Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
d43242a55f
constellation/cli/internal/helm/charts/cilium/templates/hubble-relay/deployment.yaml
3u13r 9478303f80 deploy cilium via helmchart (#321)
2022-08-12 10:20:19 +02:00

147 lines
4.7 KiB
YAML
Raw Blame History

{{- if and .Values.hubble.enabled .Values.hubble.relay.enabled }}
{{- $mountSocket := not .Values.hubble.peerService.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: hubble-relay
namespace: {{ .Release.Namespace }}
labels:
k8s-app: hubble-relay
spec:
replicas: {{ .Values.hubble.relay.replicas }}
selector:
matchLabels:
k8s-app: hubble-relay
{{- with .Values.hubble.relay.updateStrategy }}
strategy:
{{- toYaml . | trim | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- if .Values.hubble.relay.rollOutPods }}
# ensure pods roll when configmap updates
cilium.io/hubble-relay-configmap-checksum: {{ include (print $.Template.BasePath "/hubble-relay/configmap.yaml") . | sha256sum | quote }}
{{- end }}
{{- with .Values.hubble.relay.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
k8s-app: hubble-relay
{{- with .Values.hubble.relay.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.hubble.relay.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: hubble-relay
image: {{ include "cilium.image" .Values.hubble.relay.image | quote }}
imagePullPolicy: {{ .Values.hubble.relay.image.pullPolicy }}
command:
- hubble-relay
args:
- serve
{{- if .Values.debug.enabled }}
- --debug
{{- end }}
ports:
- name: grpc
containerPort: {{ .Values.hubble.relay.listenPort }}
{{- if .Values.hubble.relay.prometheus.enabled }}
- name: prometheus
containerPort: {{ .Values.hubble.relay.prometheus.port }}
protocol: TCP
{{- end }}
readinessProbe:
tcpSocket:
port: grpc
livenessProbe:
tcpSocket:
port: grpc
{{- with .Values.hubble.relay.extraEnv }}
env:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
{{- with .Values.hubble.relay.resources }}
resources:
{{- toYaml . | trim | nindent 12 }}
{{- end }}
volumeMounts:
{{- if $mountSocket }}
- name: hubble-sock-dir
mountPath: {{ dir .Values.hubble.socketPath }}
readOnly: true
{{- end }}
- name: config
mountPath: /etc/hubble-relay
readOnly: true
{{- if .Values.hubble.tls.enabled }}
- name: tls
mountPath: /var/lib/hubble-relay/tls
readOnly: true
{{- end }}
restartPolicy: Always
priorityClassName: {{ .Values.hubble.relay.priorityClassName }}
serviceAccount: {{ .Values.serviceAccounts.relay.name | quote }}
serviceAccountName: {{ .Values.serviceAccounts.relay.name | quote }}
automountServiceAccountToken: false
terminationGracePeriodSeconds: {{ .Values.hubble.relay.terminationGracePeriodSeconds }}
{{- with .Values.hubble.relay.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.hubble.relay.nodeSelector }}
nodeSelector:
{{- toYaml . | trim | nindent 8 }}
{{- end }}
{{- with .Values.hubble.relay.tolerations }}
tolerations:
{{- toYaml . | trim | nindent 8 }}
{{- end }}
volumes:
- name: config
configMap:
name: hubble-relay-config
items:
- key: config.yaml
path: config.yaml
{{- if $mountSocket }}
- name: hubble-sock-dir
hostPath:
path: {{ dir .Values.hubble.socketPath }}
type: Directory
{{- end }}
{{- if .Values.hubble.tls.enabled }}
- name: tls
projected:
# note: the leading zero means this number is in octal representation: do not remove it
defaultMode: 0400
sources:
- secret:
name: hubble-relay-client-certs
items:
- key: ca.crt
path: hubble-server-ca.crt
- key: tls.crt
path: client.crt
- key: tls.key
path: client.key
{{- if .Values.hubble.relay.tls.server.enabled }}
- secret:
name: hubble-relay-server-certs
items:
- key: tls.crt
path: server.crt
- key: tls.key
path: server.key
{{- end }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink