#! Copyright 2020 the Pinniped contributors. All Rights Reserved. #! SPDX-License-Identifier: Apache-2.0 #@ load("@ytt:data", "data") --- apiVersion: v1 kind: Namespace metadata: name: #@ data.values.namespace labels: name: #@ data.values.namespace --- apiVersion: v1 kind: ServiceAccount metadata: name: #@ data.values.app_name namespace: #@ data.values.namespace --- apiVersion: v1 kind: ConfigMap metadata: name: #@ data.values.app_name + "-static-config" namespace: #@ data.values.namespace labels: app: #@ data.values.app_name data: #@yaml/text-templated-strings pinniped.yaml: | names: dynamicConfigMap: (@= data.values.app_name + "-dynamic-config" @) --- #@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "": apiVersion: v1 kind: Secret metadata: name: image-pull-secret namespace: #@ data.values.namespace labels: app: #@ data.values.app_name type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: #@ data.values.image_pull_dockerconfigjson #@ end --- apiVersion: apps/v1 kind: Deployment metadata: name: #@ data.values.app_name namespace: #@ data.values.namespace labels: app: #@ data.values.app_name spec: replicas: #@ data.values.replicas selector: matchLabels: app: #@ data.values.app_name template: metadata: labels: app: #@ data.values.app_name spec: serviceAccountName: #@ data.values.app_name #@ if data.values.image_pull_dockerconfigjson and data.values.image_pull_dockerconfigjson != "": imagePullSecrets: - name: image-pull-secret #@ end containers: - name: pinniped-supervisor #@ if data.values.image_digest: image: #@ data.values.image_repo + "@" + data.values.image_digest #@ else: image: #@ data.values.image_repo + ":" + data.values.image_tag #@ end imagePullPolicy: IfNotPresent command: #! override the default entrypoint - /usr/local/bin/pinniped-supervisor args: - /etc/podinfo #! TODO proper flag parsing instead of positional - /etc/config/pinniped.yaml #! TODO proper flag parsing instead of positional resources: requests: memory: "128Mi" volumeMounts: - name: config-volume mountPath: /etc/config - name: podinfo mountPath: /etc/podinfo #! livenessProbe: #! httpGet: #! path: /healthz #! port: 443 #! scheme: HTTPS #! initialDelaySeconds: 2 #! timeoutSeconds: 15 #! periodSeconds: 10 #! failureThreshold: 5 #! readinessProbe: #! httpGet: #! path: /healthz #! port: 443 #! scheme: HTTPS #! initialDelaySeconds: 2 #! timeoutSeconds: 3 #! periodSeconds: 10 #! failureThreshold: 3 volumes: - name: config-volume configMap: name: #@ data.values.app_name + "-static-config" - name: podinfo downwardAPI: items: - path: "labels" fieldRef: fieldPath: metadata.labels - path: "namespace" fieldRef: fieldPath: metadata.namespace #! This will help make sure our multiple pods run on different nodes, making #! our deployment "more" "HA". affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 50 podAffinityTerm: labelSelector: matchLabels: app: #@ data.values.app_name topologyKey: kubernetes.io/hostname --- apiVersion: v1 kind: Service metadata: name: #@ data.values.app_name namespace: #@ data.values.namespace labels: app: #@ data.values.app_name spec: type: ClusterIP selector: app: #@ data.values.app_name ports: - protocol: TCP port: 80 targetPort: 80