2020-08-25 01:07:34 +00:00
#! Copyright 2020 VMware, Inc.
#! SPDX-License-Identifier: Apache-2.0
2020-07-07 20:17:34 +00:00
#@ load("@ytt:data", "data")
---
apiVersion : v1
kind : Namespace
metadata :
name : #@ data.values.namespace
labels :
name : #@ data.values.namespace
2020-07-09 16:42:31 +00:00
---
apiVersion : v1
2020-07-17 21:42:02 +00:00
kind : ServiceAccount
metadata :
name : #@ data.values.app_name + "-service-account"
namespace : #@ data.values.namespace
---
apiVersion : v1
2020-07-09 16:42:31 +00:00
kind : ConfigMap
metadata :
name : #@ data.values.app_name + "-config"
namespace : #@ data.values.namespace
labels :
app : #@ data.values.app_name
data :
2020-07-09 16:58:28 +00:00
#@yaml/text-templated-strings
2020-08-20 17:54:15 +00:00
pinniped.yaml : |
2020-08-03 14:17:11 +00:00
discovery :
2020-08-03 18:36:08 +00:00
url : (@= data.values.discovery_url or "null" @)
2020-07-14 16:38:43 +00:00
webhook :
url : (@= data.values.webhook_url @)
caBundle : (@= data.values.webhook_ca_bundle @)
2020-08-20 21:13:02 +00:00
api :
servingCertificate :
durationSeconds : (@= str(data.values.api_serving_certificate_duration_seconds) @)
renewBeforeSeconds : (@= str(data.values.api_serving_certificate_renew_before_seconds) @)
2020-07-07 20:17:34 +00:00
---
2020-08-13 00:02:43 +00:00
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
apiVersion : v1
kind : Secret
metadata :
name : image-pull-secret
namespace : #@ data.values.namespace
labels :
app : #@ data.values.app_name
2020-08-13 20:34:23 +00:00
type : kubernetes.io/dockerconfigjson
2020-08-13 00:02:43 +00:00
data :
.dockerconfigjson : #@ data.values.image_pull_dockerconfigjson
#@ end
---
2020-07-07 20:17:34 +00:00
apiVersion : apps/v1
2020-08-19 18:21:07 +00:00
kind : Deployment
2020-07-07 20:17:34 +00:00
metadata :
2020-08-12 00:55:34 +00:00
name : #@ data.values.app_name
2020-07-07 20:17:34 +00:00
namespace : #@ data.values.namespace
labels :
app : #@ data.values.app_name
spec :
2020-09-04 03:52:01 +00:00
replicas : #@ data.values.replicas
2020-07-07 20:17:34 +00:00
selector :
matchLabels :
app : #@ data.values.app_name
template :
metadata :
labels :
app : #@ data.values.app_name
2020-08-04 21:34:10 +00:00
annotations :
scheduler.alpha.kubernetes.io/critical-pod : ""
2020-07-07 20:17:34 +00:00
spec :
2020-07-17 21:42:02 +00:00
serviceAccountName : #@ data.values.app_name + "-service-account"
2020-08-13 00:02:43 +00:00
#@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "":
imagePullSecrets :
- name : image-pull-secret
#@ end
2020-07-07 20:17:34 +00:00
containers :
2020-08-20 17:54:15 +00:00
- name : pinniped
2020-07-09 17:16:46 +00:00
#@ if data.values.image_digest:
2020-07-07 20:17:34 +00:00
image : #@ data.values.image_repo + "@" + data.values.image_digest
2020-07-09 17:16:46 +00:00
#@ else:
image : #@ data.values.image_repo + ":" + data.values.image_tag
#@ end
2020-07-09 04:39:56 +00:00
imagePullPolicy : IfNotPresent
2020-08-28 19:18:48 +00:00
resources :
requests :
memory : "128Mi"
2020-07-17 21:42:02 +00:00
args :
2020-08-20 17:54:15 +00:00
- --config=/etc/config/pinniped.yaml
2020-07-17 21:42:02 +00:00
- --downward-api-path=/etc/podinfo
2020-07-09 16:42:31 +00:00
volumeMounts :
2020-07-17 21:42:02 +00:00
- name : config-volume
mountPath : /etc/config
- name : podinfo
mountPath : /etc/podinfo
2020-08-17 23:44:42 +00:00
livenessProbe :
httpGet :
path : /healthz
port : 443
scheme : HTTPS
2020-08-18 16:18:51 +00:00
initialDelaySeconds : 2
2020-08-17 23:44:42 +00:00
timeoutSeconds : 15
periodSeconds : 10
failureThreshold : 5
readinessProbe :
httpGet :
path : /healthz
port : 443
scheme : HTTPS
2020-08-18 16:18:51 +00:00
initialDelaySeconds : 2
2020-08-17 23:44:42 +00:00
timeoutSeconds : 3
periodSeconds : 10
failureThreshold : 3
2020-07-09 16:42:31 +00:00
volumes :
2020-07-17 21:42:02 +00:00
- name : config-volume
configMap :
name : #@ data.values.app_name + "-config"
2020-07-16 19:24:30 +00:00
- name : podinfo
2020-07-17 21:42:02 +00:00
downwardAPI :
items :
- path : "labels"
fieldRef :
fieldPath : metadata.labels
- path : "namespace"
fieldRef :
fieldPath : metadata.namespace
2020-07-24 20:41:51 +00:00
tolerations :
2020-08-12 00:55:34 +00:00
- key : CriticalAddonsOnly
operator : Exists
2020-08-19 18:21:07 +00:00
- key : node-role.kubernetes.io/master #! Allow running on master nodes too
2020-08-12 00:55:34 +00:00
effect : NoSchedule
#! "system-cluster-critical" cannot be used outside the kube-system namespace until Kubernetes >= 1.17,
#! so we skip setting this for now (see https://github.com/kubernetes/kubernetes/issues/60596).
#!priorityClassName: system-cluster-critical
2020-08-21 15:14:45 +00:00
#! This will help make sure our multiple pods run on different nodes, making
#! our deployment "more" "HA".
affinity :
podAntiAffinity :
preferredDuringSchedulingIgnoredDuringExecution :
- weight : 50
podAffinityTerm :
labelSelector :
matchLabels :
app : #@ data.values.app_name
topologyKey : kubernetes.io/hostname
2020-08-04 23:46:27 +00:00
---
apiVersion : v1
kind : Service
metadata :
2020-08-20 17:54:15 +00:00
name : pinniped-api #! the golang code assumes this specific name as part of the common name during cert generation
2020-08-04 23:46:27 +00:00
namespace : #@ data.values.namespace
labels :
app : #@ data.values.app_name
spec :
type : ClusterIP
selector :
app : #@ data.values.app_name
ports :
- protocol : TCP
port : 443
targetPort : 443
---
apiVersion : apiregistration.k8s.io/v1
kind : APIService
metadata :
2020-08-20 17:54:15 +00:00
name : v1alpha1.pinniped.dev
2020-08-04 23:46:27 +00:00
labels :
app : #@ data.values.app_name
spec :
version : v1alpha1
2020-08-20 17:54:15 +00:00
group : pinniped.dev
2020-08-04 23:46:27 +00:00
groupPriorityMinimum : 2500 #! TODO what is the right value? https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#apiservicespec-v1beta1-apiregistration-k8s-io
versionPriority : 10 #! TODO what is the right value? https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#apiservicespec-v1beta1-apiregistration-k8s-io
#! caBundle: Do not include this key here. Starts out null, will be updated/owned by the golang code.
service :
2020-08-20 17:54:15 +00:00
name : pinniped-api
2020-08-04 23:46:27 +00:00
namespace : #@ data.values.namespace
port : 443