[GENERAL] Allow different port for svc and pod

[oom.git] / kubernetes / common / common / templates / _pod.tpl

diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index 9329572..b38a7f1 100644 (file)
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -19,10 +19,12 @@
   Will use first ".Values.service.ports" list.
   Will append ports from ".Values.service.headlessPorts" only if port number is
   not already in port list.
   Will use first ".Values.service.ports" list.
   Will append ports from ".Values.service.headlessPorts" only if port number is
   not already in port list.

+  Will add tls port AND plain port if both_tls_and_plain is set to true

 */}}
 {{- define "common.containerPorts" -}}
 {{-   $ports := default (list) .Values.service.ports }}
 {{-   $portsNumber := list }}
 */}}
 {{- define "common.containerPorts" -}}
 {{-   $ports := default (list) .Values.service.ports }}
 {{-   $portsNumber := list }}

+{{-   $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }}

 {{-   range $index, $port := $ports }}
 {{-     $portsNumber = append $portsNumber $port.port }}
 {{-   end }}
 {{-   range $index, $port := $ports }}
 {{-     $portsNumber = append $portsNumber $port.port }}
 {{-   end }}


@@ -31,8 +33,37 @@
 {{-       $ports = append $ports $port }}
 {{-     end }}
 {{-   end }}
 {{-       $ports = append $ports $port }}
 {{-     end }}
 {{-   end }}

+{{- $global := . }}

 {{-   range $index, $port := $ports }}
 {{-   range $index, $port := $ports }}

-- containerPort: {{ $port.port }}
+{{-     if (include "common.needTLS" $global) }}
+- containerPort: {{ default $port.port $port.internal_port }}
+{{-     else }}
+- containerPort: {{ default (default $port.port $port.internal_port) (default $port.plain_port $port.internal_plain_port) }}
+{{-     end }}

   name: {{ $port.name }}
   name: {{ $port.name }}

+{{-     if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain))  }}
+- containerPort: {{ default $port.plain_port $port.internal_plain_port }}
+  name: {{ $port.name }}-plain
+{{-     end }}

 {{-   end }}
 {{- end -}}
 {{-   end }}
 {{- end -}}

+
+{{/*
+   Generate securityContext for pod
+*/}}
+{{- define "common.podSecurityContext" -}}
+securityContext:
+  runAsUser: {{ .Values.securityContext.user_id }}
+  runAsGroup: {{ .Values.securityContext.group_id }}
+  fsGroup: {{ .Values.securityContext.group_id }}
+{{- end }}
+
+{{/*
+   Generate securityContext for container
+*/}}
+{{- define "common.containerSecurityContext" -}}
+securityContext:
+  readOnlyRootFilesystem: true
+  privileged: false
+  allowPrivilegeEscalation: false
+{{- end }}