .Values.global.enableConsulNamespaces }}
-enable-namespaces=true \
{{- if .Values.syncCatalog.consulNamespaces.consulDestinationNamespace }}
-consul-destination-namespace={{ .Values.syncCatalog.consulNamespaces.consulDestinationNamespace }} \
{{- end }}
{{- if .Values.syncCatalog.consulNamespaces.mirroringK8S }}
-enable-k8s-namespace-mirroring=true \
{{- if .Values.syncCatalog.consulNamespaces.mirroringK8SPrefix }}
-k8s-namespace-mirroring-prefix={{ .Values.syncCatalog.consulNamespaces.mirroringK8SPrefix }} \
{{- end }}
{{- end }}
{{- if .Values.global.bootstrapACLs }}
-consul-cross-namespace-acl-policy=cross-namespace-policy \
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: /health/ready
port: 8080
scheme: HTTP
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /health/ready
port: 8080
scheme: HTTP
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
{{- if .Values.global.bootstrapACLs }}
initContainers:
- name: sync-acl-init
image: {{ .Values.global.imageK8S }}
command:
- "/bin/sh"
- "-ec"
- |
consul-k8s acl-init \
-secret-name="{{ template "consul.fullname" . }}-catalog-sync-acl-token" \
-k8s-namespace={{ .Release.Namespace }} \
-init-type="sync"
{{- end }}
{{- if .Values.syncCatalog.nodeSelector }}
nodeSelector:
{{ tpl .Values.syncCatalog.nodeSelector . | indent 8 | trim }}
{{- end }}
{{- end }}