sdsys
/
openvpn


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
							apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "openvpn.fullname" . }}
  labels:
    {{- include "openvpn.labels" . | nindent 4 }}
spec:
  replicas: 1
  selector:
    matchLabels:
      {{- include "openvpn.selectorLabels" . | nindent 6 }}
  template:
    metadata:
    {{- with .Values.openvpn.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      labels:
        {{- include "openvpn.selectorLabels" . | nindent 8 }}
    spec:
      securityContext:
        sysctls:
        - name: net.ipv4.ip_forward
          value: "1"
      {{- if .Values.registry_secret_data }}
      imagePullSecrets:
      - name: {{ include "openvpn.fullname" . }}-registry-secret
      {{- end }}
#      hostNetwork: true
      {{- if .Values.openvpn.scripts.initscript }}
      initContainers:
        - name: {{ .Chart.Name }}-init
          image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}"
          imagePullPolicy: {{ .Values.openvpn.pullPolicy }}
          command: ["/scripts/initscript"]
          volumeMounts:
            - name: scripts
              mountPath: /scripts/
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - MKNOD
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          {{- if .Values.openvpn.scripts.startscript }}
          command: ["/scripts/startscript"]
          {{- end }}
          {{- if .Values.openvpn.scripts.healthcheck }}
          livenessProbe:
            exec:
              command:
              - /scripts/healthcheck
            initialDelaySeconds: 20
            periodSeconds: 60
            failureThreshold: 5
          {{- end }}
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - MKNOD
          image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}"
          imagePullPolicy: {{ .Values.openvpn.pullPolicy }}
          env:
            - name: TZ
              value: Europe/Moscow          
          resources:
            {{- toYaml .Values.openvpn.resources | nindent 12 }}
          volumeMounts:
            - name: keys
              mountPath: /etc/openvpn/keys/
            - name: ccd
              mountPath: /etc/openvpn/ccd/
            - name: configuration
              mountPath: /etc/openvpn/configuration/
            {{- if .Values.openvpn.scripts }}
            - name: scripts
              mountPath: /scripts/
            {{- end }}
        {{- if .Values.openvpn.scripts.stopscript }}
        - name: {{ .Chart.Name }}-stop
          image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}"
          imagePullPolicy: {{ .Values.openvpn.pullPolicy }}
          command: ["sleep","infinity"]
          lifecycle:
            preStop:
              exec:
                command: ["/bin/bash","-c","/scripts/stopscript"]
          volumeMounts:
            - name: scripts
              mountPath: /scripts/
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - MKNOD
        {{- end }}
      volumes:
      - name: keys
        secret:
          secretName: {{ include "openvpn.fullname" . }}-keys
      - name: ccd
        configMap: 
          name: {{ include "openvpn.fullname" . }}-ccd
      - name: configuration
        configMap:
          name: {{ include "openvpn.fullname" . }}-configuration
      {{- if .Values.openvpn.scripts }}
      - name: scripts
        configMap:
          name: {{ include "openvpn.fullname" . }}-scripts
          defaultMode: 0755
      {{- end }}