apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "chart.fullname" . }} labels: {{- include "chart.labels" . | nindent 4 }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} selector: matchLabels: {{- include "chart.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "chart.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: pvc-openvpn persistentVolumeClaim: claimName: {{ include "chart.fullname" . }} - name: pki-scripts configMap: name: {{ include "chart.fullname" . }}-pki-scripts securityContext: sysctls: - name: net.ipv4.ip_forward value: "1" containers: - name: {{ .Chart.Name }} image: {{ include "chart.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - mountPath: "/etc/openvpn" name: pvc-openvpn - mountPath: /scripts name: pki-scripts env: - name: OVPN_SERVER value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" - name: OPENVPN value: "/etc/openvpn" securityContext: capabilities: add: - NET_ADMIN initContainers: # ---------------------------------------------------------------------- # -- This init container is generating the basic configuration # ---------------------------------------------------------------------- - name: 0-ovpn-genconfig image: {{ include "chart.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - mountPath: "/etc/openvpn" name: pvc-openvpn env: - name: OVPN_SERVER_URL value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" - name: OVPN_DATA value: "/etc/openvpn" - name: OPENVPN value: "/etc/openvpn" command: - sh - -c - 'if ! [ -f "/etc/openvpn/ovpn_env.sh" ]; then ovpn_genconfig -u $OVPN_SERVER_URL && touch /etc/openvpn/.init; fi' - name: 1-ovpn-initpki env: - name: OVPN_DATA value: /etc/openvpn - name: OPENVPN value: "/etc/openvpn" - name: EASYRSA_REQ_CN value: {{ .Values.easyrsa.cn }} - name: EASYRSA_REQ_COUNTRY value: {{ .Values.easyrsa.country }} - name: EASYRSA_REQ_PROVINCE value: {{ .Values.easyrsa.province }} - name: EASYRSA_REQ_CITY value: {{ .Values.easyrsa.city }} - name: EASYRSA_REQ_ORG value: {{ .Values.easyrsa.org }} - name: EASYRSA_REQ_EMAIL value: {{ .Values.easyrsa.email }} - name: EASYRSA_REQ_OU value: {{ .Values.easyrsa.ou }} - name: EASYRSA_ALGO value: {{ .Values.easyrsa.algo }} - name: EASYRSA_DIGEST value: {{ .Values.easyrsa.digest }} - name: EASYRSA_BATCH value: "yes" - name: OVPN_SERVER_URL value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}" volumeMounts: - mountPath: "/etc/openvpn" name: pvc-openvpn - mountPath: /scripts name: pki-scripts image: {{ include "chart.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: - bash - /scripts/init_pki.sh {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}