129 lines
4.1 KiB
YAML
129 lines
4.1 KiB
YAML
{{- $fullName := include "wg-access-server.fullname" . -}}
|
|
{{ $secretName := $fullName }}
|
|
{{- if .Values.config.existingSecret -}}
|
|
{{ $secretName = .Values.config.existingSecret }}
|
|
{{ end -}}
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "wg-access-server.fullname" . }}
|
|
labels:
|
|
{{- include "wg-access-server.labels" . | nindent 4 }}
|
|
spec:
|
|
replicas: {{ .Values.replicas }}
|
|
strategy:
|
|
{{- if .Values.persistence.enabled }}
|
|
type: {{ .Values.strategy.type | default "Recreate" | quote }}
|
|
{{- else }}
|
|
type: {{ .Values.strategy.type | default "RollingUpdate" | quote }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "wg-access-server.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
|
|
labels:
|
|
{{- include "wg-access-server.selectorLabels" . | nindent 8 }}
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ .Chart.Name }}
|
|
securityContext:
|
|
capabilities:
|
|
add: ['NET_ADMIN']
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
ports:
|
|
- name: http
|
|
containerPort: 8000
|
|
protocol: TCP
|
|
- name: wireguard
|
|
containerPort: 51820
|
|
protocol: UDP
|
|
env:
|
|
{{- if .Values.wireguard.config.privateKey }}
|
|
- name: WG_WIREGUARD_PRIVATE_KEY
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: "{{ $secretName }}"
|
|
key: privateKey
|
|
{{- end }}
|
|
{{- if .Values.web.config.adminUsername }}
|
|
- name: WG_ADMIN_USERNAME
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: "{{ $secretName }}"
|
|
key: adminUsername
|
|
{{- end}}
|
|
{{- if .Values.web.config.adminPassword }}
|
|
- name: WG_ADMIN_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: "{{ $secretName }}"
|
|
key: adminPassword
|
|
{{- end}}
|
|
{{- if .Values.config.csiSecretsStore }}
|
|
- name: WG_CONFIG
|
|
value: /secrets/config.yaml
|
|
{{- end}}
|
|
volumeMounts:
|
|
- name: tun
|
|
mountPath: /dev/net/tun
|
|
- name: data
|
|
mountPath: /data
|
|
{{- if .Values.config.csiSecretsStore }}
|
|
- name: config
|
|
mountPath: /secrets
|
|
{{- else }}
|
|
- name: config
|
|
mountPath: /config.yaml
|
|
subPath: config.yaml
|
|
{{- end}}
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /health
|
|
port: http
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
volumes:
|
|
- name: tun
|
|
hostPath:
|
|
type: 'CharDevice'
|
|
path: /dev/net/tun
|
|
- name: data
|
|
{{- if .Values.persistence.enabled }}
|
|
persistentVolumeClaim:
|
|
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ $fullName }}{{- end }}
|
|
{{- end }}
|
|
{{- if not .Values.persistence.enabled }}
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- if .Values.config.csiSecretsStore }}
|
|
- name: config
|
|
csi:
|
|
driver: secrets-store.csi.k8s.io
|
|
readOnly: true
|
|
volumeAttributes:
|
|
secretProviderClass: app-secrets
|
|
{{- else }}
|
|
- name: config
|
|
configMap:
|
|
name: "{{ $fullName }}"
|
|
{{- end }}
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|