support custom CA bundle for the api-server
[arvados-k8s.git] / charts / arvados / templates / api-server-deployment.yaml
1 # Copyright (C) The Arvados Authors. All rights reserved.
2 #
3 # SPDX-License-Identifier: Apache-2.0
4
5 apiVersion: apps/v1
6 kind: Deployment
7 metadata:
8   name: "arvados-api-server"
9   labels:
10     app: arvados-api-server
11     chart: {{ template "arvados.chart" . }}
12     release: {{ .Release.Name }}
13     heritage: {{ .Release.Service }}
14 spec:
15   selector:
16     matchLabels:
17       app: arvados-api-server
18       release: {{ .Release.Name }}
19   template:
20     metadata:
21       labels:
22         app: arvados-api-server
23         release: {{ .Release.Name }}
24     spec:
25       containers:
26         - name: arvados-api-server
27           image: "cure/arvados-rails-runtime"
28           imagePullPolicy: {{ .Values.image.pullPolicy }}
29           command:
30             - "sh"
31             - "-c"
32             - "install /init-scripts/*.sh /etc/my_init.d && /usr/local/bin/bootstrap.sh arvados-api-server={{ .Values.arvados.versions.distribution.arvadosApiServer }} && cd /var/www/arvados-api/current && exec /sbin/my_init"
33           env:
34             - name: RAILS_ENV
35               value: "production"
36           volumeMounts:
37             - name: api-server-configmap
38               mountPath: /init-scripts/90-init-db.sh
39               subPath: 90-init-db.sh
40             - name: api-server-configmap
41               mountPath: /etc/arvados/api/database.yml
42               subPath: database.yml
43             - name: etc-configmap
44               mountPath: /etc/arvados/config.yml
45               subPath: config.yml
46             - name: api-server-configmap
47               mountPath: /create-workbench-api-client.rb
48               subPath: create-workbench-api-client.rb
49             - name: api-server-configmap
50               mountPath: /etc/nginx/sites-enabled/api-server.conf
51               subPath: nginx.conf
52             {{- if .Values.customCABundle }}
53             - name: custom-ca-bundle-volume
54               mountPath: /etc/ssl/certs/ca-certificates.crt
55               subPath: custom-ca-bundle.pem
56             {{- end }}
57         - name: arvados-controller
58           image: "cure/arvados-runtime"
59           imagePullPolicy: {{ .Values.image.pullPolicy }}
60           command:
61             - "sh"
62             - "-c"
63             - "/usr/local/bin/bootstrap.sh arvados-controller={{ .Values.arvados.versions.distribution.arvadosController }} && arvados-controller"
64           volumeMounts:
65             - name: etc-configmap
66               mountPath: /etc/arvados/config.yml
67               subPath: config.yml
68         - name: nginx
69           image: "nginx:1.17"
70           imagePullPolicy: {{ .Values.image.pullPolicy }}
71           volumeMounts:
72             - name: nginx-configmap
73               mountPath: /etc/nginx/conf.d/default.conf
74               subPath: nginx.conf
75             - name: ssl-configmap
76               mountPath: /etc/nginx/ssl.crt
77               subPath: cert
78             - name: ssl-configmap
79               mountPath: /etc/nginx/ssl.key
80               subPath: key
81       volumes:
82         - name: api-server-configmap
83           configMap:
84             name: arvados-api-server-configmap
85         - name: etc-configmap
86           configMap:
87             name: etc-configmap
88         - name: ssl-configmap
89           configMap:
90             name: ssl-configmap
91         - name: nginx-configmap
92           configMap:
93             name: arvados-api-server-https-configmap
94         {{- if .Values.customCABundle }}
95         - name: custom-ca-bundle-volume
96           configMap:
97             name: custom-ca-bundle-configmap
98         {{- end }}