icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c2d2fa6345
freeleaps-ops/cluster/manifests/freeleaps-infra-system/telepresence/telepresence-oss/templates/deployment.yaml
zhenyus c2d2fa6345 fix: update Jenkins token in gitea webhook configuration 
Signed-off-by: zhenyus <zhenyus@mathmast.com>
2025-07-24 16:51:35 +08:00

324 lines
11 KiB
YAML
Raw Blame History

{{- with .Values }}
{{- if not (and .rbac .rbac.only) }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "traffic-manager.name" $ }}
namespace: {{ include "traffic-manager.namespace" $ }}
labels:
{{- include "telepresence.labels" $ | nindent 4 }}
spec:
replicas: {{ .replicaCount }}
selector:
matchLabels:
{{- include "telepresence.selectorLabels" $ | nindent 6 }}
template:
metadata:
{{- with .podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "telepresence.selectorLabels" $ | nindent 8 }}
{{- with .podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .image.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext:
{{- toYaml .podSecurityContext | nindent 8 }}
{{- if .hostNetwork }}
hostNetwork: true
{{- end }}
containers:
- name: {{ include "traffic-manager.name" $ }}
securityContext:
{{- toYaml .securityContext | nindent 12 }}
{{- with .image }}
image: "{{ .registry }}/{{ .name }}:{{ .tag | default $.Chart.AppVersion }}"
imagePullPolicy: {{ .pullPolicy }}
{{- end }}
env:
- name: LOG_LEVEL
value: {{ .logLevel }}
{{- with .image }}
- name: REGISTRY
value: "{{ .registry }}"
{{- end }}
- name: SERVER_PORT
value: {{ .apiPort | quote }}
- name: POD_CIDR_STRATEGY
value: {{ .podCIDRStrategy }}
{{- with .podCIDRs }}
- name: POD_CIDRS
value: "{{ join " " . }}"
{{- end }}
{{- if .agentInjector.enabled }}
- name: MUTATOR_WEBHOOK_PORT
value: {{ .agentInjector.webhook.port | quote }}
- name: AGENT_INJECTOR_SECRET
{{- if eq .agentInjector.certificate.accessMethod "mount" }}
value: /var/run/secrets/tls
{{- else }}
value: {{ .agentInjector.secret.name }}
{{- end }}
{{- end }}
{{- with .telepresenceAPI }}
{{- if .port }}
- name: AGENT_REST_API_PORT
value: {{ .port | quote }}
{{- end }}
{{- end }}
{{- with .grpc }}
{{- if .maxReceiveSize }}
- name: GRPC_MAX_RECEIVE_SIZE
value: {{ .maxReceiveSize }}
{{- if and .connectionTTL (not $.Values.client.connectionTTL) }}
- name: CLIENT_CONNECTION_TTL
value: {{ .connectionTTL }}
{{- end }}
{{- end }}
{{- end }}
{{- if .workloads }}
{{- with .workloads }}
- name: ENABLED_WORKLOAD_KINDS
value: >-
{{- if or (not .deployments) .deployments.enabled }}
Deployment
{{- end }}
{{- if or (not .statefulSets) .statefulSets.enabled }}
StatefulSet
{{- end }}
{{- if or (not .replicaSets) .replicaSets.enabled }}
ReplicaSet
{{- end }}
{{- if and .argoRollouts .argoRollouts.enabled }}
Rollout
{{- end }}
{{- end }}
{{- else }}
- name: ENABLED_WORKLOAD_KINDS
value: Deployment StatefulSet ReplicaSet
{{- end }}
{{- if .agentInjector.enabled }}
{{- /*
Traffic agent injector configuration
*/}}
- name: AGENT_ARRIVAL_TIMEOUT
value: {{ quote (default "30s" .timeouts.agentArrival) }}
{{- with .agentInjector }}
- name: AGENT_INJECT_POLICY
value: {{ .injectPolicy }}
- name: AGENT_INJECTOR_NAME
value: {{ .name | quote }}
{{- end }}
{{- /*
Traffic agent configuration
*/}}
{{- with .agent }}
{{- if .logLevel }}
- name: AGENT_LOG_LEVEL
value: {{ .logLevel }}
{{- end }}
{{- if .port }}
- name: AGENT_PORT
value: {{ .port | quote }}
{{- end }}
{{- if .appProtocolStrategy }}
- name: AGENT_APP_PROTO_STRATEGY
value: {{ .appProtocolStrategy }}
{{- end }}
{{- if .resources }}
- name: AGENT_RESOURCES
value: '{{ toJson .resources }}'
{{- end }}
{{- if .initResources }}
- name: AGENT_INIT_RESOURCES
value: '{{ toJson .initResources }}'
{{- end }}
{{- if .mountPolicies }}
- name: AGENT_MOUNT_POLICIES
value: '{{ toJson .mountPolicies }}'
{{- end }}
{{- with .initContainer }}
- name: AGENT_INIT_CONTAINER_ENABLED
value: {{ .enabled | quote }}
{{- end }}
{{- with .image }}
{{- if .name }}
- name: AGENT_IMAGE_NAME
value: {{ .name }}
{{- end }}
{{- if .tag }}
- name: AGENT_IMAGE_TAG
value: {{ .tag }}
{{- end }}
{{- if .registry }}
- name: AGENT_REGISTRY
value: {{ .registry }}
{{- end }}
{{- with .pullSecrets }}
- name: AGENT_IMAGE_PULL_SECRETS
value: '{{ toJson . }}'
{{- end }}
- name: AGENT_IMAGE_PULL_POLICY
value: {{ .pullPolicy }}
{{- end }}
{{- /* must check against nil. An empty security context is a valid override */}}
{{- if not (eq .securityContext nil) }}
- name: AGENT_SECURITY_CONTEXT
value: '{{ toJson .securityContext }}'
{{- end }}
{{- /* must check against nil. An empty security context is a valid override */}}
{{- if not (eq .initSecurityContext nil) }}
- name: AGENT_INIT_SECURITY_CONTEXT
value: '{{ toJson .initSecurityContext }}'
{{- end }}
{{- end }}
{{- with fromJsonArray (include "traffic-manager.namespaces" $) }}
{{- /*
This environment variable is not used, it's here to force a redeploy of the traffic manager when the list
changes, because it updates roles and rolebindings and potentially also changes from roles to clusterroles or
vice versa.
*/}}
- name: NOT_USED_NSS
value: {{ toJson . | quote }}
{{- end }}
{{- end }}
{{- if .prometheus.port }} # 0 is false
- name: PROMETHEUS_PORT
value: "{{ .prometheus.port }}"
{{- end }}
- name: MAX_NAMESPACE_SPECIFIC_WATCHERS
value: {{.maxNamespaceSpecificWatchers | quote }}
- name: MANAGER_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
{{- /*
Client configuration
*/}}
{{- with .client }}
{{- if .connectionTTL }}
- name: CLIENT_CONNECTION_TTL
value: {{ .connectionTTL }}
{{- end }}
{{- with .routing }}
{{- if .alsoProxySubnets }}
- name: CLIENT_ROUTING_ALSO_PROXY_SUBNETS
value: "{{ join " " .alsoProxySubnets }}"
{{- end }}
{{- if .neverProxySubnets }}
- name: CLIENT_ROUTING_NEVER_PROXY_SUBNETS
value: "{{ join " " .neverProxySubnets }}"
{{- end }}
{{- if .allowConflictingSubnets }}
- name: CLIENT_ROUTING_ALLOW_CONFLICTING_SUBNETS
value: "{{ join " " .allowConflictingSubnets }}"
{{- end }}
{{- end }}
{{- with .dns }}
{{- with .excludeSuffixes }}
- name: CLIENT_DNS_EXCLUDE_SUFFIXES
value: "{{ join " " . }}"
{{- end }}
{{- with .includeSuffixes }}
- name: CLIENT_DNS_INCLUDE_SUFFIXES
value: "{{ join " " . }}"
{{- end }}
{{- end }}
{{- end }}
{{- with .compatibility }}
{{- if .version }}
- name: COMPATIBILITY_VERSION
value: {{ .version }}
{{- end }}
{{- end }}
{{- if and .trafficManager .trafficManager.envTemplate }}
{{- template "traffic-manager-env" . }}
{{- end }}
ports:
- name: api
containerPort: {{ .apiPort }}
- name: https
containerPort: {{ .agentInjector.webhook.port }}
{{- if .prometheus.port }} # 0 is false
- name: prometheus
containerPort: {{ .prometheus.port }}
{{- end }}
{{- with .livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if eq .agentInjector.certificate.accessMethod "mount" }}
volumeMounts:
{{- if .agentInjector.enabled }}
- name: tls
mountPath: /var/run/secrets/tls
readOnly: true
{{- end }}
{{- if and .trafficManager .trafficManager.mountsTemplate }}
{{- template "traffic-manager-mounts" . }}
{{- end }}
{{- else }}
{{- if and .trafficManager .trafficManager.mountsTemplate }}
volumeMounts:
{{- template "traffic-manager-mounts" . }}
{{- end }}
{{- end }}
{{- with .schedulerName }}
schedulerName: {{ . }}
{{- end }}
{{- with .nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- if eq .agentInjector.certificate.accessMethod "mount" }}
volumes:
{{- if .agentInjector.enabled }}
- name: tls
secret:
defaultMode: 420
secretName: {{ .agentInjector.secret.name }}
{{- end }}
{{- if and .trafficManager .trafficManager.volsTemplate }}
{{- template "traffic-manager-vols" . }}
{{- end }}
{{- else }}
{{- if and .trafficManager .trafficManager.volsTemplate }}
volumes:
{{- template "traffic-manager-vols" . }}
{{- end }}
{{- end }}
serviceAccount: traffic-manager
serviceAccountName: traffic-manager
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink