447a51f08b
* feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> * feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> --------- Signed-off-by: ci-bot <ci-bot@kubesphere.io> Co-authored-by: ks-ci-bot <ks-ci-bot@example.com> Co-authored-by: joyceliu <joyceliu@yunify.com>
136 lines
4.9 KiB
YAML
136 lines
4.9 KiB
YAML
{{ if eq (include "role" .) "host" }}
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: ks-apiserver
|
|
tier: backend
|
|
version: {{ .Chart.AppVersion }}
|
|
name: ks-apiserver
|
|
namespace: kubesphere-system
|
|
spec:
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 0
|
|
type: RollingUpdate
|
|
replicas: {{ if .Values.ha.enabled }} 3 {{ else }} 1 {{ end }}
|
|
selector:
|
|
matchLabels:
|
|
app: ks-apiserver
|
|
tier: backend
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ks-apiserver
|
|
tier: backend
|
|
annotations:
|
|
# force restart ks-apiserver after the upgrade is complete if kubesphere-config changes
|
|
checksum/config: {{ include (print $.Template.BasePath "/kubesphere-config.yaml") . | sha256sum }}
|
|
spec:
|
|
serviceAccountName: {{ template "ks-core.serviceAccountName" . }}
|
|
{{- include "apiserver.imagePullSecrets" . | nindent 6 }}
|
|
affinity:
|
|
{{- with .Values.affinity }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
podAntiAffinity:
|
|
{{- if .Values.apiserver.hardAntiAffinity }}
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app: ks-apiserver
|
|
topologyKey: kubernetes.io/hostname
|
|
namespaces:
|
|
- {{ .Release.Namespace | quote }}
|
|
{{- else }}
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels:
|
|
app: ks-apiserver
|
|
topologyKey: kubernetes.io/hostname
|
|
namespaces:
|
|
- {{ .Release.Namespace | quote }}
|
|
{{- end }}
|
|
{{- if .Values.nodeSelector }}
|
|
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.tolerations }}
|
|
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: ks-apiserver
|
|
image: {{ template "ks-apiserver.image" . }}
|
|
imagePullPolicy: {{ .Values.apiserver.image.pullPolicy }}
|
|
{{- if .Values.apiserver.containerPorts }}
|
|
ports: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.containerPorts "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.apiserver.command }}
|
|
command: {{- include "common.tplvalues.render" (dict "value" .Values.apiserver.command "context" $) | nindent 12 }}
|
|
{{- if .Values.internalTLS }}
|
|
- --secure-port=9090
|
|
- --tls-private-key=/etc/kubesphere/pki/tls.key
|
|
- --tls-cert-file=/etc/kubesphere/pki/tls.crt
|
|
{{- end }}
|
|
{{- end }}
|
|
env:
|
|
{{- if .Values.apiserver.extraEnvVars }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraEnvVars "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.apiserver.resources }}
|
|
resources: {{- toYaml .Values.apiserver.resources | nindent 12 }}
|
|
{{- end }}
|
|
livenessProbe:
|
|
failureThreshold: 8
|
|
httpGet:
|
|
path: /version
|
|
port: 9090
|
|
{{- if .Values.internalTLS }}
|
|
scheme: HTTPS
|
|
{{- else }}
|
|
scheme: HTTP
|
|
{{- end }}
|
|
initialDelaySeconds: 15
|
|
timeoutSeconds: 15
|
|
volumeMounts:
|
|
- mountPath: /etc/kubesphere/
|
|
name: kubesphere-config
|
|
- mountPath: /etc/localtime
|
|
name: host-time
|
|
readOnly: true
|
|
{{- if .Values.apiserver.extraVolumeMounts }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraVolumeMounts "context" $) | nindent 12 }}
|
|
{{- end }}
|
|
{{- if .Values.internalTLS }}
|
|
- name: tls-cert
|
|
mountPath: /etc/kubesphere/pki/
|
|
{{- end }}
|
|
{{ if .Values.ha.enabled }}
|
|
env:
|
|
- name: KUBESPHERE_CACHE_OPTIONS_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: redis-secret
|
|
key: auth
|
|
{{ end }}
|
|
volumes:
|
|
- configMap:
|
|
defaultMode: 420
|
|
name: kubesphere-config
|
|
name: kubesphere-config
|
|
- hostPath:
|
|
path: /etc/localtime
|
|
type: ""
|
|
name: host-time
|
|
{{- if .Values.apiserver.extraVolumes }}
|
|
{{- include "common.tplvalues.render" (dict "value" .Values.apiserver.extraVolumes "context" $) | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.internalTLS }}
|
|
- name: tls-cert
|
|
secret:
|
|
secretName: ks-apiserver-tls-certs
|
|
defaultMode: 420
|
|
{{- end }}
|
|
{{ end }} |