123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 |
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: {{ include "openvpn.fullname" . }}
- labels:
- {{- include "openvpn.labels" . | nindent 4 }}
- spec:
- replicas: 1
- selector:
- matchLabels:
- {{- include "openvpn.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- {{- with .Values.openvpn.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- {{- include "openvpn.selectorLabels" . | nindent 8 }}
- spec:
- securityContext:
- sysctls:
- - name: net.ipv4.ip_forward
- value: "1"
- {{- if .Values.registry_secret_data }}
- imagePullSecrets:
- - name: {{ include "openvpn.fullname" . }}-registry-secret
- {{- end }}
- # hostNetwork: true
- {{- if .Values.openvpn.scripts.initscript }}
- initContainers:
- - name: {{ .Chart.Name }}-init
- image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}"
- imagePullPolicy: {{ .Values.openvpn.pullPolicy }}
- command: ["/scripts/initscript"]
- volumeMounts:
- - name: scripts
- mountPath: /scripts/
- securityContext:
- capabilities:
- add:
- - NET_ADMIN
- - MKNOD
- {{- end }}
- containers:
- - name: {{ .Chart.Name }}
- {{- if .Values.openvpn.scripts.startscript }}
- command: ["/scripts/startscript"]
- {{- end }}
- {{- if .Values.openvpn.scripts.healthcheck }}
- livenessProbe:
- exec:
- command:
- - /scripts/healthcheck
- initialDelaySeconds: 20
- periodSeconds: 60
- failureThreshold: 5
- {{- end }}
- securityContext:
- capabilities:
- add:
- - NET_ADMIN
- - MKNOD
- image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}"
- imagePullPolicy: {{ .Values.openvpn.pullPolicy }}
- env:
- - name: TZ
- value: Europe/Moscow
- resources:
- {{- toYaml .Values.openvpn.resources | nindent 12 }}
- volumeMounts:
- - name: keys
- mountPath: /etc/openvpn/keys/
- - name: ccd
- mountPath: /etc/openvpn/ccd/
- - name: configuration
- mountPath: /etc/openvpn/configuration/
- {{- if .Values.openvpn.scripts }}
- - name: scripts
- mountPath: /scripts/
- {{- end }}
- {{- if .Values.openvpn.scripts.stopscript }}
- - name: {{ .Chart.Name }}-stop
- image: "{{ .Values.openvpn.image }}:{{ .Values.openvpn.tag | default "latest" }}"
- imagePullPolicy: {{ .Values.openvpn.pullPolicy }}
- command: ["sleep","infinity"]
- lifecycle:
- preStop:
- exec:
- command: ["/bin/bash","-c","/scripts/stopscript"]
- volumeMounts:
- - name: scripts
- mountPath: /scripts/
- securityContext:
- capabilities:
- add:
- - NET_ADMIN
- - MKNOD
- {{- end }}
- volumes:
- - name: keys
- secret:
- secretName: {{ include "openvpn.fullname" . }}-keys
- - name: ccd
- configMap:
- name: {{ include "openvpn.fullname" . }}-ccd
- - name: configuration
- configMap:
- name: {{ include "openvpn.fullname" . }}-configuration
- {{- if .Values.openvpn.scripts }}
- - name: scripts
- configMap:
- name: {{ include "openvpn.fullname" . }}-scripts
- defaultMode: 0755
- {{- end }}
|