-
Notifications
You must be signed in to change notification settings - Fork 406
/
deployment.yaml
147 lines (147 loc) · 7.26 KB
/
deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "controller.fullname" . }}
labels: {{- include "controller.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels: {{- include "controller.selectorLabels" . | nindent 6 }}
strategy:
type: RollingUpdate
template:
metadata:
labels: {{- include "controller.selectorLabels" . | nindent 8 }}
annotations:
traffic.sidecar.istio.io/excludeInboundPorts: {{ .Values.webhook.targetPort | quote }}
spec:
serviceAccountName: {{ include "controller.fullname" . }}
terminationGracePeriodSeconds: 10
securityContext: {{- toYaml .Values.global.podSecurityContext | nindent 8 }}
containers:
- image: "{{include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.eventing_controller) }}"
imagePullPolicy: "{{ .Values.global.images.eventing_controller.pullPolicy }}"
name: controller
env:
- name: NATS_URL
value: {{ include "controller.natsServer.url" . }}
- name: EVENT_TYPE_PREFIX
valueFrom:
configMapKeyRef:
name: {{ .Values.global.configMap.name }}
key: {{ .Values.global.configMap.keys.eventTypePrefix }}
- name: DOMAIN
value: {{ .Values.global.domainName }}
- name: WEBHOOK_TOKEN_ENDPOINT
value: https://oauth2.{{ .Values.global.domainName }}/oauth2/token
- name: PUBLISHER_REQUESTS_CPU
value: {{ .Values.publisherProxy.resources.requests.cpu }}
- name: PUBLISHER_REQUESTS_MEMORY
value: {{ .Values.publisherProxy.resources.requests.memory }}
- name: PUBLISHER_LIMITS_CPU
value: {{ .Values.publisherProxy.resources.limits.cpu }}
- name: PUBLISHER_LIMITS_MEMORY
value: {{ .Values.publisherProxy.resources.limits.memory }}
- name: PUBLISHER_IMAGE
value: "{{include "imageurl" (dict "reg" .Values.global.containerRegistry "img" .Values.global.images.publisher_proxy) }}"
- name: PUBLISHER_IMAGE_PULL_POLICY
value: "{{ .Values.publisherProxy.image.pullPolicy }}"
- name: PUBLISHER_REPLICAS
value: "{{ .Values.publisherProxy.replicas }}"
- name: PUBLISHER_REQUEST_TIMEOUT
value: "{{ .Values.publisherProxy.requestTimeout }}"
{{- if .Values.global.priorityClassName }}
- name: PUBLISHER_PRIORITY_CLASS_NAME
value: "{{ .Values.global.priorityClassName }}"
{{- end }}
- name: DEFAULT_MAX_IN_FLIGHT_MESSAGES
value: "{{ .Values.eventingBackend.defaultMaxInflightMessages }}"
- name: DEFAULT_DISPATCHER_RETRY_PERIOD
value: "{{ .Values.eventingBackend.defaultDispatcherRetryPeriod }}"
- name: DEFAULT_DISPATCHER_MAX_RETRIES
value: "{{ .Values.eventingBackend.defaultDispatcherMaxRetries }}"
- name: APP_LOG_FORMAT
value: {{ .Values.global.log.format | quote }}
- name: APP_LOG_LEVEL
value: {{ .Values.global.log.level | quote }}
- name: JS_STREAM_NAME
value: {{ .Values.jetstream.streamName | quote }}
- name: JS_STREAM_SUBJECT_PREFIX
value: {{ .Values.jetstream.streamSubjectPrefix | quote }}
- name: JS_STREAM_STORAGE_TYPE
value: {{ .Values.global.jetstream.storage | quote }}
- name: JS_STREAM_REPLICAS
value: {{ .Values.jetstream.streamReplicas | quote }}
- name: JS_STREAM_DISCARD_POLICY
value: {{ .Values.global.jetstream.discardPolicy | quote }}
- name: JS_STREAM_RETENTION_POLICY
value: {{ .Values.jetstream.retentionPolicy | quote }}
- name: JS_CONSUMER_DELIVER_POLICY
value: {{ .Values.jetstream.consumerDeliverPolicy | quote }}
- name: JS_STREAM_MAX_MSGS
value: {{ .Values.jetstream.maxMessages | quote }}
- name: JS_STREAM_MAX_BYTES
value: {{ .Values.global.jetstream.maxBytes | quote }}
- name: WEBHOOK_SECRET_NAME
value: {{ .Values.webhook.secretName | quote }}
- name: MUTATING_WEBHOOK_NAME
value: {{ .Values.webhook.mutating.name | quote }}
- name: VALIDATING_WEBHOOK_NAME
value: {{ .Values.webhook.validating.name | quote }}
- name: EVENTING_WEBHOOK_AUTH_ENABLED
value: {{ .Values.eventingWebhookAuth.enabled | quote }}
- name: EVENTING_WEBHOOK_AUTH_SECRET_NAME
value: {{ .Values.eventingWebhookAuth.secret.name | quote }}
- name: EVENTING_WEBHOOK_AUTH_SECRET_NAMESPACE
value: {{ .Values.eventingWebhookAuth.secret.namespace | quote }}
- name: NATS_PROVISIONING_ENABLED
value: {{ .Values.global.jetstream.enabled | quote }}
resources:
requests:
cpu: {{ .Values.resources.requests.cpu }}
memory: {{ .Values.resources.requests.memory }}
limits:
cpu: {{ .Values.resources.limits.cpu }}
memory: {{ .Values.resources.limits.memory }}
livenessProbe:
failureThreshold: {{ .Values.healthProbe.liveness.failureThreshold }}
httpGet:
path: {{ .Values.healthProbe.liveness.service.path }}
port: {{ .Values.healthProbe.port }}
scheme: {{ .Values.healthProbe.scheme }}
initialDelaySeconds: {{ .Values.healthProbe.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.healthProbe.liveness.periodSeconds }}
successThreshold: {{ .Values.healthProbe.liveness.successThreshold }}
timeoutSeconds: {{ .Values.healthProbe.liveness.timeoutSeconds }}
readinessProbe:
failureThreshold: {{ .Values.healthProbe.readiness.failureThreshold }}
httpGet:
path: {{ .Values.healthProbe.readiness.service.path }}
port: {{ .Values.healthProbe.port }}
scheme: {{ .Values.healthProbe.scheme }}
initialDelaySeconds: {{ .Values.healthProbe.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.healthProbe.readiness.periodSeconds }}
successThreshold: {{ .Values.healthProbe.readiness.successThreshold }}
timeoutSeconds: {{ .Values.healthProbe.readiness.timeoutSeconds }}
{{- if .Values.global.containerSecurityContext }}
securityContext: {{- toYaml .Values.global.containerSecurityContext | nindent 12 }}
{{- end }}
ports:
- containerPort: {{ .Values.metrics.config.port }}
name: {{ .Values.global.ports.namePrefix }}{{ .Values.metrics.config.portName }}
protocol: TCP
- containerPort: {{ .Values.webhook.targetPort }}
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: {{ .Values.webhook.secretName }}
{{- if .Values.global.priorityClassName }}
priorityClassName: {{ .Values.global.priorityClassName }}
{{- end }}