# # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "apisix-ingress-controller.fullname" . }} namespace: {{ .Release.Namespace }} annotations: {{- range $key, $value := .Values.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} labels: {{- include "apisix-ingress-controller.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: {{- include "apisix-ingress-controller.selectorLabels" . | nindent 6 }} {{- with .Values.updateStrategy }} strategy: {{ toYaml . | nindent 4 }} {{- end }} template: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- if .Values.podAnnotations }} {{- range $key, $value := $.Values.podAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} labels: {{- include "apisix-ingress-controller.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.priorityClassName }} priorityClassName: {{ . }} {{- end }} serviceAccountName: {{ include "apisix-ingress-controller.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} volumes: - name: configuration configMap: name: {{ .Release.Name }}-configmap items: - key: config.yaml path: config.yaml {{ if .Values.config.etcdserver.enabled }} - name: apisix-config configMap: name: {{ .Release.Name }}-gw-configmap {{ end }} {{ if not .Values.config.etcdserver.enabled }} initContainers: - name: wait-apisix-admin image: {{ .Values.initContainer.image }}:{{ .Values.initContainer.tag }} {{ if .Values.config.apisix.serviceFullname }} command: ['sh', '-c', "until nc -z {{ .Values.config.apisix.serviceFullname }} {{ .Values.config.apisix.servicePort }} ; do echo waiting for apisix-admin; sleep 2; done;"] {{ else }} command: ['sh', '-c', "until nc -z {{ .Values.config.apisix.serviceName }}.{{ .Values.config.apisix.serviceNamespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.config.apisix.servicePort }} ; do echo waiting for apisix-admin; sleep 2; done;"] {{ end}} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} {{ end }} containers: - name: {{ .Chart.Name }} command: - /ingress-apisix/apisix-ingress-controller - ingress - --config-path - /ingress-apisix/conf/config.yaml securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: {{ (.Values.config.httpListen | split ":")._1 }} protocol: TCP {{ if .Values.config.etcdserver.enabled }} - name: etcd containerPort: 12379 protocol: TCP {{ end }} livenessProbe: httpGet: path: /healthz port: {{ (.Values.config.httpListen | split ":")._1 }} readinessProbe: httpGet: path: /healthz port: {{ (.Values.config.httpListen | split ":")._1 }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - mountPath: /ingress-apisix/conf/config.yaml name: configuration subPath: config.yaml env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name {{- if .Values.config.apisix.existingSecret }} - name: DEFAULT_CLUSTER_ADMIN_KEY valueFrom: secretKeyRef: name: {{ .Values.config.apisix.existingSecret | quote }} key: {{ include "apisix-ingress-controller.credentials.secretAdminKey" . }} {{- end }} {{ if .Values.config.etcdserver.enabled }} - name: apisix image: "{{ .Values.config.etcdserver.image.repository }}:{{ .Values.config.etcdserver.image.tag }}" imagePullPolicy: {{ .Values.config.etcdserver.image.pullPolicy }} ports: - name: http containerPort: 9080 protocol: TCP - name: http-admin containerPort: 9180 protocol: TCP - name: https containerPort: {{ .Values.gateway.tls.containerPort }} protocol: TCP {{- if .Values.serviceMonitor.enabled }} - containerPort: 9091 name: prometheus protocol: TCP {{- end }} resources: {{- toYaml .Values.gateway.resources | nindent 12 }} securityContext: {{- toYaml .Values.gateway.securityContext | nindent 12 }} volumeMounts: - name: apisix-config mountPath: /usr/local/apisix/conf/config.yaml subPath: config.yaml {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- tpl (. | toYaml) $ | nindent 8 }} {{- end }}