-
Notifications
You must be signed in to change notification settings - Fork 35
Expand file tree
/
Copy path_podtemplate.yaml
More file actions
160 lines (146 loc) · 6.17 KB
/
_podtemplate.yaml
File metadata and controls
160 lines (146 loc) · 6.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
{{- define "mender.tenantadmPodTemplate" -}}
metadata:
{{- with .dot.Values.tenantadm.podAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "mender.labels" . | nindent 4 }}
spec:
serviceAccountName: {{ include "mender.serviceAccountName" . }}
{{- with (coalesce .dot.Values.tenantadm.affinity .dot.Values.default.affinity) }}
affinity: {{ toYaml . | nindent 4 }}
{{- end }}
{{- with (coalesce .dot.Values.tenantadm.tolerations .dot.Values.default.tolerations) }}
tolerations: {{ toYaml . | nindent 4 }}
{{- end }}
{{- if .dot.Values.tenantadm.podSecurityContext.enabled }}
securityContext: {{- omit .dot.Values.tenantadm.podSecurityContext "enabled" | toYaml | nindent 4 }}
{{- end }}
{{- with .restartPolicy }}
restartPolicy: {{ quote . }}
{{- end }}
containers:
- name: {{ ternary "tenantadm" "tenantadm-migration" (empty .migration) | quote }}
image: {{ include "mender.image" . }}
imagePullPolicy: {{ include "mender.imagePullPolicy" . }}
{{- if .dot.Values.tenantadm.containerSecurityContext.enabled }}
securityContext: {{- omit .dot.Values.tenantadm.containerSecurityContext "enabled" | toYaml | nindent 6 }}
{{- end }}
{{- with include "mender.resources" (list .dot.Values.default.resources .dot.Values.tenantadm.resources .extraResources )}}
resources: {{- nindent 6 . }}
{{- end }}
{{- if .args }}
args: {{- toYaml .args | nindent 6 }}
{{- else if .dot.Values.tenantadm.args }}
args: {{- toYaml .dot.Values.tenantadm.args | nindent 6 }}
{{- end }}
{{- if (not .migration) }}
# Readiness/liveness probes
readinessProbe:
httpGet:
path: /api/internal/v1/tenantadm/health
port: 8080
periodSeconds: 15
{{- with include "mender.probesOverrides" (dict "default" .dot.Values.default.probesOverrides "override" .dot.Values.tenantadm.probesOverrides ) }}
{{- nindent 6 . }}
{{- end }}
livenessProbe:
httpGet:
path: /api/internal/v1/tenantadm/alive
port: 8080
periodSeconds: 5
{{- with include "mender.probesOverrides" (dict "default" .dot.Values.default.probesOverrides "override" .dot.Values.tenantadm.probesOverrides ) }}
{{- nindent 6 . }}
{{- end }}
startupProbe:
httpGet:
path: /api/internal/v1/tenantadm/alive
port: 8080
failureThreshold: 36
periodSeconds: 5
{{- end }}
{{- if and (not .migration)
.dot.Values.tenantadm.certs
(or .dot.Values.tenantadm.certs.key
.dot.Values.tenantadm.certs.existingSecret)
}}
volumeMounts:
- name: rsa
mountPath: "/etc/tenantadm/rsa/"
readOnly: true
{{- with .dot.Values.tenantadm.mountSecrets }}
{{- toYaml .volumeMounts | nindent 4 }}
{{- end }}
{{- end }}
env:
- name: TENANTADM_MIDDLEWARE
value: {{ .dot.Values.tenantadm.env.TENANTADM_MIDDLEWARE | quote }}
- name: TENANTADM_SERVER_PRIV_KEY_PATH
value: {{ .dot.Values.tenantadm.env.TENANTADM_SERVER_PRIV_KEY_PATH | quote }}
- name: TENANTADM_DEPLOYMENTS_ADDR
value: {{ printf "http://%s:%v" .dot.Values.deployments.service.name .dot.Values.deployments.service.port | quote }}
- name: TENANTADM_DEVICEAUTH_ADDR
value: {{ printf "http://%s:%v" .dot.Values.device_auth.service.name .dot.Values.device_auth.service.port | quote }}
- name: TENANTADM_INVENTORY_ADDR
value: {{ printf "http://%s:%v" .dot.Values.inventory.service.name .dot.Values.inventory.service.port | quote }}
- name: TENANTADM_ORCHESTRATOR_ADDR
value: {{ printf "http://%s:%v" .dot.Values.workflows.service.name .dot.Values.workflows.service.port | quote }}
- name: TENANTADM_USERADM_ADDR
value: {{ printf "http://%s:%v" .dot.Values.useradm.service.name .dot.Values.useradm.service.port | quote }}
{{- if and .dot.Values.auditlogs.enabled .dot.Values.global.enterprise }}
- name: TENANTADM_AUDITLOGS_ADDR
value: {{ printf "http://%s:%v" .dot.Values.auditlogs.service.name .dot.Values.auditlogs.service.port | quote }}
{{- end }}
- name: TENANTADM_RECAPTCHA_URL_VERIFY
value: {{ .dot.Values.tenantadm.env.TENANTADM_RECAPTCHA_URL_VERIFY | quote }}
- name: TENANTADM_DEFAULT_API_LIMITS
value: {{ .dot.Values.tenantadm.env.TENANTADM_DEFAULT_API_LIMITS | quote }}
{{- if .dot.Values.global.hosted }}
- name: TENANTADM_ENABLE_SELF_SERVICE_SIGN_UP
value: {{ .dot.Values.global.hosted | quote }}
{{- end }}
{{- include "mender.customEnvs" (merge (deepCopy .dot.Values.tenantadm) (deepCopy (default (dict) .dot.Values.default))) | nindent 4 }}
# Supported configuration settings: https://github.com/mendersoftware/tenantadm/blob/master/config.yaml
# Set in order, last value for the key will be used in case duplications.
envFrom:
- prefix: TENANTADM_
secretRef:
name: {{ .dot.Values.global.mongodb.existingSecret | default (ternary "mongodb-common" "mongodb-common-prerelease" (empty .migration)) }}
{{- with (coalesce .dot.Values.tenantadm.nodeSelector .dot.Values.default.nodeSelector) }}
nodeSelector: {{ toYaml . | nindent 4 }}
{{- end }}
{{- if and (not .migration)
.dot.Values.tenantadm.certs
(or .dot.Values.tenantadm.certs.key
.dot.Values.tenantadm.certs.existingSecret)
}}
volumes:
- name: rsa
secret:
{{- with .dot.Values.tenantadm.certs }}
{{- if .existingSecret }}
secretName: {{ .existingSecret }}
{{- else }}
secretName: rsa-tenantadm
{{- end }}
{{- end }}
{{- with .dot.Values.tenantadm.mountSecrets }}
{{- toYaml .volumes | nindent 2 }}
{{- end }}
{{- end }}
{{- if and .dot.Values.global.image .dot.Values.global.image.username }}
imagePullSecrets:
- name: {{ ternary "docker-registry" "docker-registry-prerelease" (empty .migration) }}
{{- else }}
{{- $ips := coalesce .dot.Values.tenantadm.imagePullSecrets .dot.Values.default.imagePullSecrets }}
{{- if $ips }}
imagePullSecrets:
{{- toYaml $ips | nindent 4}}
{{- end }}
{{- end }}
{{- $pcn := coalesce .dot.Values.tenantadm.priorityClassName .dot.Values.global.priorityClassName -}}
{{- if $pcn }}
priorityClassName: {{ $pcn }}
{{- end }}
{{- end }}