blob: 2c2d346e8c315a6bc5b5476ca105c5c4f8b11eb8 [file] [log] [blame]
# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
#
# SPDX-License-Identifier: Apache-2.0
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "subscriber-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
name: {{ template "subscriber-proxy.fullname" . }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "subscriber-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
name: {{ template "subscriber-proxy.fullname" . }}
{{- include "subscriber-proxy.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: subscriber-proxy
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 6 }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OIDC_SERVER_URL
value: {{ .Values.config.openidc.issuer }}
args:
- "/usr/local/bin/subscriber-proxy"
- "-bind_port=:{{ .Values.config.port }}"
- "-client_key=/etc/subscriber-proxy/certs/tls.key"
- "-client_crt=/etc/subscriber-proxy/certs/tls.crt"
- "-ca_crt=/etc/subscriber-proxy/certs/tls.cacert"
- "-alsologtostderr"
- "-hostCheckDisabled"
- "-webconsole_url=http://{{ .Values.config.webui_endpt.addr}}:{{ .Values.config.webui_endpt.port}}"
- "-onos_config_url={{ .Values.config.aether_config_endpt.addr}}:{{ .Values.config.aether_config_endpt.port}}"
ports:
- containerPort: {{.Values.config.port}}
readinessProbe:
tcpSocket:
port: {{ .Values.config.port }}
initialDelaySeconds: 5
periodSeconds: 10
livenessProbe:
tcpSocket:
port: {{ .Values.config.port }}
initialDelaySeconds: 15
periodSeconds: 20
volumeMounts:
- name: secret
mountPath: /etc/subscriber-proxy/certs
readOnly: true
- name: logconfig
mountPath: /etc/onos/config
readOnly: true
volumes:
- name: logconfig
configMap:
name: {{ template "subscriber-proxy.fullname" . }}-logconfig
- name: secret
secret:
secretName: {{ template "subscriber-proxy.fullname" . }}-secret