provider-deployment.yaml 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. {{- if .Values.providers.enabled }}
  2. {{- range .Values.providers.list }}
  3. {{- if .enabled }}
  4. {{- $root := $ }}
  5. {{- $provider := include "external-secrets.provider.mergeDefaults" (dict "provider" . "root" $root) | fromYaml }}
  6. ---
  7. apiVersion: apps/v1
  8. kind: Deployment
  9. metadata:
  10. name: {{ include "external-secrets.provider.fullname" (dict "provider" $provider "root" $root) }}
  11. namespace: {{ include "external-secrets.namespace" $root }}
  12. labels:
  13. {{- include "external-secrets.provider.labels" (dict "provider" $provider "root" $root) | nindent 4 }}
  14. {{- with $root.Values.commonAnnotations }}
  15. annotations:
  16. {{- toYaml . | nindent 4 }}
  17. {{- end }}
  18. spec:
  19. {{- if not (and $provider.autoscaling $provider.autoscaling.enabled) }}
  20. replicas: {{ $provider.replicaCount | default 2 }}
  21. {{- end }}
  22. selector:
  23. matchLabels:
  24. {{- include "external-secrets.provider.selectorLabels" (dict "provider" $provider "root" $root) | nindent 6 }}
  25. template:
  26. metadata:
  27. annotations:
  28. {{- with $provider.podAnnotations }}
  29. {{- toYaml . | nindent 8 }}
  30. {{- end }}
  31. labels:
  32. {{- include "external-secrets.provider.selectorLabels" (dict "provider" $provider "root" $root) | nindent 8 }}
  33. {{- with $provider.podLabels }}
  34. {{- toYaml . | nindent 8 }}
  35. {{- end }}
  36. spec:
  37. {{- with $provider.imagePullSecrets }}
  38. imagePullSecrets:
  39. {{- toYaml . | nindent 8 }}
  40. {{- end }}
  41. serviceAccountName: {{ include "external-secrets.provider.serviceAccountName" (dict "provider" $provider "root" $root) }}
  42. {{- if $provider.priorityClassName }}
  43. priorityClassName: {{ $provider.priorityClassName }}
  44. {{- end }}
  45. {{- if and $provider.podSecurityContext $provider.podSecurityContext.enabled }}
  46. securityContext:
  47. {{- include "external-secrets.renderSecurityContext" (dict "securityContext" $provider.podSecurityContext "context" $root) | nindent 8 }}
  48. {{- end }}
  49. containers:
  50. - name: provider
  51. image: {{ include "external-secrets.provider.image" (dict "provider" $provider "root" $root) }}
  52. imagePullPolicy: {{ $provider.image.pullPolicy | default "IfNotPresent" }}
  53. {{- if and $provider.securityContext $provider.securityContext.enabled }}
  54. securityContext:
  55. {{- include "external-secrets.renderSecurityContext" (dict "securityContext" $provider.securityContext "context" $root) | nindent 10 }}
  56. {{- end }}
  57. args: []
  58. env:
  59. {{- if and $provider.tls $provider.tls.enabled }}
  60. - name: TLS_ENABLED
  61. value: "true"
  62. - name: TLS_CERT_DIR
  63. value: {{ $provider.tls.certPath | default "/etc/provider/certs" }}
  64. {{- end }}
  65. {{- if $provider.config }}
  66. {{- range $key, $value := $provider.config }}
  67. - name: {{ $key | upper | replace "." "_" }}
  68. value: {{ $value | quote }}
  69. {{- end }}
  70. {{- end }}
  71. {{- with $provider.extraEnv }}
  72. {{- toYaml . | nindent 8 }}
  73. {{- end }}
  74. ports:
  75. - name: grpc
  76. containerPort: {{ $provider.service.port | default 8080 }}
  77. protocol: TCP
  78. {{- if and $provider.metrics $provider.metrics.enabled }}
  79. - name: metrics
  80. containerPort: {{ $provider.metrics.port | default 8081 }}
  81. protocol: TCP
  82. {{- end }}
  83. {{- if $provider.health }}
  84. - name: health
  85. containerPort: {{ $provider.health.port | default 8082 }}
  86. protocol: TCP
  87. {{- end }}
  88. {{- if and $provider.health $provider.health.livenessProbe $provider.health.livenessProbe.enabled }}
  89. livenessProbe:
  90. httpGet:
  91. path: /healthz
  92. port: health
  93. initialDelaySeconds: {{ $provider.health.livenessProbe.initialDelaySeconds | default 10 }}
  94. periodSeconds: {{ $provider.health.livenessProbe.periodSeconds | default 20 }}
  95. timeoutSeconds: {{ $provider.health.livenessProbe.timeoutSeconds | default 5 }}
  96. failureThreshold: {{ $provider.health.livenessProbe.failureThreshold | default 3 }}
  97. {{- end }}
  98. {{- if and $provider.health $provider.health.readinessProbe $provider.health.readinessProbe.enabled }}
  99. readinessProbe:
  100. httpGet:
  101. path: /readyz
  102. port: health
  103. initialDelaySeconds: {{ $provider.health.readinessProbe.initialDelaySeconds | default 5 }}
  104. periodSeconds: {{ $provider.health.readinessProbe.periodSeconds | default 10 }}
  105. timeoutSeconds: {{ $provider.health.readinessProbe.timeoutSeconds | default 5 }}
  106. failureThreshold: {{ $provider.health.readinessProbe.failureThreshold | default 3 }}
  107. {{- end }}
  108. {{- with $provider.resources }}
  109. resources:
  110. {{- toYaml . | nindent 10 }}
  111. {{- end }}
  112. volumeMounts:
  113. {{- if and $provider.tls $provider.tls.enabled }}
  114. - name: provider-certs
  115. mountPath: {{ $provider.tls.certPath | default "/etc/provider/certs" }}
  116. readOnly: true
  117. {{- end }}
  118. {{- with $provider.extraVolumeMounts }}
  119. {{- toYaml . | nindent 8 }}
  120. {{- end }}
  121. volumes:
  122. {{- if and $provider.tls $provider.tls.enabled }}
  123. - name: provider-certs
  124. secret:
  125. secretName: "external-secrets-provider-tls"
  126. items:
  127. - key: tls.crt
  128. path: tls.crt
  129. - key: tls.key
  130. path: tls.key
  131. - key: ca.crt
  132. path: ca.crt
  133. {{- end }}
  134. {{- with $provider.extraVolumes }}
  135. {{- toYaml . | nindent 6 }}
  136. {{- end }}
  137. {{- with $provider.nodeSelector }}
  138. nodeSelector:
  139. {{- toYaml . | nindent 8 }}
  140. {{- end }}
  141. {{- with $provider.affinity }}
  142. affinity:
  143. {{- toYaml . | nindent 8 }}
  144. {{- end }}
  145. {{- with $provider.tolerations }}
  146. tolerations:
  147. {{- toYaml . | nindent 8 }}
  148. {{- end }}
  149. {{- with $provider.topologySpreadConstraints }}
  150. topologySpreadConstraints:
  151. {{- toYaml . | nindent 8 }}
  152. {{- end }}
  153. {{- end }}
  154. {{- end }}
  155. {{- end }}