| Giorgi Lekveishvili | 285ab62 | 2023-11-22 13:50:45 +0400 | [diff] [blame] | 1 | {{- if .Values.controller.enabled }} |
| 2 | apiVersion: apps/v1 |
| 3 | kind: Deployment |
| 4 | metadata: |
| 5 | name: {{ template "metallb.fullname" . }}-controller |
| 6 | namespace: {{ .Release.Namespace | quote }} |
| 7 | labels: |
| 8 | {{- include "metallb.labels" . | nindent 4 }} |
| 9 | app.kubernetes.io/component: controller |
| 10 | {{- range $key, $value := .Values.controller.labels }} |
| 11 | {{ $key }}: {{ $value | quote }} |
| 12 | {{- end }} |
| 13 | spec: |
| 14 | {{- if .Values.controller.strategy }} |
| 15 | strategy: {{- toYaml .Values.controller.strategy | nindent 4 }} |
| 16 | {{- end }} |
| 17 | selector: |
| 18 | matchLabels: |
| 19 | {{- include "metallb.selectorLabels" . | nindent 6 }} |
| 20 | app.kubernetes.io/component: controller |
| 21 | template: |
| 22 | metadata: |
| 23 | {{- if or .Values.prometheus.scrapeAnnotations .Values.controller.podAnnotations }} |
| 24 | annotations: |
| 25 | {{- if .Values.prometheus.scrapeAnnotations }} |
| 26 | prometheus.io/scrape: "true" |
| 27 | prometheus.io/port: "{{ .Values.prometheus.metricsPort }}" |
| 28 | {{- end }} |
| 29 | {{- with .Values.controller.podAnnotations }} |
| 30 | {{- toYaml . | nindent 8 }} |
| 31 | {{- end }} |
| 32 | {{- end }} |
| 33 | labels: |
| 34 | {{- include "metallb.selectorLabels" . | nindent 8 }} |
| 35 | app.kubernetes.io/component: controller |
| 36 | {{- range $key, $value := .Values.controller.labels }} |
| 37 | {{ $key }}: {{ $value | quote }} |
| 38 | {{- end }} |
| 39 | spec: |
| 40 | {{- with .Values.controller.runtimeClassName }} |
| 41 | runtimeClassName: {{ . | quote }} |
| 42 | {{- end }} |
| 43 | {{- with .Values.imagePullSecrets }} |
| 44 | imagePullSecrets: |
| 45 | {{- toYaml . | nindent 8 }} |
| 46 | {{- end }} |
| 47 | serviceAccountName: {{ template "metallb.controller.serviceAccountName" . }} |
| 48 | terminationGracePeriodSeconds: 0 |
| 49 | {{- if .Values.controller.securityContext }} |
| 50 | securityContext: |
| 51 | {{ toYaml .Values.controller.securityContext | indent 8 }} |
| 52 | {{- end }} |
| 53 | containers: |
| 54 | - name: controller |
| 55 | image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag | default .Chart.AppVersion }} |
| 56 | {{- if .Values.controller.image.pullPolicy }} |
| 57 | imagePullPolicy: {{ .Values.controller.image.pullPolicy }} |
| 58 | {{- end }} |
| 59 | {{- if .Values.controller.command }} |
| 60 | command: |
| 61 | - {{ .Values.controller.command }} |
| 62 | {{- end }} |
| 63 | args: |
| 64 | - --port={{ .Values.prometheus.metricsPort }} |
| 65 | {{- with .Values.controller.logLevel }} |
| 66 | - --log-level={{ . }} |
| 67 | {{- end }} |
| 68 | - --cert-service-name=metallb-webhook-service |
| 69 | {{- if .Values.loadBalancerClass }} |
| 70 | - --lb-class={{ .Values.loadBalancerClass }} |
| 71 | {{- end }} |
| 72 | {{- if .Values.controller.webhookMode }} |
| 73 | - --webhook-mode={{ .Values.controller.webhookMode }} |
| 74 | {{- end }} |
| 75 | env: |
| 76 | {{- if and .Values.speaker.enabled .Values.speaker.memberlist.enabled }} |
| 77 | - name: METALLB_ML_SECRET_NAME |
| 78 | value: {{ include "metallb.secretName" . }} |
| 79 | - name: METALLB_DEPLOYMENT |
| 80 | value: {{ template "metallb.fullname" . }}-controller |
| 81 | {{- end }} |
| 82 | {{- if .Values.speaker.frr.enabled }} |
| 83 | - name: METALLB_BGP_TYPE |
| 84 | value: frr |
| 85 | {{- end }} |
| 86 | ports: |
| 87 | - name: monitoring |
| 88 | containerPort: {{ .Values.prometheus.metricsPort }} |
| 89 | - containerPort: 9443 |
| 90 | name: webhook-server |
| 91 | protocol: TCP |
| 92 | volumeMounts: |
| 93 | - mountPath: /tmp/k8s-webhook-server/serving-certs |
| 94 | name: cert |
| 95 | readOnly: true |
| 96 | {{- if .Values.controller.livenessProbe.enabled }} |
| 97 | livenessProbe: |
| 98 | httpGet: |
| 99 | path: /metrics |
| 100 | port: monitoring |
| 101 | initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }} |
| 102 | periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }} |
| 103 | timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }} |
| 104 | successThreshold: {{ .Values.controller.livenessProbe.successThreshold }} |
| 105 | failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }} |
| 106 | {{- end }} |
| 107 | {{- if .Values.controller.readinessProbe.enabled }} |
| 108 | readinessProbe: |
| 109 | httpGet: |
| 110 | path: /metrics |
| 111 | port: monitoring |
| 112 | initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }} |
| 113 | periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }} |
| 114 | timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }} |
| 115 | successThreshold: {{ .Values.controller.readinessProbe.successThreshold }} |
| 116 | failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }} |
| 117 | {{- end }} |
| 118 | {{- with .Values.controller.resources }} |
| 119 | resources: |
| 120 | {{- toYaml . | nindent 10 }} |
| 121 | {{- end }} |
| 122 | securityContext: |
| 123 | allowPrivilegeEscalation: false |
| 124 | readOnlyRootFilesystem: true |
| 125 | capabilities: |
| 126 | drop: |
| 127 | - ALL |
| 128 | {{- if .Values.prometheus.secureMetricsPort }} |
| 129 | - name: kube-rbac-proxy |
| 130 | image: {{ .Values.prometheus.rbacProxy.repository }}:{{ .Values.prometheus.rbacProxy.tag }} |
| 131 | imagePullPolicy: {{ .Values.prometheus.rbacProxy.pullPolicy }} |
| 132 | args: |
| 133 | - --logtostderr |
| 134 | - --secure-listen-address=:{{ .Values.prometheus.secureMetricsPort }} |
| 135 | - --upstream=http://127.0.0.1:{{ .Values.prometheus.metricsPort }}/ |
| 136 | - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| 137 | {{- if .Values.prometheus.controllerMetricsTLSSecret }} |
| 138 | - --tls-private-key-file=/etc/metrics/tls.key |
| 139 | - --tls-cert-file=/etc/metrics/tls.crt |
| 140 | {{- end }} |
| 141 | ports: |
| 142 | - containerPort: {{ .Values.prometheus.secureMetricsPort }} |
| 143 | name: metricshttps |
| 144 | resources: |
| 145 | requests: |
| 146 | cpu: 10m |
| 147 | memory: 20Mi |
| 148 | terminationMessagePolicy: FallbackToLogsOnError |
| 149 | {{- if .Values.prometheus.controllerMetricsTLSSecret }} |
| 150 | volumeMounts: |
| 151 | - name: metrics-certs |
| 152 | mountPath: /etc/metrics |
| 153 | readOnly: true |
| 154 | {{- end }} |
| 155 | {{ end }} |
| 156 | nodeSelector: |
| 157 | "kubernetes.io/os": linux |
| 158 | {{- with .Values.controller.nodeSelector }} |
| 159 | {{- toYaml . | nindent 8 }} |
| 160 | {{- end }} |
| 161 | {{- with .Values.controller.affinity }} |
| 162 | affinity: |
| 163 | {{- toYaml . | nindent 8 }} |
| 164 | {{- end }} |
| 165 | {{- with .Values.controller.tolerations }} |
| 166 | tolerations: |
| 167 | {{- toYaml . | nindent 6 }} |
| 168 | {{- end }} |
| 169 | {{- with .Values.controller.priorityClassName }} |
| 170 | priorityClassName: {{ . | quote }} |
| 171 | {{- end }} |
| 172 | volumes: |
| 173 | - name: cert |
| 174 | secret: |
| 175 | defaultMode: 420 |
| 176 | secretName: webhook-server-cert |
| 177 | {{- if .Values.prometheus.controllerMetricsTLSSecret }} |
| 178 | - name: metrics-certs |
| 179 | secret: |
| 180 | secretName: {{ .Values.prometheus.controllerMetricsTLSSecret }} |
| 181 | {{- end }} |
| 182 | {{- end }} |