mirror of
https://github.com/bvanroll/cicdTest.git
synced 2025-08-29 20:12:43 +00:00
NO MORE GIT SUBMODULE
This commit is contained in:
204
consul-helm/templates/mesh-gateway-deployment.yaml
Normal file
204
consul-helm/templates/mesh-gateway-deployment.yaml
Normal file
@@ -0,0 +1,204 @@
|
||||
{{- if .Values.meshGateway.enabled }}
|
||||
{{- if not .Values.connectInject.enabled }}{{ fail "connectInject.enabled must be true" }}{{ end -}}
|
||||
{{- if not .Values.client.grpc }}{{ fail "client.grpc must be true" }}{{ end -}}
|
||||
{{- /* The below test checks if clients are disabled (and if so, fails). We use the conditional from other client files and prepend 'not' */ -}}
|
||||
{{- if not (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }}{{ fail "clients must be enabled" }}{{ end -}}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "consul.fullname" . }}-mesh-gateway
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app: {{ template "consul.name" . }}
|
||||
chart: {{ template "consul.chart" . }}
|
||||
heritage: {{ .Release.Service }}
|
||||
release: {{ .Release.Name }}
|
||||
component: mesh-gateway
|
||||
spec:
|
||||
replicas: {{ .Values.meshGateway.replicas }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "consul.name" . }}
|
||||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: mesh-gateway
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "consul.name" . }}
|
||||
chart: {{ template "consul.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
component: mesh-gateway
|
||||
annotations:
|
||||
"consul.hashicorp.com/connect-inject": "false"
|
||||
{{- if .Values.meshGateway.annotations }}
|
||||
{{- tpl .Values.meshGateway.annotations . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if .Values.meshGateway.affinity }}
|
||||
affinity:
|
||||
{{ tpl .Values.meshGateway.affinity . | nindent 8 | trim }}
|
||||
{{- end }}
|
||||
{{- if .Values.meshGateway.tolerations }}
|
||||
tolerations:
|
||||
{{ tpl .Values.meshGateway.tolerations . | nindent 8 | trim }}
|
||||
{{- end }}
|
||||
terminationGracePeriodSeconds: 10
|
||||
serviceAccountName: {{ template "consul.fullname" . }}-mesh-gateway
|
||||
volumes:
|
||||
- name: consul-bin
|
||||
emptyDir: {}
|
||||
{{- if .Values.global.tls.enabled }}
|
||||
- name: consul-ca-cert
|
||||
secret:
|
||||
{{- if .Values.global.tls.caCert.secretName }}
|
||||
secretName: {{ .Values.global.tls.caCert.secretName }}
|
||||
{{- else }}
|
||||
secretName: {{ template "consul.fullname" . }}-ca-cert
|
||||
{{- end }}
|
||||
items:
|
||||
- key: {{ default "tls.crt" .Values.global.tls.caCert.secretKey }}
|
||||
path: tls.crt
|
||||
{{- end }}
|
||||
{{- if .Values.meshGateway.hostNetwork }}
|
||||
hostNetwork: {{ .Values.meshGateway.hostNetwork }}
|
||||
{{- end }}
|
||||
{{- if .Values.meshGateway.dnsPolicy }}
|
||||
dnsPolicy: {{ .Values.meshGateway.dnsPolicy }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
# We use the Envoy image as our base image so we use an init container to
|
||||
# copy the Consul binary to a shared directory that can be used when
|
||||
# starting Envoy.
|
||||
- name: copy-consul-bin
|
||||
image: {{ .Values.global.image | quote }}
|
||||
command:
|
||||
- cp
|
||||
- /bin/consul
|
||||
- /consul-bin/consul
|
||||
volumeMounts:
|
||||
- name: consul-bin
|
||||
mountPath: /consul-bin
|
||||
{{- if .Values.global.bootstrapACLs }}
|
||||
# Wait for secret containing acl token to be ready.
|
||||
# Doesn't do anything with it but when the main container starts we
|
||||
# know that it's been created.
|
||||
- name: mesh-gateway-acl-init
|
||||
image: {{ .Values.global.imageK8S }}
|
||||
command:
|
||||
- "/bin/sh"
|
||||
- "-ec"
|
||||
- |
|
||||
consul-k8s acl-init \
|
||||
-secret-name="{{ template "consul.fullname" . }}-mesh-gateway-acl-token" \
|
||||
-k8s-namespace={{ .Release.Namespace }} \
|
||||
-init-type="sync"
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: mesh-gateway
|
||||
image: {{ .Values.meshGateway.imageEnvoy | quote }}
|
||||
{{- if .Values.meshGateway.resources }}
|
||||
resources:
|
||||
{{ tpl .Values.meshGateway.resources . | nindent 12 | trim }}
|
||||
{{- end }}
|
||||
volumeMounts:
|
||||
- name: consul-bin
|
||||
mountPath: /consul-bin
|
||||
{{- if .Values.global.tls.enabled }}
|
||||
- name: consul-ca-cert
|
||||
mountPath: /consul/tls/ca
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
env:
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
{{- if .Values.meshGateway.wanAddress.useNodeName }}
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
{{- end }}
|
||||
{{- if .Values.global.bootstrapACLs }}
|
||||
- name: CONSUL_HTTP_TOKEN
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: "{{ template "consul.fullname" . }}-mesh-gateway-acl-token"
|
||||
key: "token"
|
||||
{{- end}}
|
||||
{{- if .Values.global.tls.enabled }}
|
||||
- name: CONSUL_HTTP_ADDR
|
||||
value: https://$(HOST_IP):8501
|
||||
- name: CONSUL_GRPC_ADDR
|
||||
value: https://$(HOST_IP):8502
|
||||
- name: CONSUL_CACERT
|
||||
value: /consul/tls/ca/tls.crt
|
||||
{{- else }}
|
||||
- name: CONSUL_HTTP_ADDR
|
||||
value: http://$(HOST_IP):8500
|
||||
- name: CONSUL_GRPC_ADDR
|
||||
value: $(HOST_IP):8502
|
||||
{{- end }}
|
||||
command:
|
||||
# /bin/sh -c is needed so we can use the pod-specific environment
|
||||
# variables.
|
||||
- "/bin/sh"
|
||||
- "-ec"
|
||||
- |
|
||||
exec /consul-bin/consul connect envoy \
|
||||
-mesh-gateway \
|
||||
-register \
|
||||
-address="${POD_IP}:{{ .Values.meshGateway.containerPort }}" \
|
||||
{{- if .Values.meshGateway.wanAddress.host }}
|
||||
-wan-address="{{ .Values.meshGateway.wanAddress.host }}:{{ .Values.meshGateway.wanAddress.port }}" \
|
||||
{{- else if .Values.meshGateway.wanAddress.useNodeName }}
|
||||
-wan-address="${NODE_NAME}:{{ .Values.meshGateway.wanAddress.port }}" \
|
||||
{{- else if .Values.meshGateway.wanAddress.useNodeIP }}
|
||||
-wan-address="${HOST_IP}:{{ .Values.meshGateway.wanAddress.port }}" \
|
||||
{{- end }}
|
||||
{{- if and .Values.meshGateway.consulServiceName }}
|
||||
{{- if and .Values.global.bootstrapACLs (ne .Values.meshGateway.consulServiceName "mesh-gateway") }}{{ fail "if global.bootstrapACLs is true, meshGateway.consulServiceName cannot be set" }}{{ end }}
|
||||
-service={{ .Values.meshGateway.consulServiceName | quote }} \
|
||||
{{- end }}
|
||||
{{- if .Values.meshGateway.enableHealthChecks }}
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.meshGateway.containerPort }}
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: {{ .Values.meshGateway.containerPort }}
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
{{- end }}
|
||||
ports:
|
||||
- name: gateway
|
||||
containerPort: {{ .Values.meshGateway.containerPort }}
|
||||
{{- if .Values.meshGateway.hostPort }}
|
||||
hostPort: {{ .Values.meshGateway.hostPort }}
|
||||
{{- end }}
|
||||
lifecycle:
|
||||
preStop:
|
||||
exec:
|
||||
command: ["/bin/sh", "-ec", "/consul-bin/consul services deregister -id=\"{{ default "mesh-gateway" .Values.meshGateway.consulServiceName }}\""]
|
||||
|
||||
{{- if .Values.meshGateway.priorityClassName }}
|
||||
priorityClassName: {{ .Values.meshGateway.priorityClassName | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.meshGateway.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ tpl .Values.meshGateway.nodeSelector . | indent 8 | trim }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user