drydock/charts/drydock/templates/deployment.yaml

117 lines
4.8 KiB
YAML

{{/*
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License. */}}
{{- if .Values.manifests.deployment_drydock }}
{{- $envAll := . -}}
{{- $labels := tuple $envAll "drydock" "api" | include "helm-toolkit.snippets.kubernetes_metadata_labels" -}}
{{- $serviceAccountName := "drydock-api" }}
{{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: drydock-api
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
spec:
replicas: {{ .Values.replicas.drydock }}
selector:
matchLabels:
{{ $labels | indent 6 }}
{{ tuple $envAll | include "helm-toolkit.snippets.kubernetes_upgrades_deployment" | indent 2 }}
template:
metadata:
labels:
{{ $labels | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
{{ dict "envAll" $envAll "podName" "drydock-api" "containerNames" (list "drydock-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
{{ dict "envAll" $envAll "application" "drydock" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
nodeSelector:
{{ .Values.labels.api.node_selector_key }}: {{ .Values.labels.api.node_selector_value | quote }}
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: Always
affinity:
{{ tuple $envAll "drydock" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
initContainers:
{{ tuple $envAll "api" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: drydock-api
image: {{ .Values.images.tags.drydock }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "drydock" "container" "drydock_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
env:
- name: 'MAAS_API_KEY'
valueFrom:
secretKeyRef:
name: 'maas-api-key'
key: 'token'
- name: 'DRYDOCK_API_WORKERS'
value: {{ .Values.conf.uwsgi.workers | default 1 | quote }}
- name: 'DRYDOCK_API_THREADS'
value: {{ .Values.conf.uwsgi.threads | default 1 | quote }}
ports:
- name: drydock-api
containerPort: {{ tuple "physicalprovisioner" "default" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
volumeMounts:
- name: etc-drydock
mountPath: /etc/drydock
- name: drydock-etc
subPath: drydock.conf
mountPath: /etc/drydock/drydock.conf
readOnly: true
- name: drydock-etc
subPath: api-paste.ini
mountPath: /etc/drydock/api-paste.ini
readOnly: true
- name: drydock-etc
subPath: policy.yaml
mountPath: /etc/drydock/policy.yaml
readOnly: true
{{- if .Values.manifests.secret_ssh_key }}
- name: root-ssh
mountPath: /root/.ssh
- name: priv-key
subPath: PRIVATE_KEY
mountPath: /root/.ssh/id_rsa
readOnly: true
- name: drydock-etc
subPath: ssh-config
mountPath: /root/.ssh/config
readOnly: true
{{- end }}
workingDir: /tmp/drydock
volumes:
{{- if .Values.manifests.secret_ssh_key }}
- name: root-ssh
emptyDir: {}
- name: priv-key
secret:
secretName: {{ .Release.Name }}-{{ .Values.secrets.ssh_key }}
defaultMode: 0400
{{- end }}
- name: etc-drydock
emptyDir: {}
- name: drydock-etc
configMap:
name: drydock-etc
defaultMode: 0444
...
{{- end }}