{{- if .Values.enterprise.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "enterprise-logs.adminApiFullname" . }}
labels:
{{- include "enterprise-logs.adminApiLabels" . | nindent 4 }}
{{- with .Values.adminApi.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- with .Values.adminApi.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.adminApi.replicas }}
selector:
matchLabels:
{{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 6 }}
strategy:
{{- toYaml .Values.adminApi.strategy | nindent 4 }}
template:
metadata:
labels:
{{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 8 }}
{{- with .Values.adminApi.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
app.kubernetes.io/part-of: memberlist
annotations:
{{- if .Values.useExternalConfig }}
checksum/config: {{ .Values.externalConfigVersion }}
{{- else }}
checksum/config: {{ include "loki.configMapOrSecretContentHash" (dict "ctx" . "name" "/config.yaml") }}
{{- end}}
{{- with .Values.adminApi.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }}
{{- with .Values.adminApi.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "loki.serviceAccountName" . }}
{{- if .Values.adminApi.priorityClassName }}
priorityClassName: {{ .Values.adminApi.priorityClassName }}
{{- end }}
securityContext:
{{- toYaml .Values.adminApi.podSecurityContext | nindent 8 }}
initContainers:
# Taken from
# https://github.com/minio/charts/blob/a5c84bcbad884728bff5c9c23541f936d57a13b3/minio/templates/post-install-create-bucket-job.yaml
{{- if .Values.minio.enabled }}
- name: minio-mc
image: "{{ .Values.minio.mcImage.repository }}:{{ .Values.minio.mcImage.tag }}"
imagePullPolicy: {{ .Values.minio.mcImage.pullPolicy }}
command: ["/bin/sh", "/config/initialize"]
env:
- name: MINIO_ENDPOINT
value: {{ .Release.Name }}-minio
- name: MINIO_PORT
value: {{ .Values.minio.service.port | quote }}
volumeMounts:
- name: minio-configuration
mountPath: /config
{{- if .Values.minio.tls.enabled }}
- name: cert-secret-volume-mc
mountPath: {{ .Values.minio.configPathmc }}certs
{{ end }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.adminApi.hostAliases }}
hostAliases:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: admin-api
image: "{{ template "loki.image" . }}"
imagePullPolicy: {{ .Values.enterprise.image.pullPolicy }}
args:
- -target=admin-api
- -config.file=/etc/loki/config/config.yaml
{{- if .Values.minio.enabled }}
- -admin.client.backend-type=s3
- -admin.client.s3.endpoint={{ template "loki.minio" . }}
- -admin.client.s3.bucket-name=enterprise-logs-admin
- -admin.client.s3.access-key-id={{ .Values.minio.accessKey }}
- -admin.client.s3.secret-access-key={{ .Values.minio.secretKey }}
- -admin.client.s3.insecure=true
{{- end }}
{{- range $key, $value := .Values.adminApi.extraArgs }}
- "-{{ $key }}={{ $value }}"
{{- end }}
volumeMounts:
- name: config
mountPath: /etc/loki/config
- name: license
mountPath: /etc/loki/license
- name: storage
mountPath: /data
{{- if .Values.adminApi.extraVolumeMounts }}
{{ toYaml .Values.adminApi.extraVolumeMounts | nindent 12 }}
{{- end }}
ports:
- name: http-metrics
containerPort: 3100
protocol: TCP
- name: grpc
containerPort: 9095
protocol: TCP
- name: http-memberlist
containerPort: 7946
protocol: TCP
readinessProbe:
{{- toYaml .Values.adminApi.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.adminApi.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.adminApi.containerSecurityContext | nindent 12 }}
env:
{{- if .Values.adminApi.env }}
{{ toYaml .Values.adminApi.env | nindent 12 }}
{{- end }}
{{- with .Values.adminApi.extraEnvFrom }}
envFrom:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.adminApi.extraContainers }}
{{ toYaml . | nindent 8 }}
{{- end }}
nodeSelector:
{{- toYaml .Values.adminApi.nodeSelector | nindent 8 }}
affinity:
{{- toYaml .Values.adminApi.affinity | nindent 8 }}
tolerations:
{{- toYaml .Values.adminApi.tolerations | nindent 8 }}
terminationGracePeriodSeconds: {{ .Values.adminApi.terminationGracePeriodSeconds }}
volumes:
- name: config
{{- include "loki.configVolume" . | nindent 10 }}
- name: license
secret:
{{- if .Values.enterprise.useExternalLicense }}
secretName: {{ .Values.enterprise.externalLicenseName }}
{{- else }}
secretName: enterprise-logs-license
{{- end }}
- name: storage
emptyDir: {}
{{- if .Values.adminApi.extraVolumes }}
{{ toYaml .Values.adminApi.extraVolumes | nindent 8 }}
{{- end }}
{{- if .Values.minio.enabled }}
- name: minio-configuration
projected:
sources:
- configMap:
name: {{ .Release.Name }}-minio
- secret:
name: {{ .Release.Name }}-minio
{{- if .Values.minio.tls.enabled }}
- name: cert-secret-volume-mc
secret:
secretName: {{ .Values.minio.tls.certSecret }}
items:
- key: {{ .Values.minio.tls.publicCrt }}
path: CAs/public.crt
{{- end }}
{{- end }}
{{- end }}