deploy-templates/templates/deployment.yaml

{{- if or .Values.deployment.kong.enabled .Values.ingressController.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kong.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "kong.metaLabels" . | nindent 4 }} app.kubernetes.io/component: app {{- if .Values.deploymentAnnotations }} annotations: {{- range $key, $value := .Values.deploymentAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: {{- if not .Values.global.registry.kong.hpa.enabled }} replicas: {{ .Values.global.registry.kong.replicas }} {{- end }} selector: matchLabels: {{- include "kong.selectorLabels" . | nindent 6 }} {{- if .Values.updateStrategy }} strategy: {{ toYaml .Values.updateStrategy | indent 4 }} {{- end }} template: metadata: {{- if or (.Values.podAnnotations) (.Values.global.registry.kong.istio.sidecar.enabled) (.Values.ingressController.admissionWebhook.enabled) (and (not .Values.ingressController.enabled) (eq .Values.env.database "off" )) }} annotations: {{- if .Values.ingressController.admissionWebhook.enabled }} checksum/admission-webhook.yaml: {{ include (print $.Template.BasePath "/admission-webhook.yaml") . | sha256sum }} {{- end }} {{- if (and (not .Values.ingressController.enabled) (eq .Values.env.database "off" )) }} {{- if .Values.dblessConfig.config }} checksum/dbless.config: {{ toYaml .Values.dblessConfig.config | sha256sum }} {{- end }} {{- end }} {{- if .Values.podAnnotations }} {{- range $key, $value := .Values.podAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} {{- if .Values.global.registry.kong.istio.sidecar.enabled }} sidecar.istio.io/inject: "true" traffic.sidecar.istio.io/excludeOutboundPorts: '5432,6379' {{- include "kong.istioResources" . | nindent 8 }} {{- end }} {{- end }} labels: {{- include "kong.metaLabels" . | nindent 8 }} app.kubernetes.io/component: app collect.logs: "json" {{- if .Values.podLabels }} {{ toYaml .Values.podLabels | nindent 8 }} {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} {{- if or .Values.ingressController.enabled .Values.podSecurityPolicy.enabled }} serviceAccountName: {{ template "kong.serviceAccountName" . }} {{ end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} - name: {{ . }} {{- end }} {{- end }} {{- if not (eq .Values.env.database "off") }} {{- if .Values.deployment.kong.enabled }} initContainers: {{- include "kong.wait-for-db" . | nindent 6 }} {{ end }} {{ end }} containers: {{- if .Values.ingressController.enabled }} {{- include "kong.controller-container" . | nindent 6 }} {{ end }} {{- if .Values.deployment.sidecarContainers }} {{- toYaml .Values.deployment.sidecarContainers | nindent 6 }} {{- end }} {{- if .Values.deployment.kong.enabled }} - name: "proxy" {{- if .Values.image.unifiedRepoTag }} image: "{{ .Values.image.unifiedRepoTag }}" {{- else }} image: "{{ .Values.image.name }}:{{ .Values.image.version }}" {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- include "kong.no_daemon_env" . | nindent 8 }} lifecycle: {{- toYaml .Values.lifecycle | nindent 10 }} ports: {{/* TODO: remove legacy admin port template */}} {{- if (and .Values.admin.containerPort .Values.admin.enabled) }} - name: admin containerPort: {{ .Values.admin.containerPort }} {{- if .Values.admin.hostPort }} hostPort: {{ .Values.admin.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.admin.http.enabled .Values.admin.enabled) }} - name: admin containerPort: {{ .Values.admin.http.containerPort }} {{- if .Values.admin.http.hostPort }} hostPort: {{ .Values.admin.http.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.admin.tls.enabled .Values.admin.enabled) }} - name: admin-tls containerPort: {{ .Values.admin.tls.containerPort }} {{- if .Values.admin.tls.hostPort }} hostPort: {{ .Values.admin.tls.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.proxy.http.enabled .Values.proxy.enabled) }} - name: proxy containerPort: {{ .Values.proxy.http.containerPort }} {{- if .Values.proxy.http.hostPort }} hostPort: {{ .Values.proxy.http.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.proxy.tls.enabled .Values.proxy.enabled)}} - name: proxy-tls containerPort: {{ .Values.proxy.tls.containerPort }} {{- if .Values.proxy.tls.hostPort }} hostPort: {{ .Values.proxy.tls.hostPort }} {{- end}} protocol: TCP {{- end }} {{- range .Values.proxy.stream }} - name: stream-{{ .containerPort }} containerPort: {{ .containerPort }} {{- if .hostPort }} hostPort: {{ .hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.status.http.enabled .Values.status.enabled)}} - name: status containerPort: {{ .Values.status.http.containerPort }} {{- if .Values.status.http.hostPort }} hostPort: {{ .Values.status.http.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.status.tls.enabled .Values.status.enabled) }} - name: status-tls containerPort: {{ .Values.status.tls.containerPort }} {{- if .Values.status.tls.hostPort }} hostPort: {{ .Values.status.tls.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.cluster.tls.enabled .Values.cluster.enabled) }} - name: cluster-tls containerPort: {{ .Values.cluster.tls.containerPort }} {{- if .Values.cluster.tls.hostPort }} hostPort: {{ .Values.cluster.tls.hostPort }} {{- end}} protocol: TCP {{- end }} - name: metrics containerPort: 9542 protocol: TCP {{- if .Values.ingressController.admissionWebhook.enabled }} - name: webhook containerPort: {{ .Values.ingressController.admissionWebhook.port }} protocol: TCP {{- end }} {{- if .Values.enterprise.enabled }} {{- if (and .Values.manager.http.enabled .Values.manager.enabled) }} - name: manager containerPort: {{ .Values.manager.http.containerPort }} {{- if .Values.manager.http.hostPort }} hostPort: {{ .Values.manager.http.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.manager.tls.enabled .Values.manager.enabled) }} - name: manager-tls containerPort: {{ .Values.manager.tls.containerPort }} {{- if .Values.manager.tls.hostPort }} hostPort: {{ .Values.manager.tls.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.portal.http.enabled .Values.portal.enabled) }} - name: portal containerPort: {{ .Values.portal.http.containerPort }} {{- if .Values.portal.http.hostPort }} hostPort: {{ .Values.portal.http.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.portal.tls.enabled .Values.portal.enabled) }} - name: portal-tls containerPort: {{ .Values.portal.tls.containerPort }} {{- if .Values.portal.tls.hostPort }} hostPort: {{ .Values.portal.tls.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.portalapi.http.enabled .Values.portalapi.enabled) }} - name: portalapi containerPort: {{ .Values.portalapi.http.containerPort }} {{- if .Values.portalapi.http.hostPort }} hostPort: {{ .Values.portalapi.http.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.portalapi.tls.enabled .Values.portalapi.enabled) }} - name: portalapi-tls containerPort: {{ .Values.portalapi.tls.containerPort }} {{- if .Values.portalapi.tls.hostPort }} hostPort: {{ .Values.portalapi.tls.hostPort }} {{- end}} protocol: TCP {{- end }} {{- if (and .Values.clustertelemetry.tls.enabled .Values.clustertelemetry.enabled) }} - name: clustert-tls containerPort: {{ .Values.clustertelemetry.tls.containerPort }} {{- if .Values.clustertelemetry.tls.hostPort }} hostPort: {{ .Values.clustertelemetry.tls.hostPort }} {{- end}} protocol: TCP {{- end }} {{- end }} {{- end }} volumeMounts: {{- include "kong.volumeMounts" . | nindent 10 }} readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} livenessProbe: {{ toYaml .Values.livenessProbe | indent 10 }} {{- if or .Values.global.registry.kong.container.resources.requests .Values.global.registry.kong.container.resources.limits }} resources: {{ toYaml .Values.global.registry.kong.container.resources | indent 10 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} securityContext: {{- include "kong.podsecuritycontext" . | nindent 8 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} volumes: {{- include "kong.volumes" . | nindent 8 -}} {{- end }}

deploy-templates/templates/deployment.yaml (260 lines of code) (raw):