--- /dev/null
+{{- if .Values.ingress.enabled }}
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ labels:
+ app: gloo
+ gloo: ingress-proxy
+ name: ingress-proxy
+ namespace: {{ .Release.Namespace }}
+spec:
+ replicas: {{ .Values.ingressProxy.deployment.replicas }}
+ selector:
+ matchLabels:
+ gloo: ingress-proxy
+ template:
+ metadata:
+ labels:
+ gloo: ingress-proxy
+{{- with .Values.ingressProxy.deployment.extraAnnotations }}
+ annotations:
+{{toYaml . | indent 8}}{{- end }}
+ spec:
+ containers:
+ - args: ["--disable-hot-restart"]
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ image: "{{ .Values.ingressProxy.deployment.image.repository }}:{{ .Values.ingressProxy.deployment.image.tag }}"
+ imagePullPolicy: {{ .Values.ingressProxy.deployment.image.pullPolicy }}
+ name: ingress-proxy
+ securityContext:
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ add:
+ - NET_BIND_SERVICE
+ ports:
+ - containerPort: {{ .Values.ingressProxy.deployment.httpPort }}
+ name: http
+ protocol: TCP
+ - containerPort: {{ .Values.ingressProxy.deployment.httpsPort }}
+ name: https
+ protocol: TCP
+{{- with .Values.ingressProxy.deployment.extraPorts }}
+{{toYaml . | indent 8}}{{- end }}
+ volumeMounts:
+ - mountPath: /etc/envoy
+ name: envoy-config
+ {{- if .Values.ingressProxy.deployment.image.pullSecret }}
+ imagePullSecrets:
+ - name: {{ .Values.ingressProxy.deployment.image.pullSecret }}{{end}}
+ volumes:
+ - configMap:
+ name: ingress-envoy-config
+ name: envoy-config
+
+{{- end }}
\ No newline at end of file