| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 1 | {{- if or (eq .Values.controller.kind "Deployment") (eq .Values.controller.kind "Both") -}} |
| 2 | {{- include "isControllerTagValid" . -}} |
| 3 | apiVersion: apps/v1 |
| 4 | kind: Deployment |
| 5 | metadata: |
| 6 | labels: |
| 7 | {{- include "ingress-nginx.labels" . | nindent 4 }} |
| 8 | app.kubernetes.io/component: controller |
| 9 | {{- with .Values.controller.labels }} |
| 10 | {{- toYaml . | nindent 4 }} |
| 11 | {{- end }} |
| 12 | name: {{ include "ingress-nginx.controller.fullname" . }} |
| 13 | namespace: {{ .Release.Namespace }} |
| 14 | {{- if .Values.controller.annotations }} |
| 15 | annotations: {{ toYaml .Values.controller.annotations | nindent 4 }} |
| 16 | {{- end }} |
| 17 | spec: |
| 18 | selector: |
| 19 | matchLabels: |
| 20 | {{- include "ingress-nginx.selectorLabels" . | nindent 6 }} |
| 21 | app.kubernetes.io/component: controller |
| 22 | {{- if not .Values.controller.autoscaling.enabled }} |
| 23 | replicas: {{ .Values.controller.replicaCount }} |
| 24 | {{- end }} |
| 25 | revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} |
| 26 | {{- if .Values.controller.updateStrategy }} |
| 27 | strategy: |
| 28 | {{ toYaml .Values.controller.updateStrategy | nindent 4 }} |
| 29 | {{- end }} |
| 30 | minReadySeconds: {{ .Values.controller.minReadySeconds }} |
| 31 | template: |
| 32 | metadata: |
| 33 | {{- if .Values.controller.podAnnotations }} |
| 34 | annotations: |
| 35 | {{- range $key, $value := .Values.controller.podAnnotations }} |
| 36 | {{ $key }}: {{ $value | quote }} |
| 37 | {{- end }} |
| 38 | {{- end }} |
| 39 | labels: |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 40 | {{- include "ingress-nginx.labels" . | nindent 8 }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 41 | app.kubernetes.io/component: controller |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 42 | {{- with .Values.controller.labels }} |
| 43 | {{- toYaml . | nindent 8 }} |
| 44 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 45 | {{- if .Values.controller.podLabels }} |
| 46 | {{- toYaml .Values.controller.podLabels | nindent 8 }} |
| 47 | {{- end }} |
| 48 | spec: |
| 49 | {{- if .Values.controller.dnsConfig }} |
| 50 | dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }} |
| 51 | {{- end }} |
| 52 | {{- if .Values.controller.hostname }} |
| 53 | hostname: {{ toYaml .Values.controller.hostname | nindent 8 }} |
| 54 | {{- end }} |
| 55 | dnsPolicy: {{ .Values.controller.dnsPolicy }} |
| 56 | {{- if .Values.imagePullSecrets }} |
| 57 | imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} |
| 58 | {{- end }} |
| 59 | {{- if .Values.controller.priorityClassName }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 60 | priorityClassName: {{ .Values.controller.priorityClassName | quote }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 61 | {{- end }} |
| 62 | {{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }} |
| 63 | securityContext: |
| 64 | {{- end }} |
| 65 | {{- if .Values.controller.podSecurityContext }} |
| 66 | {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} |
| 67 | {{- end }} |
| 68 | {{- if .Values.controller.sysctls }} |
| 69 | sysctls: |
| 70 | {{- range $sysctl, $value := .Values.controller.sysctls }} |
| 71 | - name: {{ $sysctl | quote }} |
| 72 | value: {{ $value | quote }} |
| 73 | {{- end }} |
| 74 | {{- end }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 75 | {{- if .Values.controller.shareProcessNamespace }} |
| 76 | shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }} |
| 77 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 78 | containers: |
| 79 | - name: {{ .Values.controller.containerName }} |
| 80 | {{- with .Values.controller.image }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 81 | image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ include "ingress-nginx.image" . }}{{- end -}}:{{ .tag }}{{ include "ingress-nginx.imageDigest" . }}" |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 82 | {{- end }} |
| 83 | imagePullPolicy: {{ .Values.controller.image.pullPolicy }} |
| 84 | {{- if .Values.controller.lifecycle }} |
| 85 | lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }} |
| 86 | {{- end }} |
| 87 | args: |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 88 | {{- include "ingress-nginx.params" . | nindent 12 }} |
| 89 | securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 90 | env: |
| 91 | - name: POD_NAME |
| 92 | valueFrom: |
| 93 | fieldRef: |
| 94 | fieldPath: metadata.name |
| 95 | - name: POD_NAMESPACE |
| 96 | valueFrom: |
| 97 | fieldRef: |
| 98 | fieldPath: metadata.namespace |
| 99 | {{- if .Values.controller.enableMimalloc }} |
| 100 | - name: LD_PRELOAD |
| 101 | value: /usr/local/lib/libmimalloc.so |
| 102 | {{- end }} |
| 103 | {{- if .Values.controller.extraEnvs }} |
| 104 | {{- toYaml .Values.controller.extraEnvs | nindent 12 }} |
| 105 | {{- end }} |
| 106 | {{- if .Values.controller.startupProbe }} |
| 107 | startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }} |
| 108 | {{- end }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 109 | {{- if .Values.controller.livenessProbe }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 110 | livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 111 | {{- end }} |
| 112 | {{- if .Values.controller.readinessProbe }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 113 | readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 114 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 115 | ports: |
| 116 | {{- range $key, $value := .Values.controller.containerPort }} |
| 117 | - name: {{ $key }} |
| 118 | containerPort: {{ $value }} |
| 119 | protocol: TCP |
| 120 | {{- if $.Values.controller.hostPort.enabled }} |
| 121 | hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }} |
| 122 | {{- end }} |
| 123 | {{- end }} |
| 124 | {{- if .Values.controller.metrics.enabled }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 125 | - name: {{ .Values.controller.metrics.portName }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 126 | containerPort: {{ .Values.controller.metrics.port }} |
| 127 | protocol: TCP |
| 128 | {{- end }} |
| 129 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 130 | - name: webhook |
| 131 | containerPort: {{ .Values.controller.admissionWebhooks.port }} |
| 132 | protocol: TCP |
| 133 | {{- end }} |
| 134 | {{- range $key, $value := .Values.tcp }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 135 | - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 136 | containerPort: {{ $key }} |
| 137 | protocol: TCP |
| 138 | {{- if $.Values.controller.hostPort.enabled }} |
| 139 | hostPort: {{ $key }} |
| 140 | {{- end }} |
| 141 | {{- end }} |
| 142 | {{- range $key, $value := .Values.udp }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 143 | - name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 144 | containerPort: {{ $key }} |
| 145 | protocol: UDP |
| 146 | {{- if $.Values.controller.hostPort.enabled }} |
| 147 | hostPort: {{ $key }} |
| 148 | {{- end }} |
| 149 | {{- end }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 150 | {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 151 | volumeMounts: |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 152 | {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} |
| 153 | - name: modules |
| 154 | {{ if .Values.controller.image.chroot }} |
| 155 | mountPath: /chroot/modules_mount |
| 156 | {{ else }} |
| 157 | mountPath: /modules_mount |
| 158 | {{ end }} |
| 159 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 160 | {{- if .Values.controller.customTemplate.configMapName }} |
| 161 | - mountPath: /etc/nginx/template |
| 162 | name: nginx-template-volume |
| 163 | readOnly: true |
| 164 | {{- end }} |
| 165 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 166 | - name: webhook-cert |
| 167 | mountPath: /usr/local/certificates/ |
| 168 | readOnly: true |
| 169 | {{- end }} |
| 170 | {{- if .Values.controller.extraVolumeMounts }} |
| 171 | {{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }} |
| 172 | {{- end }} |
| 173 | {{- end }} |
| 174 | {{- if .Values.controller.resources }} |
| 175 | resources: {{ toYaml .Values.controller.resources | nindent 12 }} |
| 176 | {{- end }} |
| 177 | {{- if .Values.controller.extraContainers }} |
| 178 | {{ toYaml .Values.controller.extraContainers | nindent 8 }} |
| 179 | {{- end }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 180 | {{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} |
| 181 | initContainers: |
| 182 | {{- if .Values.controller.extraInitContainers }} |
| 183 | {{ toYaml .Values.controller.extraInitContainers | nindent 8 }} |
| 184 | {{- end }} |
| 185 | {{- if .Values.controller.extraModules }} |
| 186 | {{- range .Values.controller.extraModules }} |
| 187 | {{ $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }} |
| 188 | {{ include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | indent 8 }} |
| 189 | {{- end }} |
| 190 | {{- end }} |
| 191 | {{- if .Values.controller.opentelemetry.enabled}} |
| 192 | {{ $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }} |
| 193 | {{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext) | nindent 8}} |
| 194 | {{- end}} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 195 | {{- end }} |
| 196 | {{- if .Values.controller.hostNetwork }} |
| 197 | hostNetwork: {{ .Values.controller.hostNetwork }} |
| 198 | {{- end }} |
| 199 | {{- if .Values.controller.nodeSelector }} |
| 200 | nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }} |
| 201 | {{- end }} |
| 202 | {{- if .Values.controller.tolerations }} |
| 203 | tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }} |
| 204 | {{- end }} |
| 205 | {{- if .Values.controller.affinity }} |
| 206 | affinity: {{ toYaml .Values.controller.affinity | nindent 8 }} |
| 207 | {{- end }} |
| 208 | {{- if .Values.controller.topologySpreadConstraints }} |
| 209 | topologySpreadConstraints: {{ toYaml .Values.controller.topologySpreadConstraints | nindent 8 }} |
| 210 | {{- end }} |
| 211 | serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }} |
| 212 | terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 213 | {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 214 | volumes: |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 215 | {{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}} |
| 216 | - name: modules |
| 217 | emptyDir: {} |
| 218 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 219 | {{- if .Values.controller.customTemplate.configMapName }} |
| 220 | - name: nginx-template-volume |
| 221 | configMap: |
| 222 | name: {{ .Values.controller.customTemplate.configMapName }} |
| 223 | items: |
| 224 | - key: {{ .Values.controller.customTemplate.configMapKey }} |
| 225 | path: nginx.tmpl |
| 226 | {{- end }} |
| 227 | {{- if .Values.controller.admissionWebhooks.enabled }} |
| 228 | - name: webhook-cert |
| 229 | secret: |
| 230 | secretName: {{ include "ingress-nginx.fullname" . }}-admission |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame^] | 231 | {{- if .Values.controller.admissionWebhooks.certManager.enabled }} |
| 232 | items: |
| 233 | - key: tls.crt |
| 234 | path: cert |
| 235 | - key: tls.key |
| 236 | path: key |
| 237 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 238 | {{- end }} |
| 239 | {{- if .Values.controller.extraVolumes }} |
| 240 | {{ toYaml .Values.controller.extraVolumes | nindent 8 }} |
| 241 | {{- end }} |
| 242 | {{- end }} |
| 243 | {{- end }} |