linkerd2/charts/linkerd2-multicluster/templates/gateway.yaml

121 lines
3.7 KiB
YAML

{{if .Values.gateway -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: linkerd-gateway
annotations:
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}}
namespace: {{.Values.namespace}}
data:
nginx.conf: |-
events {
}
stream {
server {
listen {{.Values.gatewayPort}};
proxy_pass 127.0.0.1:{{.Values.proxyOutboundPort}};
}
}
http {
server {
listen {{.Values.gatewayProbePort}};
location {{.Values.gatewayProbePath}} {
access_log off;
return 200 "healthy\n";
}
}
server {
listen {{.Values.gatewayLocalProbePort}};
location {{.Values.gatewayLocalProbePath}} {
access_log off;
return 200 "healthy\n";
}
}
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}}
labels:
app.kubernetes.io/name: gateway
app.kubernetes.io/part-of: Linkerd
app.kubernetes.io/version: {{.Values.linkerdVersion}}
app: {{.Values.gatewayName}}
name: {{.Values.gatewayName}}
namespace: {{.Values.namespace}}
spec:
replicas: 1
selector:
matchLabels:
app: {{.Values.gatewayName}}
template:
metadata:
annotations:
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}}
linkerd.io/inject: enabled
config.linkerd.io/proxy-require-identity-inbound-ports: "{{.Values.gatewayProbePort}},{{.Values.gatewayPort}}"
labels:
app: {{.Values.gatewayName}}
spec:
volumes:
- name: config
configMap:
name: linkerd-gateway
containers:
- name: nginx
readinessProbe:
failureThreshold: 7
httpGet:
path: {{.Values.gatewayLocalProbePath}}
port: {{.Values.gatewayLocalProbePort}}
livenessProbe:
httpGet:
path: {{.Values.gatewayLocalProbePath}}
port: {{.Values.gatewayLocalProbePort}}
initialDelaySeconds: 10
image: {{.Values.gatewayNginxImage}}:{{.Values.gatewayNginxImageVersion}}
ports:
- name: linkerd-gateway
containerPort: {{.Values.gatewayPort}}
- name: linkerd-gateway-probe
containerPort: {{.Values.gatewayProbePort}}
- name: local-probe
containerPort: {{.Values.gatewayLocalProbePort}}
volumeMounts:
- name: config
mountPath: /etc/nginx
serviceAccountName: {{.Values.gatewayName}}
---
apiVersion: v1
kind: Service
metadata:
name: {{.Values.gatewayName}}
namespace: {{.Values.namespace}}
annotations:
mirror.linkerd.io/gateway-identity: {{.Values.gatewayName}}.{{.Values.namespace}}.serviceaccount.identity.{{.Values.linkerdNamespace}}.{{.Values.identityTrustDomain}}
mirror.linkerd.io/probe-period: "{{.Values.gatewayProbeSeconds}}"
mirror.linkerd.io/probe-path: {{.Values.gatewayProbePath}}
mirror.linkerd.io/multicluster-gateway: "true"
{{.Values.createdByAnnotation}}: {{default (printf "linkerd/helm %s" .Values.linkerdVersion) .Values.cliVersion}}
spec:
ports:
- name: linkerd-gateway
port: {{.Values.gatewayPort}}
protocol: TCP
- name: linkerd-gateway-probe
port: {{.Values.gatewayProbePort}}
protocol: TCP
selector:
app: {{.Values.gatewayName}}
type: LoadBalancer
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: {{.Values.gatewayName}}
namespace: {{.Values.namespace}}
{{end -}}