Google Git
Sign in
apache / apisix-helm-chart / 57783ea813e5d90aa44d7f42788a24c99b29d40d / . / charts / apisix / templates / _pod.tpl
blob: 56773494692cfe005ffcaf6fe62bcd9fc4003d4d [file] [log] [blame]
{{- define "apisix.podTemplate" -}}
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.apisix.podAnnotations }}
{{ tpl (toYaml .) $ | nindent 4}}
{{- end }}
labels:
{{- include "apisix.selectorLabels" . | nindent 4 }}
spec:
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- range $.Values.global.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "apisix.serviceAccountName" . }}
{{- with .Values.apisix.podSecurityContext }}
securityContext:
{{- . | toYaml | nindent 4 }}
{{- end }}
{{- with .Values.apisix.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.apisix.securityContext }}
securityContext:
{{- . | toYaml | nindent 8 }}
{{- end }}
image: "{{ .Values.apisix.image.repository }}:{{ default .Chart.AppVersion .Values.apisix.image.tag }}"
imagePullPolicy: {{ .Values.apisix.image.pullPolicy }}
env:
{{- if .Values.apisix.timezone }}
- name: TZ
value: {{ .Values.apisix.timezone }}
{{- end }}
{{- if .Values.apisix.extraEnvVars }}
{{- include "apisix.tplvalues.render" (dict "value" .Values.apisix.extraEnvVars "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.admin.credentials.secretName }}
- name: APISIX_ADMIN_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.admin.credentials.secretName | quote }}
key: {{ include "apisix.admin.credentials.secretAdminKey" . }}
- name: APISIX_VIEWER_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.admin.credentials.secretName | quote }}
key: {{ include "apisix.admin.credentials.secretViewerKey" . }}
{{- end }}
{{- if and (not .Values.etcd.enabled) .Values.etcd.existingSecret }}
- name: APISIX_ETCD_USER
valueFrom:
secretKeyRef:
name: {{ .Values.etcd.existingSecret | quote }}
key: {{ include "apisix.etcd.credentials.userKey" . }}
- name: APISIX_ETCD_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.etcd.existingSecret | quote }}
key: {{ include "apisix.etcd.credentials.passwordKey" . }}
{{- end }}
{{- if and .Values.etcd.enabled .Values.etcd.auth.rbac.existingSecret }}
- name: APISIX_ETCD_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.etcd.auth.rbac.existingSecret | quote }}
key: {{ include "apisix.etcd.auth.rbac.passwordKey" . }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.gateway.http.containerPort }}
protocol: TCP
{{- range .Values.gateway.http.additionalContainerPorts }}
- name: http-{{ .port | toString }}
containerPort: {{ .port }}
protocol: TCP
{{- end }}
- name: tls
containerPort: {{ .Values.gateway.tls.containerPort }}
protocol: TCP
{{- range .Values.gateway.tls.additionalContainerPorts }}
- name: tls-{{ .port | toString }}
containerPort: {{ .port }}
protocol: TCP
{{- end }}
{{- if .Values.admin.enabled }}
- name: admin
containerPort: {{ .Values.admin.port }}
protocol: TCP
{{- end }}
{{- if .Values.serviceMonitor.enabled }}
- name: prometheus
containerPort: {{ .Values.serviceMonitor.containerPort }}
protocol: TCP
{{- end }}
{{- if and .Values.gateway.stream.enabled (or (gt (len .Values.gateway.stream.tcp) 0) (gt (len .Values.gateway.stream.udp) 0)) }}
{{- with .Values.gateway.stream }}
{{- if (gt (len .tcp) 0) }}
{{- range $index, $port := .tcp }}
- name: proxy-tcp-{{ $index | toString }}
{{- if kindIs "map" $port }}
containerPort: {{ splitList ":" ($port.addr | toString) | last }}
{{- else }}
containerPort: {{ $port }}
{{- end }}
protocol: TCP
{{- end }}
{{- end }}
{{- if (gt (len .udp) 0) }}
{{- range $index, $port := .udp }}
- name: proxy-udp-{{ $index | toString }}
containerPort: {{ $port }}
protocol: UDP
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if ne .Values.deployment.role "control_plane" }}
readinessProbe:
{{- toYaml .Values.apisix.readinessProbe | nindent 8 }}
{{- end }}
lifecycle:
preStop:
exec:
command:
- /bin/sh
- -c
- "sleep 30"
volumeMounts:
{{- if .Values.apisix.setIDFromPodUID }}
- mountPath: /usr/local/apisix/conf/apisix.uid
name: id
subPath: apisix.uid
{{- end }}
- mountPath: /usr/local/apisix/conf/config.yaml
name: apisix-config
subPath: config.yaml
{{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
- mountPath: /usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}
name: ssl
subPath: {{ .Values.gateway.tls.certCAFilename }}
{{- end }}
{{- if .Values.etcd.auth.tls.enabled }}
- mountPath: /etcd-ssl
name: etcd-ssl
{{- end }}
{{- if .Values.customPlugins.enabled }}
{{- range $plugin := .Values.customPlugins.plugins }}
{{- range $mount := $plugin.configMap.mounts }}
{{- if ne $plugin.configMap.name "" }}
- mountPath: {{ $mount.path }}
name: plugin-{{ $plugin.configMap.name }}
subPath: {{ $mount.key }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.apisix.luaModuleHook.enabled }}
{{- range $mount := .Values.apisix.luaModuleHook.configMapRef.mounts }}
- mountPath: {{ $mount.path }}
name: lua-module-hook
subPath: {{ $mount.key }}
{{- end }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- toYaml .Values.extraVolumeMounts | nindent 8 }}
{{- end }}
resources:
{{- toYaml .Values.apisix.resources | nindent 8 }}
{{- if .Values.apisix.hostNetwork }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
{{- end }}
hostNetwork: {{ .Values.apisix.hostNetwork }}
initContainers:
{{- if .Values.etcd.enabled }}
- name: wait-etcd
image: {{ .Values.initContainer.image }}:{{ .Values.initContainer.tag }}
{{- if .Values.etcd.fullnameOverride }}
command: ['sh', '-c', "until nc -z {{ .Values.etcd.fullnameOverride }} {{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
{{ else }}
command: ['sh', '-c', "until nc -z {{ .Release.Name }}-etcd.{{ .Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }} {{ .Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
{{- end }}
{{- with .Values.initContainer.securityContext }}
securityContext:
{{- . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.extraInitContainers }}
{{- toYaml .Values.extraInitContainers | nindent 4 }}
{{- end }}
volumes:
- configMap:
name: {{ include "apisix.fullname" . }}
name: apisix-config
{{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
- secret:
secretName: {{ .Values.gateway.tls.existingCASecret | quote }}
name: ssl
{{- end }}
{{- if .Values.etcd.auth.tls.enabled }}
- secret:
secretName: {{ .Values.etcd.auth.tls.existingSecret | quote }}
name: etcd-ssl
{{- end }}
{{- if .Values.apisix.setIDFromPodUID }}
- downwardAPI:
items:
- path: "apisix.uid"
fieldRef:
fieldPath: metadata.uid
name: id
{{- end }}
{{- if .Values.customPlugins.enabled }}
{{- range $plugin := .Values.customPlugins.plugins }}
{{- if ne $plugin.configMap.name "" }}
- name: plugin-{{ $plugin.configMap.name }}
configMap:
name: {{ $plugin.configMap.name }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.apisix.luaModuleHook.enabled }}
- name: lua-module-hook
configMap:
name: {{ .Values.apisix.luaModuleHook.configMapRef.name }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- toYaml .Values.extraVolumes | nindent 4 }}
{{- end }}
{{- with .Values.apisix.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.apisix.affinity }}
affinity:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.apisix.tolerations }}
tolerations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.apisix.topologySpreadConstraints }}
topologySpreadConstraints:
{{- tpl (. | toYaml) $ | nindent 4 }}
{{- end }}
{{- end -}}