Permalink
Fetching contributors…
Cannot retrieve contributors at this time
178 lines (177 sloc) 5.97 KB
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: {{ template "fullname" . }}-apiserver
labels:
app: {{ template "fullname" . }}-apiserver
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
replicas: 1
selector:
matchLabels:
app: {{ template "fullname" . }}-apiserver
template:
metadata:
labels:
app: {{ template "fullname" . }}-apiserver
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
releaseRevision: "{{ .Release.Revision }}"
heritage: "{{ .Release.Service }}"
{{ if .Values.apiserver.annotations }}
annotations:
{{ toYaml .Values.apiserver.annotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: "{{ .Values.apiserver.serviceAccount }}"
containers:
- name: apiserver
image: {{ .Values.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
resources:
{{ toYaml .Values.apiserver.resources | indent 10 }}
args:
- apiserver
{{ if .Values.apiserver.audit.activated -}}
- --audit-log-path
- {{ .Values.apiserver.audit.logPath }}
{{- end}}
- --enable-admission-plugins
- "NamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck"
- --secure-port
- "8443"
- --storage-type
- {{ .Values.apiserver.storage.type }}
{{- if eq .Values.apiserver.storage.type "etcd" }}
- --etcd-servers
- {{ .Values.apiserver.storage.etcd.servers }}
{{- end }}
- -v
- "{{ .Values.apiserver.verbosity }}"
{{- if .Values.apiserver.tls.requestHeaderCA }}
- --requestheader-client-ca-file=/var/run/kubernetes-service-catalog/requestheader-ca.crt
{{- end }}
{{- if not .Values.apiserver.auth.enabled }}
- --disable-auth
{{- end }}
- --feature-gates
- OriginatingIdentity={{.Values.originatingIdentityEnabled}}
- --feature-gates
- ServicePlanDefaults={{.Values.servicePlanDefaultsEnabled}}
{{- if .Values.namespacedServiceBrokerDisabled }}
- --feature-gates
- NamespacedServiceBroker=false
{{- end }}
{{- if .Values.apiserver.serveOpenAPISpec }}
- --serve-openapi-spec
{{- end }}
{{- if .Values.apiserver.storage.etcd.tls.enabled }}
- --etcd-cafile=/var/run/etcd-client/etcd-client-ca.crt
- --etcd-certfile=/var/run/etcd-client/etcd-client.crt
- --etcd-keyfile=/var/run/etcd-client/etcd-client.key
{{- end }}
ports:
- containerPort: 8443
volumeMounts:
- name: apiserver-cert
mountPath: /var/run/kubernetes-service-catalog
readOnly: true
{{- if .Values.apiserver.storage.etcd.tls.enabled }}
- name: etcd-client-cert
mountPath: /var/run/etcd-client
readOnly: true
{{- end }}
{{- if .Values.apiserver.healthcheck.enabled }}
readinessProbe:
httpGet:
port: 8443
path: /healthz
scheme: HTTPS
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
httpGet:
port: 8443
path: /healthz
scheme: HTTPS
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
{{- end }}
{{- if and (eq .Values.apiserver.storage.type "etcd") .Values.apiserver.storage.etcd.useEmbedded }}
- name: etcd
image: {{ .Values.apiserver.storage.etcd.image }}
imagePullPolicy: {{ .Values.apiserver.storage.etcd.imagePullPolicy }}
resources:
{{ toYaml .Values.apiserver.storage.etcd.resources | indent 10 }}
env:
- name: ETCD_DATA_DIR
value: /etcd-data-dir
command:
- /usr/local/bin/etcd
- --listen-client-urls
- http://0.0.0.0:2379
- --advertise-client-urls
- http://localhost:2379
ports:
- containerPort: 2379
volumeMounts:
- name: etcd-data-dir
mountPath: /etcd-data-dir
readinessProbe:
httpGet:
port: 2379
path: /health
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
httpGet:
port: 2379
path: /health
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
{{- end }}
{{ if .Values.apiserver.nodeSelector }}
nodeSelector:
{{ .Values.apiserver.nodeSelector }}
{{ end }}
volumes:
- name: apiserver-cert
secret:
secretName: {{ template "fullname" . }}-apiserver-cert
items:
- key: tls.crt
path: apiserver.crt
- key: tls.key
path: apiserver.key
{{- if .Values.apiserver.tls.requestHeaderCA }}
- key: requestheader-ca.crt
path: requestheader-ca.crt
{{- end }}
{{- if and (eq .Values.apiserver.storage.type "etcd") .Values.apiserver.storage.etcd.useEmbedded }}
- name: etcd-data-dir
{{- if .Values.apiserver.storage.etcd.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.apiserver.storage.etcd.persistence.existingClaim | default (printf "%s-%s" (include "fullname" .) "etcd") }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.apiserver.storage.etcd.tls.enabled }}
- name: etcd-client-cert
secret:
secretName: {{ .Values.apiserver.storage.etcd.tls.clientCertSecretName }}
{{- end }}