apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "openvpn.fullname" . }} labels: {{- include "openvpn.labels" . | nindent 4 }} spec: replicas: 1 selector: matchLabels: {{- include "openvpn.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.openvpn.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "openvpn.selectorLabels" . | nindent 8 }} spec: {{- if .Values.registry_secret_data }} imagePullSecrets: - name: {{ include "openvpn.fullname" . }}-registry-secret {{- end }} hostNetwork: true containers: - name: {{ .Chart.Name }} command: ["/scripts/startscript"] {{- if .Values.openvpn.healthcheck }} livenessProbe: exec: command: - /scripts/healthcheck initialDelaySeconds: 20 periodSeconds: 60 failureThreshold: 5 {{- end }} securityContext: capabilities: add: - NET_ADMIN - MKNOD image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}" imagePullPolicy: {{ .Values.openvpn.pullPolicy }} env: - name: TZ value: Europe/Moscow resources: {{- toYaml .Values.openvpn.resources | nindent 12 }} volumeMounts: - name: keys mountPath: /etc/openvpn/keys/ - name: ccd mountPath: /etc/openvpn/ccd/ - name: configuration mountPath: /etc/openvpn/configuration/ - name: scripts mountPath: /scripts/ - name: {{ .Chart.Name }}-stop image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}" imagePullPolicy: {{ .Values.openvpn.pullPolicy }} command: ["sleep","infinity"] lifecycle: preStop: exec: command: ["/bin/bash","-c","/scripts/stopscript"] volumeMounts: - name: scripts mountPath: /scripts/ securityContext: capabilities: add: - NET_ADMIN - MKNOD volumes: - name: keys secret: secretName: {{ include "openvpn.fullname" . }}-keys - name: ccd configMap: name: {{ include "openvpn.fullname" . }}-ccd - name: configuration configMap: name: {{ include "openvpn.fullname" . }}-configuration - name: scripts configMap: name: {{ include "openvpn.fullname" . }}-scripts defaultMode: 0755