54 lines
1.8 KiB
YAML
54 lines
1.8 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ include "cloudflare-tunnel-remote.fullname" . }}
|
|
labels:
|
|
{{- include "cloudflare-tunnel-remote.labels" . | nindent 4 }}
|
|
spec:
|
|
replicas: {{ .Values.replicaCount }}
|
|
selector:
|
|
matchLabels:
|
|
pod: cloudflared
|
|
template:
|
|
metadata:
|
|
creationTimestamp: null
|
|
annotations:
|
|
# These are here so the deployment rolls when the config or secret change.
|
|
checksum/secret: {{ .Values.cloudflare.tunnel_token | sha256sum }}
|
|
{{- with .Values.podAnnotations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
pod: cloudflared
|
|
spec:
|
|
serviceAccountName: {{ include "cloudflare-tunnel-remote.fullname" . }}
|
|
containers:
|
|
- name: cloudflared
|
|
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default "latest" }}"
|
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
|
command:
|
|
- cloudflared
|
|
- tunnel
|
|
# We can regulate the cloudflared version via an image tag.
|
|
- --no-autoupdate
|
|
# In a k8s environment, the metrics server needs to listen outside the pod it runs on.
|
|
# The address 0.0.0.0:2000 allows any pod in the namespace.
|
|
- --metrics
|
|
- 0.0.0.0:2000
|
|
- run
|
|
env:
|
|
- name: TUNNEL_TOKEN
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: {{ include "cloudflare-tunnel-remote.fullname" . }}
|
|
key: tunnelToken
|
|
livenessProbe:
|
|
httpGet:
|
|
# Cloudflared has a /ready endpoint which returns 200 if and only if
|
|
# it has an active connection to the edge.
|
|
path: /ready
|
|
port: 2000
|
|
failureThreshold: 1
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|