linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linkerd2/charts/linkerd2-multicluster/templates/gateway.yaml

147 lines
4.5 KiB
YAML
Raw Blame History

{{if .Values.gateway -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{.Values.gatewayName}}-config
labels:
{{.Values.controllerComponentLabel}}: gateway
annotations:
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}}
namespace: {{.Values.namespace}}
data:
nginx.conf: |-
error_log stderr;
pid /tmp/nginx.pid;
events {
}
stream {
server {
listen 4180;
proxy_pass 127.0.0.1:{{.Values.proxyOutboundPort}};
}
}
http {
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
listen {{.Values.gatewayProbePort}};
location = {{.Values.gatewayProbePath}} {
access_log off;
return 200 "healthy\n";
}
location ~* ^/(.*)$ {
deny all;
}
}
server {
listen {{.Values.gatewayLocalProbePort}};
location {{.Values.gatewayLocalProbePath}} {
access_log off;
return 200 "healthy\n";
}
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}}
labels:
app.kubernetes.io/name: gateway
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{.Values.linkerdVersion}}
{{.Values.controllerComponentLabel}}: gateway
app: {{.Values.gatewayName}}
name: {{.Values.gatewayName}}
namespace: {{.Values.namespace}}
spec:
replicas: 1
selector:
matchLabels:
app: {{.Values.gatewayName}}
template:
metadata:
annotations:
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}}
linkerd.io/inject: enabled
config.linkerd.io/proxy-require-identity-inbound-ports: "{{.Values.gatewayProbePort}},{{.Values.gatewayPort}},4180"
config.linkerd.io/enable-gateway: "true"
labels:
app: {{.Values.gatewayName}}
spec:
volumes:
- name: config
configMap:
name: {{.Values.gatewayName}}-config
- name: tmp
emptyDir: {}
containers:
- name: nginx
readinessProbe:
failureThreshold: 7
httpGet:
path: {{.Values.gatewayLocalProbePath}}
port: {{.Values.gatewayLocalProbePort}}
livenessProbe:
httpGet:
path: {{.Values.gatewayLocalProbePath}}
port: {{.Values.gatewayLocalProbePort}}
initialDelaySeconds: 10
image: {{.Values.gatewayNginxImage}}:{{.Values.gatewayNginxImageVersion}}
ports:
- name: mc-relay
containerPort: 4180
- name: mc-probe
containerPort: {{.Values.gatewayProbePort}}
- name: local-probe
containerPort: {{.Values.gatewayLocalProbePort}}
securityContext:
runAsUser: 1001
volumeMounts:
- name: config
mountPath: /etc/nginx
- name: tmp
mountPath: /tmp
serviceAccountName: {{.Values.gatewayName}}
---
apiVersion: v1
kind: Service
metadata:
name: {{.Values.gatewayName}}
namespace: {{.Values.namespace}}
annotations:
mirror.linkerd.io/gateway-identity: {{.Values.gatewayName}}.{{.Values.namespace}}.serviceaccount.identity.{{.Values.linkerdNamespace}}.{{.Values.identityTrustDomain}}
mirror.linkerd.io/probe-period: "{{.Values.gatewayProbeSeconds}}"
mirror.linkerd.io/probe-path: {{.Values.gatewayProbePath}}
mirror.linkerd.io/multicluster-gateway: "true"
{{.Values.controllerComponentLabel}}: gateway
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}}
{{- with .Values.gatewayServiceAnnotations }}{{ toYaml . | trim | nindent 4 }}{{- end }}
spec:
ports:
- name: mc-gateway
port: {{.Values.gatewayPort}}
protocol: TCP
- name: mc-probe
port: {{.Values.gatewayProbePort}}
protocol: TCP
selector:
app: {{.Values.gatewayName}}
type: {{ .Values.gatewayServiceType }}
{{- if .Values.loadBalancerIP }}
loadBalancerIP: {{ .Values.loadBalancerIP }}
{{- end }}
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: {{.Values.gatewayName}}
namespace: {{.Values.namespace}}
{{end -}}
Reference in New Issue View Git Blame Copy Permalink