diff --git a/idsvr/templates/cluster-conf.yaml b/idsvr/templates/cluster-conf.yaml index ae7482f..8916ee7 100644 --- a/idsvr/templates/cluster-conf.yaml +++ b/idsvr/templates/cluster-conf.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.curity.onlyRuntimeNodes }} apiVersion: v1 kind: Secret metadata: @@ -86,4 +87,5 @@ spec: configMap: name: {{ include "curity.fullname" . }}-cluster-conf-map serviceAccountName: {{ include "curity.fullname" . }}-service-account - restartPolicy: Never \ No newline at end of file + restartPolicy: Never +{{- end }} \ No newline at end of file diff --git a/idsvr/templates/config-backup.yaml b/idsvr/templates/config-backup.yaml index 75141ba..f6cde65 100644 --- a/idsvr/templates/config-backup.yaml +++ b/idsvr/templates/config-backup.yaml @@ -1,4 +1,5 @@ {{- if .Values.curity.config.backup -}} +{{- required "\n Admin node need to be running if curity.config.backup is true! use --set curity.config.onlyRuntimeNodes=false" ( .Values.curity.onlyRuntimeNodes ) }} apiVersion: v1 kind: Secret metadata: diff --git a/idsvr/templates/deployment-admin.yaml b/idsvr/templates/deployment-admin.yaml index b4ceba3..151f452 100644 --- a/idsvr/templates/deployment-admin.yaml +++ b/idsvr/templates/deployment-admin.yaml @@ -1,4 +1,5 @@ {{- $root := . -}} + {{- if not .Values.curity.onlyRuntimeNodes -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -245,4 +246,5 @@ spec: {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/idsvr/templates/deployment-runtime.yaml b/idsvr/templates/deployment-runtime.yaml index e4e0645..81401db 100644 --- a/idsvr/templates/deployment-runtime.yaml +++ b/idsvr/templates/deployment-runtime.yaml @@ -91,15 +91,18 @@ spec: successThreshold: {{ .Values.curity.runtime.readinessProbe.successThreshold }} periodSeconds: {{ .Values.curity.runtime.readinessProbe.periodSeconds }} initialDelaySeconds: {{ .Values.curity.runtime.readinessProbe.initialDelaySeconds }} + {{- if or .Values.curity.runtime.logging.stdout ( not .Values.curity.onlyRuntimeNodes ) .Values.curity.config.configurationSecret .Values.curity.config.configurationConfigMap .Values.curity.config.configuration }} volumeMounts: {{- if .Values.curity.runtime.logging.stdout }} - mountPath: /opt/idsvr/var/log/ name: log-volume {{- end }} + {{- if not .Values.curity.onlyRuntimeNodes }} - mountPath: /opt/idsvr/etc/init/cluster.xml subPath: cluster.xml name: cluster-xml readOnly: true + {{- end }} {{- if .Values.curity.config.configurationSecret }} - mountPath: /opt/idsvr/etc/init/config.xml subPath: config.xml @@ -130,6 +133,7 @@ spec: {{- end }} {{- end }} {{- end }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- if .Values.curity.runtime.logging.stdout }} @@ -150,17 +154,20 @@ spec: imagePullSecrets: - name: {{ .Values.image.pullSecret}} {{- end }} + {{- if or .Values.curity.runtime.logging.stdout ( ne .Values.curity.onlyRuntimeNodes true ) .Values.curity.config.configurationSecret .Values.curity.config.configurationConfigMap .Values.curity.config.configuration }} volumes: {{- if .Values.curity.runtime.logging.stdout }} - name: log-volume emptyDir: {} {{- end }} + {{- if ne .Values.curity.onlyRuntimeNodes true }} - name: cluster-xml secret: secretName: {{ include "curity.fullname" . }}-cluster-config-xml items: - key: cluster-{{ .Release.Revision }}.xml path: cluster.xml + {{- end }} {{- if .Values.curity.config.configurationSecret }} - name: config secret: @@ -195,6 +202,7 @@ spec: path: {{ $confItem.path }} {{- end }} {{- end }} + {{- end }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/idsvr/templates/ingress.yaml b/idsvr/templates/ingress.yaml index b221ca9..09bde8b 100644 --- a/idsvr/templates/ingress.yaml +++ b/idsvr/templates/ingress.yaml @@ -12,7 +12,7 @@ metadata: spec: {{- if or .Values.ingress.admin.secretName .Values.ingress.runtime.secretName }} tls: - {{- if .Values.ingress.admin.secretName }} + {{- if and .Values.curity.config.uiEnabled ( not .Values.curity.onlyRuntimeNodes ) }} - hosts: - {{ .Values.ingress.admin.host}} secretName: {{ .Values.ingress.admin.secretName }} @@ -36,7 +36,7 @@ spec: port: name: http-port {{- end }} - {{- if .Values.curity.config.uiEnabled }} + {{- if and .Values.curity.config.uiEnabled ( not .Values.curity.onlyRuntimeNodes ) }} - host: {{ .Values.ingress.admin.host }} http: paths: diff --git a/idsvr/templates/network.yaml b/idsvr/templates/network.yaml index 2e0ba65..c79f04b 100644 --- a/idsvr/templates/network.yaml +++ b/idsvr/templates/network.yaml @@ -1,4 +1,4 @@ -{{- if .Values.networkpolicy.enabled -}} +{{- if and .Values.networkpolicy.enabled ( .Values.curity.onlyRuntimeNodes ) -}} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: diff --git a/idsvr/templates/rbac.yaml b/idsvr/templates/rbac.yaml index d2c3131..74bf6c2 100644 --- a/idsvr/templates/rbac.yaml +++ b/idsvr/templates/rbac.yaml @@ -1,3 +1,4 @@ +{{- if or ( not .Values.curity.onlyRuntimeNodes ) .Values.curity.config.convertKeystore -}} apiVersion: v1 kind: ServiceAccount metadata: @@ -40,4 +41,5 @@ roleRef: name: {{ include "curity.fullname" . }}-create-secret subjects: - kind: ServiceAccount - name: {{ include "curity.fullname" . }}-service-account \ No newline at end of file + name: {{ include "curity.fullname" . }}-service-account +{{- end }} \ No newline at end of file diff --git a/idsvr/templates/service-admin.yaml b/idsvr/templates/service-admin.yaml index afd4370..ef32cc6 100644 --- a/idsvr/templates/service-admin.yaml +++ b/idsvr/templates/service-admin.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.curity.onlyRuntimeNodes -}} apiVersion: v1 kind: Service metadata: @@ -34,4 +35,4 @@ spec: app.kubernetes.io/name: {{ include "curity.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} role: {{ include "curity.fullname" . }}-admin - \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/idsvr/values.yaml b/idsvr/values.yaml index 55d6b75..4f3210a 100644 --- a/idsvr/values.yaml +++ b/idsvr/values.yaml @@ -19,6 +19,7 @@ curity: healthCheckPort: 4465 adminUiPort: 6749 adminUiHttp: false + onlyRuntimeNodes: false admin: role: admin