{{ if eq (include "role" .) "host" }} apiVersion: apps/v1 kind: Deployment metadata: labels: app: ks-apiserver tier: backend version: {{ .Chart.AppVersion }} name: ks-apiserver namespace: kubesphere-system spec: strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate replicas: {{ if .Values.ha.enabled }} 3 {{ else }} 1 {{ end }} selector: matchLabels: app: ks-apiserver tier: backend template: metadata: labels: app: ks-apiserver tier: backend annotations: # force restart ks-apiserver after the upgrade is complete if kubesphere-config changes checksum/config: {{ include (print $.Template.BasePath "/kubesphere-config.yaml") . | sha256sum }} spec: serviceAccountName: {{ template "ks-core.serviceAccountName" . }} {{- include "apiserver.imagePullSecrets" . | nindent 6 }} affinity: {{- with .Values.affinity }} {{- toYaml . | nindent 8 }} {{- end }} podAntiAffinity: {{- if .Values.apiserver.hardAntiAffinity }} requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app: ks-apiserver topologyKey: kubernetes.io/hostname namespaces: - {{ .Release.Namespace | quote }} {{- else }} preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchLabels: app: ks-apiserver topologyKey: kubernetes.io/hostname namespaces: - {{ .Release.Namespace | quote }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} {{- end }} containers: - name: ks-apiserver image: {{ template "ks-apiserver.image" . }} imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }} {{- if .Values.apiserver.containerPorts }} ports: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.containerPorts "context" $) | nindent 12 }} {{- end }} {{- if .Values.apiserver.command }} command: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.command "context" $) | nindent 12 }} {{- if .Values.internalTLS }} - --secure-port=9090 - --tls-private-key=/etc/kubesphere/pki/tls.key - --tls-cert-file=/etc/kubesphere/pki/tls.crt {{- end }} {{- end }} env: {{- if .Values.apiserver.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraEnvVars "context" $) | nindent 12 }} {{- end }} {{- if .Values.apiserver.resources }} resources: {{- toYaml .Values.apiserver.resources | nindent 12 }} {{- end }} livenessProbe: failureThreshold: 8 httpGet: path: /version port: 9090 {{- if .Values.internalTLS }} scheme: HTTPS {{- else }} scheme: HTTP {{- end }} initialDelaySeconds: 15 timeoutSeconds: 15 volumeMounts: - mountPath: /etc/kubesphere/ name: kubesphere-config - mountPath: /etc/localtime name: host-time readOnly: true {{- if .Values.apiserver.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} {{- if .Values.internalTLS }} - name: tls-cert mountPath: /etc/kubesphere/pki/ {{- end }} {{ if .Values.ha.enabled }} env: - name: KUBESPHERE_CACHE_OPTIONS_PASSWORD valueFrom: secretKeyRef: name: redis-secret key: auth {{ end }} volumes: - configMap: defaultMode: 420 name: kubesphere-config name: kubesphere-config - hostPath: path: /etc/localtime type: "" name: host-time {{- if .Values.apiserver.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraVolumes "context" $) | nindent 8 }} {{- end }} {{- if .Values.internalTLS }} - name: tls-cert secret: secretName: ks-apiserver-tls-certs defaultMode: 420 {{- end }} {{ end }}