...

Text file src/github.com/linkerd/linkerd2/multicluster/charts/linkerd-multicluster/templates/gateway.yaml

Documentation: github.com/linkerd/linkerd2/multicluster/charts/linkerd-multicluster/templates

     1{{if .Values.gateway.enabled -}}
     2---
     3{{- $tree := deepCopy . }}
     4apiVersion: apps/v1
     5kind: Deployment
     6metadata:
     7  annotations:
     8    {{ include "partials.annotations.created-by" . }}
     9  labels:
    10    app.kubernetes.io/name: gateway
    11    app.kubernetes.io/part-of: Linkerd
    12    app.kubernetes.io/version: {{.Values.linkerdVersion}}
    13    component: gateway
    14    app: {{.Values.gateway.name}}
    15    linkerd.io/extension: multicluster
    16    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    17  name: {{.Values.gateway.name}}
    18  namespace: {{ .Release.Namespace }}
    19spec:
    20  replicas: {{.Values.gateway.replicas}}
    21  revisionHistoryLimit: {{.Values.revisionHistoryLimit}}
    22  selector:
    23    matchLabels:
    24      app: {{.Values.gateway.name}}
    25  {{- if .Values.enablePodAntiAffinity }}
    26  strategy:
    27    rollingUpdate:
    28      maxUnavailable: 1
    29  {{- end }}
    30  template:
    31    metadata:
    32      annotations:
    33        {{ include "partials.annotations.created-by" . }}
    34        linkerd.io/inject: enabled
    35        config.linkerd.io/proxy-require-identity-inbound-ports: "{{.Values.gateway.port}}"
    36        config.linkerd.io/enable-gateway: "true"
    37        config.linkerd.io/default-inbound-policy: all-authenticated
    38        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
    39        {{- with .Values.gateway.deploymentAnnotations }}{{ toYaml . | trim | nindent 8 }}{{- end }}
    40      labels:
    41        app: {{.Values.gateway.name}}
    42        linkerd.io/extension: multicluster
    43        {{- with .Values.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }}
    44    spec:
    45      {{- $_ := set $tree "component" .Values.gateway.name -}}
    46      {{- $_ := set $tree "label" "app" -}}
    47      {{- include "linkerd.affinity" $tree | nindent 6 }}
    48      {{- if .Values.gateway.terminationGracePeriodSeconds }}
    49      terminationGracePeriodSeconds: {{.Values.gateway.terminationGracePeriodSeconds}}
    50      {{- end }}
    51      containers:
    52        - name: pause
    53          image: {{ .Values.gateway.pauseImage }}
    54          securityContext:
    55            allowPrivilegeEscalation: false
    56            capabilities:
    57              drop:
    58              - ALL
    59            readOnlyRootFilesystem: true
    60            runAsNonRoot: true
    61            runAsUser: {{.Values.gateway.UID}}
    62            runAsGroup: {{.Values.gateway.GID}}
    63            seccompProfile:
    64              type: RuntimeDefault
    65      securityContext:
    66        seccompProfile:
    67          type: RuntimeDefault
    68      serviceAccountName: {{.Values.gateway.name}}
    69      {{- with .Values.gateway.nodeSelector }}
    70      nodeSelector: {{ toYaml . | nindent 8 }}
    71      {{- end }}
    72      {{- with .Values.gateway.tolerations }}
    73      tolerations: {{ toYaml . | nindent 6 }}
    74      {{- end }}
    75{{- if .Values.enablePodAntiAffinity }}
    76---
    77kind: PodDisruptionBudget
    78apiVersion: policy/v1
    79metadata:
    80  name: {{.Values.gateway.name}}
    81  namespace: {{ .Release.Namespace }}
    82  labels:
    83    app: {{.Values.gateway.name}}
    84    linkerd.io/extension: multicluster
    85    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    86  annotations:
    87    {{ include "partials.annotations.created-by" . }}
    88spec:
    89  maxUnavailable: 1
    90  selector:
    91    matchLabels:
    92      app: {{.Values.gateway.name}}
    93{{- end }}
    94---
    95apiVersion: v1
    96kind: Service
    97metadata:
    98  name: {{.Values.gateway.name}}
    99  namespace: {{ .Release.Namespace }}
   100  labels:
   101    linkerd.io/extension: multicluster
   102    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   103  annotations:
   104    mirror.linkerd.io/gateway-identity: {{.Values.gateway.name}}.{{.Release.Namespace}}.serviceaccount.identity.{{.Values.linkerdNamespace}}.{{.Values.identityTrustDomain}}
   105    mirror.linkerd.io/probe-period: "{{.Values.gateway.probe.seconds}}"
   106    mirror.linkerd.io/probe-path: {{.Values.gateway.probe.path}}
   107    mirror.linkerd.io/multicluster-gateway: "true"
   108    component: gateway
   109    {{ include "partials.annotations.created-by" . }}
   110    {{- with .Values.gateway.serviceAnnotations }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   111spec:
   112  ports:
   113  {{- $setNodePorts := (or (eq .Values.gateway.serviceType "NodePort") (eq .Values.gateway.serviceType "LoadBalancer")) }}
   114  - name: mc-gateway
   115    port: {{.Values.gateway.port}}
   116    protocol: TCP
   117  {{- if (and $setNodePorts .Values.gateway.nodePort) }}
   118    nodePort: {{ .Values.gateway.nodePort }}
   119  {{- end }}
   120  - name: mc-probe
   121    port: {{.Values.gateway.probe.port}}
   122    protocol: TCP
   123  {{- if (and $setNodePorts .Values.gateway.probe.nodePort) }}
   124    nodePort: {{ .Values.gateway.probe.nodePort }}
   125  {{- end }}
   126  selector:
   127    app: {{.Values.gateway.name}}
   128  type: {{ .Values.gateway.serviceType }}
   129{{- if .Values.gateway.loadBalancerClass }}
   130  loadBalancerClass: {{ .Values.gateway.loadBalancerClass }}
   131{{- end }}
   132{{- if .Values.gateway.loadBalancerIP }}
   133  loadBalancerIP: {{ .Values.gateway.loadBalancerIP }}
   134{{- end }}
   135{{- if .Values.gateway.loadBalancerSourceRanges }}
   136  loadBalancerSourceRanges:
   137  {{- range .Values.gateway.loadBalancerSourceRanges }}
   138  - {{ . }}
   139  {{- end }}
   140{{- end }}
   141---
   142kind: ServiceAccount
   143apiVersion: v1
   144metadata:
   145  name: {{.Values.gateway.name}}
   146  namespace: {{ .Release.Namespace }}
   147  labels:
   148    linkerd.io/extension: multicluster
   149    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   150{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }}
   151{{end -}}

View as plain text