-
Notifications
You must be signed in to change notification settings - Fork 772
/
deployment.yaml
108 lines (106 loc) · 3.6 KB
/
deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
{{- if .Values.kafka.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: mqtrigger-kafka
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
svc: mqtrigger
messagequeue: kafka
spec:
replicas: 1
selector:
matchLabels:
svc: mqtrigger
messagequeue: kafka
template:
metadata:
labels:
svc: mqtrigger
messagequeue: kafka
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
spec:
containers:
- name: mqtrigger
image: {{ include "fission-bundleImage" . | quote }}
imagePullPolicy: {{ .Values.pullPolicy }}
command: ["/fission-bundle"]
args: ["--mqt", "--routerUrl", "http://router.{{ .Release.Namespace }}"]
ports:
- containerPort: 8080
name: metrics
env:
- name: MESSAGE_QUEUE_TYPE
value: kafka
- name: MESSAGE_QUEUE_URL
value: "{{.Values.kafka.brokers}}"
- name: MESSAGE_QUEUE_KAFKA_VERSION
value: "{{.Values.kafka.version}}"
- name: DEBUG_ENV
value: {{ .Values.debugEnv | quote }}
- name: PPROF_ENABLED
value: {{ .Values.pprof.enabled | quote }}
{{- include "fission-resource-namespace.envs" . | indent 8 }}
{{- include "opentelemtry.envs" . | indent 8 }}
# TLS authentication is TLS with authentication (2 way)
# More info: https://docs.confluent.io/current/kafka/authentication_ssl.html#ssl-overview
{{- if .Values.kafka.authentication.tls.enabled }}
- name: TLS_ENABLED
value: "true"
- name: MESSAGE_QUEUE_SECRETS
value: /etc/fission/secrets
- name: INSECURE_SKIP_VERIFY
value: "{{ .Values.kafka.authentication.tls.insecureSkipVerify }}"
volumeMounts:
- name: kafka-secrets
mountPath: /etc/fission/secrets
{{- end }}
{{- if .Values.terminationMessagePath }}
terminationMessagePath: {{ .Values.terminationMessagePath }}
{{- end }}
{{- if .Values.terminationMessagePolicy }}
terminationMessagePolicy: {{ .Values.terminationMessagePolicy }}
{{- end }}
serviceAccountName: fission-kafka
{{- if .Values.kafka.authentication.tls.enabled }}
volumes:
- name: kafka-secrets
secret:
secretName: mqtrigger-kafka-secrets
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
---
{{- if .Values.kafka.authentication.tls.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: mqtrigger-kafka-secrets
labels:
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
data:
{{- if .Files.Get (printf "%s" .Values.kafka.authentication.tls.caCert) }}
caCert: {{ .Files.Get (printf "%s" .Values.kafka.authentication.tls.caCert) | b64enc }}
{{- else }}
{{ fail "Invalid chart. CA Certificate not found." }}
{{- end }}
{{- if .Files.Get (printf "%s" .Values.kafka.authentication.tls.userCert) }}
userCert: {{ .Files.Get (printf "%s" .Values.kafka.authentication.tls.userCert) | b64enc }}
{{- else }}
{{ fail "Invalid chart. User Certificate not found." }}
{{- end }}
{{- if .Files.Get (printf "%s" .Values.kafka.authentication.tls.userKey) }}
userKey: {{ .Files.Get (printf "%s" .Values.kafka.authentication.tls.userKey) | b64enc }}
{{- else }}
{{ fail "Invalid chart. User Key not found." }}
{{- end }}
{{- end }}
{{- if .Values.extraCoreComponentPodConfig }}
{{ toYaml .Values.extraCoreComponentPodConfig | indent 6 -}}
{{- end }}
{{- end }}