mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-14 18:34:31 -05:00
968cdc1a38
* cli: move internal packages Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: fix buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bazel: fix exclude dir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: move back libraries that will not be used by TF provider Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
130 lines
4.7 KiB
YAML
130 lines
4.7 KiB
YAML
{{- if and .Values.authentication.mutual.spire.enabled .Values.authentication.mutual.spire.install.enabled -}}
|
|
apiVersion: apps/v1
|
|
kind: StatefulSet
|
|
metadata:
|
|
name: spire-server
|
|
namespace: {{ .Values.authentication.mutual.spire.install.namespace }}
|
|
{{- if or .Values.authentication.mutual.spire.install.server.annotations .Values.authentication.mutual.spire.annotations }}
|
|
annotations:
|
|
{{- with .Values.authentication.mutual.spire.annotations }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
{{- with .Values.authentication.mutual.spire.install.server.annotations }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
labels:
|
|
app: spire-server
|
|
{{- with .Values.authentication.mutual.spire.install.server.labels }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: spire-server
|
|
serviceName: spire-server
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: spire-server
|
|
{{- with .Values.authentication.mutual.spire.install.server.labels }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
serviceAccountName: {{ .Values.authentication.mutual.spire.install.server.serviceAccount.name }}
|
|
shareProcessNamespace: true
|
|
{{- with .Values.authentication.mutual.spire.install.server.podSecurityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if gt (len .Values.authentication.mutual.spire.install.server.initContainers) 0 }}
|
|
initContainers:
|
|
{{- toYaml .Values.authentication.mutual.spire.install.server.initContainers | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: cilium-init
|
|
image: {{ include "cilium.image" .Values.authentication.mutual.spire.install.initImage | quote }}
|
|
imagePullPolicy: {{ .Values.authentication.mutual.spire.install.initImage.pullPolicy }}
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
{{- tpl (.Files.Get "files/spire/init.bash") . | nindent 12 }}
|
|
- name: spire-server
|
|
{{- if eq (typeOf .Values.authentication.mutual.spire.install.server.image) "string" }}
|
|
image: {{ .Values.authentication.mutual.spire.install.server.image }}
|
|
{{- else }}
|
|
image: {{ include "cilium.image" .Values.authentication.mutual.spire.install.server.image | quote }}
|
|
imagePullPolicy: {{ .Values.authentication.mutual.spire.install.server.image.pullPolicy }}
|
|
{{- end }}
|
|
args:
|
|
- -config
|
|
- /run/spire/config/server.conf
|
|
ports:
|
|
- name: grpc
|
|
containerPort: 8081
|
|
volumeMounts:
|
|
- name: spire-config
|
|
mountPath: /run/spire/config
|
|
readOnly: true
|
|
{{- if .Values.authentication.mutual.spire.install.server.dataStorage.enabled }}
|
|
- name: spire-data
|
|
mountPath: /run/spire/data
|
|
readOnly: false
|
|
{{- end }}
|
|
- name: spire-server-socket
|
|
mountPath: /tmp/spire-server/private
|
|
readOnly: false
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /live
|
|
port: 8080
|
|
failureThreshold: 2
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 60
|
|
timeoutSeconds: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /ready
|
|
port: 8080
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
{{- with .Values.authentication.mutual.spire.install.server.securityContext }}
|
|
securityContext:
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
{{- with .Values.authentication.mutual.spire.install.server.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.authentication.mutual.spire.install.server.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.authentication.mutual.spire.install.server.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | trim | nindent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
- name: spire-config
|
|
configMap:
|
|
name: spire-server
|
|
- name: spire-server-socket
|
|
hostPath:
|
|
path: /var/run/spire-server/sockets
|
|
type: DirectoryOrCreate
|
|
{{- if .Values.authentication.mutual.spire.install.server.dataStorage.enabled }}
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: spire-data
|
|
spec:
|
|
accessModes:
|
|
- {{ .Values.authentication.mutual.spire.install.server.dataStorage.accessMode | default "ReadWriteOnce" }}
|
|
resources:
|
|
requests:
|
|
storage: {{ .Values.authentication.mutual.spire.install.server.dataStorage.size }}
|
|
storageClassName: {{ .Values.authentication.mutual.spire.install.server.dataStorage.storageClass }}
|
|
{{- end }}
|
|
{{- end }}
|