apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "application-gateway-kubernetes-ingress.fullname" . }} labels: app: {{ template "application-gateway-kubernetes-ingress.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} spec: replicas: 1 # TODO: Make configurable when leader election is supported. selector: matchLabels: app: {{ template "application-gateway-kubernetes-ingress.name" . }} release: {{ .Release.Name }} template: metadata: labels: app: {{ template "application-gateway-kubernetes-ingress.name" . }} release: {{ .Release.Name }} {{- if .Values.armAuth }} {{- if eq .Values.armAuth.type "aadPodIdentity"}} aadpodidbinding: {{ template "application-gateway-kubernetes-ingress.fullname" . }} {{- end }} {{- if eq .Values.armAuth.type "workloadIdentity" }} azure.workload.identity/use: "true" {{- end }} {{- end }} annotations: checksum/config: {{ print .Values | sha256sum }} prometheus.io/scrape: "true" prometheus.io/port: {{ .Values.kubernetes.httpServicePort | quote}} {{- with .Values.kubernetes.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: serviceAccountName: {{ template "application-gateway-kubernetes-ingress.serviceaccountname" . }} {{- if .Values.kubernetes.securityContext }} {{- with .Values.kubernetes.securityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- else }} securityContext: runAsUser: 0 {{- end }} containers: - name: {{ .Chart.Name }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} readinessProbe: httpGet: path: /health/ready port: {{ .Values.kubernetes.httpServicePort }} initialDelaySeconds: 5 periodSeconds: 10 livenessProbe: httpGet: path: /health/alive port: {{ .Values.kubernetes.httpServicePort }} initialDelaySeconds: 15 periodSeconds: 20 {{- with .Values.kubernetes.resources }} resources: {{ toYaml . | indent 10 }} {{- end }} {{- with .Values.kubernetes.containerSecurityContext }} securityContext: {{ toYaml . | indent 10 }} {{- end }} env: - name: AZURE_CLOUD_PROVIDER_LOCATION value: /etc/appgw/azure.json - name: AGIC_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: AGIC_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace {{- if .Values.armAuth }} {{- if eq .Values.armAuth.type "servicePrincipal"}} - name: AZURE_AUTH_LOCATION value: /etc/Azure/Networking-AppGW/auth/armAuth.json {{- end}} {{- end}} envFrom: - configMapRef: name: {{ template "application-gateway-kubernetes-ingress.configmapname" . }} volumeMounts: - name: azure mountPath: /etc/appgw/ readOnly: true {{- if .Values.armAuth }} {{- if eq .Values.armAuth.type "servicePrincipal"}} - name: networking-appgw-k8s-azure-service-principal-mount mountPath: /etc/Azure/Networking-AppGW/auth readOnly: true {{- end}} {{- end}} {{- if .Values.kubernetes.volumes }} {{- if .Values.kubernetes.volumes.extraVolumeMounts }} {{- toYaml .Values.kubernetes.volumes.extraVolumeMounts | nindent 8 }} {{- end }} {{- end }} volumes: - name: azure hostPath: path: /etc/kubernetes/ type: Directory {{- if .Values.armAuth }} {{- if and (eq .Values.armAuth.type "servicePrincipal") (not .Values.armAuth.existingSecret) }} - name: networking-appgw-k8s-azure-service-principal-mount secret: secretName: networking-appgw-k8s-azure-service-principal {{- end}} {{- if and (eq .Values.armAuth.type "servicePrincipal") (.Values.armAuth.existingSecret) }} - name: networking-appgw-k8s-azure-service-principal-mount secret: secretName: {{ .Values.armAuth.existingSecret }} {{- end}} {{- end}} {{- if .Values.kubernetes.volumes }} {{- if .Values.kubernetes.volumes.extraVolumes }} {{- toYaml .Values.kubernetes.volumes.extraVolumes | nindent 6 }} {{- end }} {{- end }} {{- if .Values.kubernetes.nodeSelector }} {{- with .Values.kubernetes.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end}} {{- else}} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end}} {{- end}} {{- with .Values.kubernetes.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.kubernetes.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: - name: {{ .Values.image.pullSecrets }} {{- end }}