This repository has been archived by the owner on Feb 22, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16.7k
/
Copy pathserver-daemonset.yaml
148 lines (148 loc) · 5.69 KB
/
server-daemonset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
{{- if .Values.server.enabled -}}
apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
labels:
app: {{ template "kiam.name" . }}
chart: {{ template "kiam.chart" . }}
component: "{{ .Values.server.name }}"
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "kiam.fullname" . }}-server
spec:
selector:
matchLabels:
app: {{ template "kiam.name" . }}
component: "{{ .Values.server.name }}"
release: {{ .Release.Name }}
template:
metadata:
{{- if .Values.server.podAnnotations }}
annotations:
{{ toYaml .Values.server.podAnnotations | indent 8 }}
{{- end }}
labels:
app: {{ template "kiam.name" . }}
component: "{{ .Values.server.name }}"
release: {{ .Release.Name }}
{{- if .Values.server.podLabels }}
{{ toYaml .Values.server.podLabels | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "kiam.serviceAccountName.server" . }}
hostNetwork: {{ .Values.server.useHostNetwork }}
{{- if .Values.server.nodeSelector }}
nodeSelector:
{{ toYaml .Values.server.nodeSelector | indent 8 }}
{{- end }}
tolerations:
{{ toYaml .Values.server.tolerations | indent 8 }}
{{- if .Values.server.affinity }}
affinity:
{{ toYaml .Values.server.affinity | indent 10 }}
{{- end }}
volumes:
- name: tls
secret:
{{- if .Values.server.tlsSecret }}
secretName: {{ .Values.server.tlsSecret }}
{{else}}
secretName: {{ template "kiam.fullname" . }}-server
{{- end }}
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
hostPath:
path: {{ .hostPath }}
{{- end }}
{{- if .Values.server.priorityClassName }}
priorityClassName: {{ .Values.server.priorityClassName | quote }}
{{- end }}
containers:
- name: {{ template "kiam.name" . }}-{{ .Values.server.name }}
image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag }}"
imagePullPolicy: {{ .Values.server.image.pullPolicy }}
command:
- /kiam
- server
args:
{{- if .Values.server.log.jsonOutput }}
- --json-log
{{- end }}
- --level={{ .Values.server.log.level }}
- --bind=0.0.0.0:{{ .Values.server.service.targetPort }}
- --cert=/etc/kiam/tls/{{ .Values.server.tlsCerts.certFileName }}
- --key=/etc/kiam/tls/{{ .Values.server.tlsCerts.keyFileName }}
- --ca=/etc/kiam/tls/{{ .Values.server.tlsCerts.caFileName }}
{{- if .Values.server.roleBaseArn }}
- --role-base-arn={{ .Values.server.roleBaseArn }}
{{- else }}
- --role-base-arn-autodetect
{{- end }}
{{- if .Values.server.assumeRoleArn }}
- --assume-role-arn={{ .Values.server.assumeRoleArn }}
{{- end }}
- --session-duration={{ .Values.server.sessionDuration }}
- --sync={{ .Values.server.cache.syncInterval }}
{{- if .Values.server.prometheus.scrape }}
- --prometheus-listen-addr=0.0.0.0:{{ .Values.server.prometheus.port }}
- --prometheus-sync-interval={{ .Values.server.prometheus.syncInterval }}
{{- end }}
{{- range $key, $value := .Values.server.extraArgs }}
{{- if $value }}
- --{{ $key }}={{ $value }}
{{- else }}
- --{{ $key }}
{{- end }}
{{- end }}
{{- if .Values.server.extraEnv }}
env:
{{- range $name, $value := .Values.server.extraEnv }}
- name: {{ $name }}
value: {{ quote $value }}
{{- end }}
{{- end }}
volumeMounts:
- mountPath: /etc/kiam/tls
name: tls
{{- range .Values.server.extraHostPathMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
readOnly: {{ .readOnly }}
{{- end }}
livenessProbe:
exec:
command:
- /kiam
- health
- --cert=/etc/kiam/tls/{{ .Values.server.tlsCerts.certFileName }}
- --key=/etc/kiam/tls/{{ .Values.server.tlsCerts.keyFileName }}
- --ca=/etc/kiam/tls/{{ .Values.server.tlsCerts.caFileName }}
- --server-address={{ .Values.server.probes.serverAddress }}:{{ .Values.server.service.targetPort }}
- --server-address-refresh=2s
- --timeout=5s
- --gateway-timeout-creation={{ .Values.server.gatewayTimeoutCreation }}
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 10
readinessProbe:
exec:
command:
- /kiam
- health
- --cert=/etc/kiam/tls/{{ .Values.server.tlsCerts.certFileName }}
- --key=/etc/kiam/tls/{{ .Values.server.tlsCerts.keyFileName }}
- --ca=/etc/kiam/tls/{{ .Values.server.tlsCerts.caFileName }}
- --server-address={{ .Values.server.probes.serverAddress }}:{{ .Values.server.service.targetPort }}
- --server-address-refresh=2s
- --timeout=5s
- --gateway-timeout-creation={{ .Values.server.gatewayTimeoutCreation }}
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 10
{{- if .Values.server.resources }}
resources:
{{ toYaml .Values.server.resources | indent 12 }}
{{- end }}
updateStrategy:
type: {{ .Values.server.updateStrategy }}
{{- end }}