{{- $authenticationType := .Values.gateway.auth.type | required ".Values.gateway.auth.type is required." -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "azure-api-management-gateway.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "azure-api-management-gateway.labels" . | nindent 4 }} spec: {{- if not (quote .Values.replicaCount | empty) }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: {{- include "azure-api-management-gateway.selectorLabels" . | nindent 6 }} {{- with .Values.gateway.deployment.strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} template: metadata: labels: {{- include "azure-api-management-gateway.labels" . | nindent 8 }} {{- if or .Values.dapr.enabled .Values.gateway.deployment.annotations }} annotations: {{- if .Values.gateway.deployment.annotations -}} {{- toYaml .Values.gateway.deployment.annotations | nindent 8 }} {{- end }} {{- if .Values.dapr.enabled }} dapr.io/enabled: "true" {{ if .Values.dapr.app.id -}} dapr.io/app-id: {{ .Values.dapr.app.id | quote }} {{- end }} dapr.io/config: {{ .Values.dapr.config | quote }} dapr.io/log-as-json: {{ .Values.dapr.logging.useJsonOutput | quote }} dapr.io/log-level: {{ .Values.dapr.logging.level | quote }} {{- end }} {{- end }} spec: {{- with .Values.gateway.deployment.dns.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.gateway.deployment.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.gateway.deployment.terminationGracePeriodSeconds }} {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.serviceAccountName }} serviceAccountName: {{ .Values.serviceAccountName }} {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- if eq (lower $authenticationType) "gatewaytoken" }} - name: config.service.auth valueFrom: secretKeyRef: {{- if .Values.secret.createSecret }} name: {{ include "azure-api-management-gateway.fullname" . }} {{- else }} name: {{ .Values.secret.existingSecretName }} {{- end }} key: gateway-key {{- end }} {{- if eq (lower $authenticationType) "azureadapp" }} - name: config.service.auth value: azureAdApp - name: config.service.auth.azureAd.clientSecret valueFrom: secretKeyRef: {{- if .Values.secret.createSecret }} name: {{ include "azure-api-management-gateway.fullname" . }} {{- else }} name: {{ .Values.secret.existingSecretName }} {{- end }} key: azure-ad-app-secret {{- end }} - name: runtime.deployment.mechanism value: "Helm" - name: runtime.deployment.artifact.version value: {{ .Chart.Version | quote }} - name: runtime.deployment.artifact.source value: "Official" - name: runtime.deployment.orchestrator.type value: "Kubernetes" - name: runtime.deployment.highAvailability.enabled value: {{ .Values.highAvailability.enabled | quote }} - name: runtime.deployment.dapr.enabled value: {{ .Values.dapr.enabled | quote }} - name: neighborhood.host value: {{ include "azure-api-management-gateway.instanceDiscoveryService" . }} {{- if .Values.gateway.deployment.network.proxy.http }} - name: HTTP_PROXY value: {{ .Values.gateway.deployment.network.proxy.http | quote }} {{- end }} {{- if .Values.gateway.deployment.network.proxy.https }} - name: HTTPS_PROXY value: {{ .Values.gateway.deployment.network.proxy.https | quote }} {{- end }} {{- if .Values.gateway.deployment.network.proxy.bypass }} - name: NO_PROXY value: {{ .Values.gateway.deployment.network.proxy.bypass | quote }} {{- end }} envFrom: - configMapRef: name: {{ include "azure-api-management-gateway.fullname" . }} ports: - name: http containerPort: 8080 - name: https containerPort: 8081 # Container port used for rate limiting to discover instances - name: rate-limit-dc protocol: UDP containerPort: {{ .Values.service.ports.instance.synchronization }} # Container port used for instances to send heartbeats to each other - name: dc-heartbeat protocol: UDP containerPort: {{ .Values.service.ports.instance.heartbeat }} readinessProbe: {{- toYaml .Values.probes.readiness | nindent 12 }} livenessProbe: {{- toYaml .Values.probes.liveness | nindent 12 }} startupProbe: {{- toYaml .Values.probes.startup | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} {{- if or (.Values.gateway.configuration.backup.enabled) (eq (lower .Values.observability.logs.local.type) "localsyslog") }} volumeMounts: {{- if .Values.gateway.configuration.backup.enabled }} - mountPath: /apim/config name: {{ include "azure-api-management-gateway.fullname" . }} {{- end }} {{- if eq (lower .Values.observability.logs.local.type) "localsyslog" }} {{- $localsyslogEndpoint := .Values.observability.logs.local.localsyslog.endpoint | required "No endpoint for localsyslog was specified in observability.logs.local.localsyslog.endpoint." }} - mountPath: {{ $localsyslogEndpoint }} name: logs {{- end }} {{- end }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} {{- if .Values.highAvailability.enabled }} topologySpreadConstraints: - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: {{ .Values.highAvailability.podTopologySpread.whenUnsatisfiable }} labelSelector: matchLabels: {{- include "azure-api-management-gateway.selectorLabels" . | nindent 12 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- if or (eq (lower .Values.observability.logs.local.type) "localsyslog") (.Values.gateway.configuration.backup.enabled) }} volumes: {{- if .Values.gateway.configuration.backup.enabled }} - name: {{ include "azure-api-management-gateway.fullname" . }} persistentVolumeClaim: {{ if .Values.gateway.configuration.backup.persistentVolumeClaim.create -}} claimName: {{ include "azure-api-management-gateway.fullname" . }} {{ else -}} claimName: {{ .Values.gateway.configuration.backup.persistentVolumeClaim.existingName }} {{- end }} {{- end }} {{- if eq (lower .Values.observability.logs.local.type) "localsyslog" }} - hostPath: path: /dev/log type: Socket name: logs {{- end }} {{- end }}