WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-11 18:36:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
04dcafe578f9cd6d98ad525529341b35f424ad4e
fedora-infra_ansible/roles/openshift-apps/openvpn/templates/deployment.yml.j2
Nils Philippsen 6c85fda0c9 Mass remove/replace iad2 -> rdu3, 10.3. -> 10.16. 
Signed-off-by: Nils Philippsen <nils@redhat.com>
2025-07-03 20:05:02 +02:00

100 lines
3.0 KiB
Django/Jinja
Raw Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openvpn-client
annotations:
image.openshift.io/triggers: '[{"from":{"kind":"ImageStreamTag","name":"openvpn:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"setup\")].image"},{"from":{"kind":"ImageStreamTag","name":"openvpn:latest"},"fieldPath":"spec.template.spec.containers[?(@.name==\"openvpn\")].image"}]'
spec:
{% if datacenter == 'rdu3' %}
replicas: {{ ocp_nodes_rdu3 | length }}
{% else %}
replicas: {{ ocp_nodes | length }}
{% endif %}
selector:
matchLabels:
app: openvpn-client
strategy:
type: Recreate
template:
metadata:
labels:
app: openvpn-client
spec:
initContainers:
- name: setup
image: image-registry.openshift-image-registry.svc:5000/openvpn-client/openvpn:latest
command: ["/bin/bash", "-c"]
args:
- >
set -e;
cp -v /ssl/${NODENAME}.crt /config/ssl/client.crt;
cp -v /ssl/${NODENAME}.key /config/ssl/client.key;
cp -v /ssl/ca.crt /config/ssl/;
env:
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /ssl
name: all-certs
- mountPath: /config/ssl
name: openvpn-ssl
containers:
- image: image-registry.openshift-image-registry.svc:5000/openvpn/openvpn:latest
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
add: ["NET_ADMIN"]
name: openvpn
volumeMounts:
- mountPath: /config/ssl
name: openvpn-ssl
- mountPath: /config/openvpn.conf
name: openvpn-config
readOnly: true
subPath: openvpn.conf
- mountPath: /dev/net/tun
readOnly: true
name: tun-device
hostNetwork: true
restartPolicy: Always
serviceAccount: openvpn
serviceAccountName: openvpn
terminationGracePeriodSeconds: 5
volumes:
- name: all-certs
secret:
secretName: openvpn-certs
defaultMode: 0400
- configMap:
name: openvpn-config
name: openvpn-config
- name: tun-device
hostPath:
path: /dev/net/tun
- name: openvpn-ssl
emptyDir: {}
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- openvpn-client
topologyKey: "kubernetes.io/hostname"
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: ingresscontroller.operator.openshift.io/deployment-ingresscontroller
operator: In
values:
- default
topologyKey: "kubernetes.io/hostname"
namespaces:
- openshift-ingress
Reference in New Issue View Git Blame Copy Permalink