1{{if .Values.gateway.enabled -}}
2---
3{{- $tree := deepCopy . }}
4apiVersion: apps/v1
5kind: Deployment
6metadata:
7 annotations:
8 {{ include "partials.annotations.created-by" . }}
9 labels:
10 app.kubernetes.io/name: gateway
11 app.kubernetes.io/part-of: Linkerd
12 app.kubernetes.io/version: {{.Values.linkerdVersion}}
13 component: gateway
14 app: {{.Values.gateway.name}}
15 linkerd.io/extension: multicluster
16 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
17 name: {{.Values.gateway.name}}
18 namespace: {{ .Release.Namespace }}
19spec:
20 replicas: {{.Values.gateway.replicas}}
21 revisionHistoryLimit: {{.Values.revisionHistoryLimit}}
22 selector:
23 matchLabels:
24 app: {{.Values.gateway.name}}
25 {{- if .Values.enablePodAntiAffinity }}
26 strategy:
27 rollingUpdate:
28 maxUnavailable: 1
29 {{- end }}
30 template:
31 metadata:
32 annotations:
33 {{ include "partials.annotations.created-by" . }}
34 linkerd.io/inject: enabled
35 config.linkerd.io/proxy-require-identity-inbound-ports: "{{.Values.gateway.port}}"
36 config.linkerd.io/enable-gateway: "true"
37 config.linkerd.io/default-inbound-policy: all-authenticated
38 cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
39 {{- with .Values.gateway.deploymentAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
40 labels:
41 app: {{.Values.gateway.name}}
42 linkerd.io/extension: multicluster
43 {{- with .Values.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
44 spec:
45 {{- $_ := set $tree "component" .Values.gateway.name -}}
46 {{- $_ := set $tree "label" "app" -}}
47 {{- include "linkerd.affinity" $tree | nindent 6 }}
48 {{- if .Values.gateway.terminationGracePeriodSeconds }}
49 terminationGracePeriodSeconds: {{.Values.gateway.terminationGracePeriodSeconds}}
50 {{- end }}
51 containers:
52 - name: pause
53 image: {{ .Values.gateway.pauseImage }}
54 securityContext:
55 allowPrivilegeEscalation: false
56 capabilities:
57 drop:
58 - ALL
59 readOnlyRootFilesystem: true
60 runAsNonRoot: true
61 runAsUser: {{.Values.gateway.UID}}
62 runAsGroup: {{.Values.gateway.GID}}
63 seccompProfile:
64 type: RuntimeDefault
65 securityContext:
66 seccompProfile:
67 type: RuntimeDefault
68 serviceAccountName: {{.Values.gateway.name}}
69 {{- with .Values.gateway.nodeSelector }}
70 nodeSelector: {{ toYaml . | nindent 8 }}
71 {{- end }}
72 {{- with .Values.gateway.tolerations }}
73 tolerations: {{ toYaml . | nindent 6 }}
74 {{- end }}
75{{- if .Values.enablePodAntiAffinity }}
76---
77kind: PodDisruptionBudget
78apiVersion: policy/v1
79metadata:
80 name: {{.Values.gateway.name}}
81 namespace: {{ .Release.Namespace }}
82 labels:
83 app: {{.Values.gateway.name}}
84 linkerd.io/extension: multicluster
85 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
86 annotations:
87 {{ include "partials.annotations.created-by" . }}
88spec:
89 maxUnavailable: 1
90 selector:
91 matchLabels:
92 app: {{.Values.gateway.name}}
93{{- end }}
94---
95apiVersion: v1
96kind: Service
97metadata:
98 name: {{.Values.gateway.name}}
99 namespace: {{ .Release.Namespace }}
100 labels:
101 linkerd.io/extension: multicluster
102 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
103 annotations:
104 mirror.linkerd.io/gateway-identity: {{.Values.gateway.name}}.{{.Release.Namespace}}.serviceaccount.identity.{{.Values.linkerdNamespace}}.{{.Values.identityTrustDomain}}
105 mirror.linkerd.io/probe-period: "{{.Values.gateway.probe.seconds}}"
106 mirror.linkerd.io/probe-path: {{.Values.gateway.probe.path}}
107 mirror.linkerd.io/multicluster-gateway: "true"
108 component: gateway
109 {{ include "partials.annotations.created-by" . }}
110 {{- with .Values.gateway.serviceAnnotations }}{{ toYaml . | trim | nindent 4 }}{{- end }}
111spec:
112 ports:
113 {{- $setNodePorts := (or (eq .Values.gateway.serviceType "NodePort") (eq .Values.gateway.serviceType "LoadBalancer")) }}
114 - name: mc-gateway
115 port: {{.Values.gateway.port}}
116 protocol: TCP
117 {{- if (and $setNodePorts .Values.gateway.nodePort) }}
118 nodePort: {{ .Values.gateway.nodePort }}
119 {{- end }}
120 - name: mc-probe
121 port: {{.Values.gateway.probe.port}}
122 protocol: TCP
123 {{- if (and $setNodePorts .Values.gateway.probe.nodePort) }}
124 nodePort: {{ .Values.gateway.probe.nodePort }}
125 {{- end }}
126 selector:
127 app: {{.Values.gateway.name}}
128 type: {{ .Values.gateway.serviceType }}
129{{- if .Values.gateway.loadBalancerClass }}
130 loadBalancerClass: {{ .Values.gateway.loadBalancerClass }}
131{{- end }}
132{{- if .Values.gateway.loadBalancerIP }}
133 loadBalancerIP: {{ .Values.gateway.loadBalancerIP }}
134{{- end }}
135{{- if .Values.gateway.loadBalancerSourceRanges }}
136 loadBalancerSourceRanges:
137 {{- range .Values.gateway.loadBalancerSourceRanges }}
138 - {{ . }}
139 {{- end }}
140{{- end }}
141---
142kind: ServiceAccount
143apiVersion: v1
144metadata:
145 name: {{.Values.gateway.name}}
146 namespace: {{ .Release.Namespace }}
147 labels:
148 linkerd.io/extension: multicluster
149 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
150{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }}
151{{end -}}
View as plain text