mirror of
https://github.com/openappsec/openappsec.git
synced 2025-07-15 15:04:45 +03:00
1367 lines
72 KiB
YAML
1367 lines
72 KiB
YAML
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- include "isControllerTagValid" . -}}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
apiVersion: apps/v1
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (eq .Values.kind "AppSec") }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (eq .Values.controller.kind "DaemonSet") }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
kind: DaemonSet
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- else }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
kind: Deployment
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- else if eq .Values.kind "AppSecStateful" }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
kind: StatefulSet
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
metadata:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
labels:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- include "ingress-nginx.labels" . | nindent 4 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
app.kubernetes.io/component: controller
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- with .Values.controller.labels }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
name: {{ include "ingress-nginx.controller.fullname" . }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.annotations }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
annotations: {{ toYaml .Values.controller.annotations | nindent 4 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
spec:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
selector:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
matchLabels:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- include "ingress-nginx.selectorLabels" . | nindent 6 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
app.kubernetes.io/component: controller
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if not (or .Values.controller.autoscaling.enabled .Values.controller.keda.enabled) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if eq .Values.kind "AppSecStateful" }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
serviceName: "open-appsec-stateful-set"
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if or (not (eq .Values.controller.kind "DaemonSet")) (and (eq .Values.kind "AppSecStateful") (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
replicas: {{ .Values.controller.replicaCount }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.updateStrategy }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
updateStrategy:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- else }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
strategy: {{ toYaml .Values.controller.updateStrategy | nindent 4 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (eq .Values.kind "AppSec") }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
minReadySeconds: {{ .Values.controller.minReadySeconds }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
template:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
metadata:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.podAnnotations }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
annotations:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- range $key, $value := .Values.controller.podAnnotations }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
labels:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- include "ingress-nginx.labels" . | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
app.kubernetes.io/component: controller
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- with .Values.controller.labels }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.podLabels }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- toYaml .Values.controller.podLabels | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
spec:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.dnsConfig }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
dnsConfig: {{ toYaml .Values.controller.dnsConfig | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.hostAliases }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
hostAliases: {{ tpl (toYaml .Values.controller.hostAliases) $ | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.hostname }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
hostname: {{ toYaml .Values.controller.hostname | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
dnsPolicy: {{ .Values.controller.dnsPolicy }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.imagePullSecrets }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.priorityClassName }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
priorityClassName: {{ .Values.controller.priorityClassName | quote }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if or .Values.controller.podSecurityContext .Values.controller.sysctls }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
securityContext:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.podSecurityContext }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.sysctls }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
sysctls:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- range $sysctl, $value := .Values.controller.sysctls }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: {{ $sysctl | quote }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
value: {{ $value | quote }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.shareProcessNamespace }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
shareProcessNamespace: {{ .Values.controller.shareProcessNamespace }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
containers:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: {{ .Values.appsec.name }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
securityContext:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ toYaml .Values.appsec.securityContext | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- $tag := .Values.appsec.image.tag }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.appsec.configMapContent.crowdsec.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- $tag = "crowdsec-1.2314-rc1" }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- with .Values.appsec.image }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
image: "{{- if .registry }}{{ .registry }}/{{- end }}{{- if .repository }}{{ .repository }}/{{- end }}{{ .image }}{{- if .tag }}:{{ .tag }}{{- end }}{{- if (.digest) -}} @{{.digest}} {{- end }}"
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
command:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- {{ .Values.appsec.command }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
imagePullPolicy: {{ .Values.appsec.image.pullPolicy }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
args:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (eq "standalone" .Values.appsec.mode) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- --hybrid-mode
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- --token
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- cp-3fb5c718-5e39-47e6-8d5e-99b4bc5660b74b4b7fc8-5312-451d-a763-aaf7872703c0
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- else }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- --token
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- {{ .Values.appsec.agentToken }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end -}}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.appsec.customFog.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- --fog
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- {{ .Values.appsec.customFog.fogAddress }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.appsec.proxy }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- --proxy
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- {{ .Values.appsec.proxy }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
imagePullPolicy: {{ .Values.appsec.image.pullPolicy }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
env:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: user_email
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
value: {{ .Values.appsec.userEmail }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: registered_server
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
value: "NGINX Server"
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if eq .Values.appsec.playground false }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: SHARED_STORAGE_HOST
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
value: {{ .Values.appsec.storage.name }}-svc
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: LEARNING_HOST
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
value: {{ .Values.appsec.learning.name }}-svc
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- else }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: PLAYGROUND
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
value: "true"
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
envFrom:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- configMapRef:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
name: {{ .Values.appsec.configMapName | default "appsec-settings-configmap" }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- secretRef:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
name: {{ .Values.appsec.secretName | default "appsec-settings-secret" }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
resources:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ toYaml .Values.resources | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
volumeMounts:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: advanced-model
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
mountPath: /advanced-model
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (eq .Values.appsec.persistence.enabled true) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: appsec-conf
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
mountPath: /etc/cp/conf
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: appsec-data
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
mountPath: /etc/cp/data
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: {{ .Values.controller.containerName }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- $tag := .Values.appsec.nginx.image.tag }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.appsec.configMapContent.crowdsec.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- $tag = "1.2303.1-rc1-v1.3.0" }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- with .Values.appsec.nginx.image }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
image: "{{ .repository }}:{{ .tag }}"
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.lifecycle }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
lifecycle: {{ toYaml .Values.controller.lifecycle | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
args:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- include "ingress-nginx.params" . | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
securityContext: {{ include "controller.containerSecurityContext" . | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
env:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: POD_NAME
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
valueFrom:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
fieldRef:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
fieldPath: metadata.name
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: POD_NAMESPACE
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
valueFrom:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
fieldRef:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
fieldPath: metadata.namespace
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.enableMimalloc }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: LD_PRELOAD
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
value: /usr/local/lib/libmimalloc.so
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.extraEnvs }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- toYaml .Values.controller.extraEnvs | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.startupProbe }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
startupProbe: {{ toYaml .Values.controller.startupProbe | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.livenessProbe }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
livenessProbe: {{ toYaml .Values.controller.livenessProbe | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.readinessProbe }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
readinessProbe: {{ toYaml .Values.controller.readinessProbe | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
ports:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- range $key, $value := .Values.controller.containerPort }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: {{ $key }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
containerPort: {{ $value }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
protocol: TCP
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if $.Values.controller.hostPort.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
hostPort: {{ index $.Values.controller.hostPort.ports $key | default $value }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.metrics.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: {{ .Values.controller.metrics.portName }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
containerPort: {{ .Values.controller.metrics.port }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
protocol: TCP
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.admissionWebhooks.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: webhook
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
containerPort: {{ .Values.controller.admissionWebhooks.port }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
protocol: TCP
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- range $key, $value := .Values.tcp }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-tcp
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
containerPort: {{ $key }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
protocol: TCP
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if $.Values.controller.hostPort.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
hostPort: {{ $key }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- range $key, $value := .Values.udp }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: {{ if $.Values.portNamePrefix }}{{ $.Values.portNamePrefix }}-{{ end }}{{ $key }}-udp
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
containerPort: {{ $key }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
protocol: UDP
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if $.Values.controller.hostPort.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
hostPort: {{ $key }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
volumeMounts:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: modules
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ if .Values.controller.image.chroot }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
mountPath: /chroot/modules_mount
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ else }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
mountPath: /modules_mount
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.customTemplate.configMapName }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- mountPath: /etc/nginx/template
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
name: nginx-template-volume
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
readOnly: true
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.admissionWebhooks.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: webhook-cert
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
mountPath: /usr/local/certificates/
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
readOnly: true
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.extraVolumeMounts }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- toYaml .Values.controller.extraVolumeMounts | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.resources }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
resources: {{ toYaml .Values.controller.resources | nindent 12 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.extraContainers }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ toYaml .Values.controller.extraContainers | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (or .Values.controller.extraInitContainers .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
initContainers:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.extraInitContainers }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ toYaml .Values.controller.extraInitContainers | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.extraModules }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- range .Values.controller.extraModules }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- $containerSecurityContext := .containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- include "extraModules" (dict "name" .name "image" .image "containerSecurityContext" $containerSecurityContext) | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.opentelemetry.enabled}}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- $otelContainerSecurityContext := $.Values.controller.opentelemetry.containerSecurityContext | default $.Values.controller.containerSecurityContext }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ $otelResources := $.Values.controller.opentelemetry.resources | default dict }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- include "extraModules" (dict "name" "opentelemetry" "image" .Values.controller.opentelemetry.image "containerSecurityContext" $otelContainerSecurityContext "distroless" true "resources" $otelResources) | nindent 8}}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end}}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.hostNetwork }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
hostNetwork: {{ .Values.controller.hostNetwork }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.nodeSelector }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
nodeSelector: {{ toYaml .Values.controller.nodeSelector | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.tolerations }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.affinity }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
affinity: {{ toYaml .Values.controller.affinity | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.topologySpreadConstraints }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
topologySpreadConstraints: {{ tpl (toYaml .Values.controller.topologySpreadConstraints) $ | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
serviceAccountName: {{ template "ingress-nginx.serviceAccountName" . }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules .Values.controller.opentelemetry.enabled) }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
volumes:
|
|
- name: advanced-model
|
|
configMap:
|
|
name: advanced-model-config
|
|
optional: true
|
|
{{- if (and (eq .Values.kind "AppSec") .Values.appsec.persistence.enabled) }}
|
|
- name: appsec-conf
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Values.appsec.name }}-conf
|
|
- name: appsec-data
|
|
persistentVolumeClaim:
|
|
claimName: {{ .Values.appsec.name }}-data
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (or .Values.controller.extraModules .Values.controller.opentelemetry.enabled)}}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: modules
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
emptyDir: {}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.customTemplate.configMapName }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: nginx-template-volume
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
configMap:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
name: {{ .Values.controller.customTemplate.configMapName }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
items:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- key: {{ .Values.controller.customTemplate.configMapKey }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
path: nginx.tmpl
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.admissionWebhooks.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- name: webhook-cert
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
secret:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
secretName: {{ include "ingress-nginx.fullname" . }}-admission
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.admissionWebhooks.certManager.enabled }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
items:
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- key: tls.crt
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
path: cert
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
- key: tls.key
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
path: key
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if .Values.controller.extraVolumes }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{ toYaml .Values.controller.extraVolumes | nindent 8 }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- end }}
|
|
{{- if (and (not (eq .Values.kind "AppSecStateful")) (eq .Values.controller.kind "DaemonSet")) }}
|
|
{{- if (not (eq .Values.kind "Vanilla")) }}
|
|
{{ else }}
|
|
{{- if (and (eq .Values.kind "AppSecStateful") .Values.appsec.persistence.enabled) }}
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: appsec-conf
|
|
spec:
|
|
accessModes: [ "ReadWriteOnce" ]
|
|
# Need to create a storage class resource.
|
|
{{- if .Values.appsec.persistence.storageClass }}
|
|
{{- if (eq "-" .Values.appsec.persistence.storageClass) }}
|
|
storageClassName: ""
|
|
{{- else }}
|
|
storageClassName: "{{ .Values.appsec.persistence.storageClass }}"
|
|
{{- end -}}
|
|
{{- end }}
|
|
resources:
|
|
requests:
|
|
storage: {{ .Values.appsec.persistence.conf.size | quote }}
|
|
- metadata:
|
|
name: appsec-data
|
|
spec:
|
|
accessModes: [ "ReadWriteOnce" ]
|
|
# Need to create a storage class resource.
|
|
{{- if .Values.appsec.persistence.storageClass }}
|
|
{{- if (eq "-" .Values.appsec.persistence.storageClass) }}
|
|
storageClassName: ""
|
|
{{- else }}
|
|
storageClassName: "{{ .Values.appsec.persistence.storageClass }}"
|
|
{{- end -}}
|
|
{{- end }}
|
|
resources:
|
|
requests:
|
|
storage: {{ .Values.appsec.persistence.data.size | quote }}
|
|
{{- end }}
|
|
{{- end }}
|