helm-charts/openldap/templates/deployment.yaml
2021-01-17 04:09:41 +03:00

178 lines
5.5 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "openldap.fullname" . }}
labels:
app: {{ template "openldap.name" . }}
chart: {{ template "openldap.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.extraLabels }}
{{ toYaml .Values.extraLabels | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
{{- if .Values.strategy }}
strategy:
{{ toYaml .Values.strategy | indent 4 }}
{{- end }}
selector:
matchLabels:
app: {{ template "openldap.name" . }}
release: {{ .Release.Name }}
template:
metadata:
annotations:
checksum/configmap-env: {{ include (print $.Template.BasePath "/configmap-env.yaml") . | sha256sum }}
{{- if .Values.customLdifFiles}}
checksum/configmap-customldif: {{ include (print $.Template.BasePath "/configmap-customldif.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.podAnnotations}}
{{ toYaml .Values.podAnnotations | indent 8}}
{{- end }}
labels:
app: {{ template "openldap.name" . }}
release: {{ .Release.Name }}
spec:
{{- if or .Values.customLdifFiles .Values.tls.enabled }}
initContainers:
{{- end }}
{{- if .Values.customLdifFiles }}
- name: {{ .Chart.Name }}-init-ldif
image: busybox
command: ['sh', '-c', 'cp /customldif/* /ldifworkingdir']
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: customldif
mountPath: /customldif
- name: ldifworkingdir
mountPath: /ldifworkingdir
resources:
{{ toYaml .Values.initResources | indent 10 }}
{{- end }}
{{- if .Values.tls.enabled }}
- name: {{ .Chart.Name }}-init-tls
image: busybox
command: ['sh', '-c', 'cp /tls/* /certs']
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: tls
mountPath: /tls
- name: certs
mountPath: /certs
resources:
{{ toYaml .Values.initResources | indent 10 }}
{{- if .Values.tls.CA.enabled }}
- name: {{ .Chart.Name }}-init-catls
image: busybox
command: ['sh', '-c', 'cp /catls/ca.crt /certs']
volumeMounts:
- name: catls
mountPath: /catls
- name: certs
mountPath: /certs
resources:
{{ toYaml .Values.initResources | indent 10 }}
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- -l
- {{ .Values.logLevel }}
{{- if .Values.customLdifFiles }}
- --copy-service
{{- end }}
ports:
- name: ldap-port
containerPort: 389
- name: ssl-ldap-port
containerPort: 636
envFrom:
- configMapRef:
name: {{ template "openldap.fullname" . }}-env
- secretRef:
name: {{ template "openldap.secretName" . }}
volumeMounts:
- name: data
mountPath: /var/lib/ldap
subPath: data
- name: data
mountPath: /etc/ldap/slapd.d
subPath: config-data
{{- if .Values.customLdifFiles }}
- name: ldifworkingdir
mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom
{{- end }}
{{- if .Values.tls.enabled }}
- name: certs
mountPath: /container/service/slapd/assets/certs
{{- end }}
env:
{{- if .Values.tls.enabled }}
- name: LDAP_TLS_CRT_FILENAME
value: tls.crt
- name: LDAP_TLS_KEY_FILENAME
value: tls.key
{{- if .Values.tls.CA.enabled }}
- name: LDAP_TLS_CA_CRT_FILENAME
value: ca.crt
{{- end }}
{{- end }}
livenessProbe:
tcpSocket:
port: ldap-port
initialDelaySeconds: 20
periodSeconds: 10
failureThreshold: 10
readinessProbe:
tcpSocket:
port: ldap-port
initialDelaySeconds: 20
periodSeconds: 10
failureThreshold: 10
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
{{- if .Values.customLdifFiles }}
- name: customldif
configMap:
name: {{ template "openldap.fullname" . }}-customldif
- name: ldifworkingdir
emptyDir: {}
{{- end }}
{{- if .Values.tls.enabled }}
- name: tls
secret:
secretName: {{ .Values.tls.secret }}
{{- if .Values.tls.CA.enabled }}
- name: catls
secret:
secretName: {{ .Values.tls.CA.secret }}
{{- end }}
{{- end }}
- name: certs
emptyDir:
medium: Memory
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "openldap.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}