apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "ovpn-admin-chart.fullname" . }} labels: {{- include "ovpn-admin-chart.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: {{- include "ovpn-admin-chart.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "ovpn-admin-chart.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "ovpn-admin-chart.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: openvpn securityContext: {{- toYaml .Values.openvpnSecurityContext | nindent 12 }} image: "{{ .Values.openvpn.image.repository }}:{{ .Values.openvpn.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.openvpn.image.pullPolicy }} command: [ '/entrypoint.sh' ] ports: - name: openvpn-tcp protocol: TCP containerPort: 1194 volumeMounts: - name: tmp mountPath: /tmp - name: dev-net mountPath: /dev/net - name: certs mountPath: /etc/openvpn/certs - name: ccd mountPath: /etc/openvpn/ccd - name: config mountPath: /etc/openvpn/openvpn.conf subPath: openvpn.conf readOnly: true - name: entrypoint mountPath: /entrypoint.sh subPath: entrypoint.sh readOnly: true resources: {{- toYaml .Values.resources | nindent 12 }} - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.openvpnAdminSecurityContext | nindent 12 }} image: "{{ .Values.openvpnAdmin.image.repository }}:{{ .Values.openvpnAdmin.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.openvpnAdmin.image.pullPolicy }} command: - /bin/sh - -c - /app/ovpn-admin --storage.backend="kubernetes.secrets" --listen.host="0.0.0.0" --listen.port="8000" --role="master" {{- if eq .Values.service.openvpn.connectionType "LoadBalancer" }} --ovpn.server.behindLB --ovpn.service="openvpn-external" {{- end }} --mgmt=main="127.0.0.1:8989" --ccd --ccd.path="/mnt/ccd" --easyrsa.path="/mnt/certs" {{- $externalHost := "" }} {{- if eq .Values.service.openvpn.connectionType "ExternalIP" }}{{ $externalHost = .Values.service.openvpn.externalIP }}{{- end }} {{- if ((.Values.service.openvpn).externalHost) }}{{ $externalHost = .Values.service.openvpn.externalHost }}{{- end }} {{- if ne $externalHost "" }} --ovpn.server="{{ $externalHost }}:{{ .Values.openvpn.externalPort | default 5416 | quote }}:tcp" {{- end }} ports: - name: http containerPort: 8000 protocol: TCP volumeMounts: - name: certs mountPath: /mnt/certs - name: ccd mountPath: /mnt/ccd resources: {{- toYaml .Values.resources | nindent 12 }} volumes: - name: tmp emptyDir: {} - name: dev-net emptyDir: {} - name: certs emptyDir: {} - name: ccd emptyDir: {} - name: config configMap: name: openvpn defaultMode: 0644 - name: entrypoint configMap: name: openvpn defaultMode: 0755 {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}