{{- if .Values.enterprise.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "enterprise-logs.adminApiFullname" . }} labels: {{- include "enterprise-logs.adminApiLabels" . | nindent 4 }} {{- with .Values.adminApi.labels }} {{- toYaml . | nindent 4 }} {{- end }} app.kubernetes.io/part-of: memberlist annotations: {{- with .Values.adminApi.annotations }} {{- toYaml . | nindent 4 }} {{- end }} spec: replicas: {{ .Values.adminApi.replicas }} selector: matchLabels: {{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 6 }} strategy: {{- toYaml .Values.adminApi.strategy | nindent 4 }} template: metadata: labels: {{- include "enterprise-logs.adminApiSelectorLabels" . | nindent 8 }} {{- with .Values.adminApi.labels }} {{- toYaml . | nindent 8 }} {{- end }} app.kubernetes.io/part-of: memberlist annotations: {{- if .Values.useExternalConfig }} checksum/config: {{ .Values.externalConfigVersion }} {{- else }} checksum/config: {{ include "loki.configMapOrSecretContentHash" (dict "ctx" . "name" "/config.yaml") }} {{- end}} {{- with .Values.adminApi.annotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.Version }} {{- with .Values.adminApi.topologySpreadConstraints }} topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} serviceAccountName: {{ template "loki.serviceAccountName" . }} {{- if .Values.adminApi.priorityClassName }} priorityClassName: {{ .Values.adminApi.priorityClassName }} {{- end }} securityContext: {{- toYaml .Values.adminApi.podSecurityContext | nindent 8 }} initContainers: # Taken from # https://github.com/minio/charts/blob/a5c84bcbad884728bff5c9c23541f936d57a13b3/minio/templates/post-install-create-bucket-job.yaml {{- if .Values.minio.enabled }} - name: minio-mc image: "{{ .Values.minio.mcImage.repository }}:{{ .Values.minio.mcImage.tag }}" imagePullPolicy: {{ .Values.minio.mcImage.pullPolicy }} command: ["/bin/sh", "/config/initialize"] env: - name: MINIO_ENDPOINT value: {{ .Release.Name }}-minio - name: MINIO_PORT value: {{ .Values.minio.service.port | quote }} volumeMounts: - name: minio-configuration mountPath: /config {{- if .Values.minio.tls.enabled }} - name: cert-secret-volume-mc mountPath: {{ .Values.minio.configPathmc }}certs {{ end }} {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.adminApi.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: admin-api image: "{{ template "loki.image" . }}" imagePullPolicy: {{ .Values.enterprise.image.pullPolicy }} args: - -target=admin-api - -config.file=/etc/loki/config/config.yaml {{- if .Values.minio.enabled }} - -admin.client.backend-type=s3 - -admin.client.s3.endpoint={{ template "loki.minio" . }} - -admin.client.s3.bucket-name=enterprise-logs-admin - -admin.client.s3.access-key-id={{ .Values.minio.accessKey }} - -admin.client.s3.secret-access-key={{ .Values.minio.secretKey }} - -admin.client.s3.insecure=true {{- end }} {{- range $key, $value := .Values.adminApi.extraArgs }} - "-{{ $key }}={{ $value }}" {{- end }} volumeMounts: - name: config mountPath: /etc/loki/config - name: license mountPath: /etc/loki/license - name: storage mountPath: /data {{- if .Values.adminApi.extraVolumeMounts }} {{ toYaml .Values.adminApi.extraVolumeMounts | nindent 12 }} {{- end }} ports: - name: http-metrics containerPort: 3100 protocol: TCP - name: grpc containerPort: 9095 protocol: TCP - name: http-memberlist containerPort: 7946 protocol: TCP readinessProbe: {{- toYaml .Values.adminApi.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.adminApi.resources | nindent 12 }} securityContext: {{- toYaml .Values.adminApi.containerSecurityContext | nindent 12 }} env: {{- if .Values.adminApi.env }} {{ toYaml .Values.adminApi.env | nindent 12 }} {{- end }} {{- with .Values.adminApi.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.adminApi.extraContainers }} {{ toYaml . | nindent 8 }} {{- end }} nodeSelector: {{- toYaml .Values.adminApi.nodeSelector | nindent 8 }} affinity: {{- toYaml .Values.adminApi.affinity | nindent 8 }} tolerations: {{- toYaml .Values.adminApi.tolerations | nindent 8 }} terminationGracePeriodSeconds: {{ .Values.adminApi.terminationGracePeriodSeconds }} volumes: - name: config {{- include "loki.configVolume" . | nindent 10 }} - name: license secret: {{- if .Values.enterprise.useExternalLicense }} secretName: {{ .Values.enterprise.externalLicenseName }} {{- else }} secretName: enterprise-logs-license {{- end }} - name: storage emptyDir: {} {{- if .Values.adminApi.extraVolumes }} {{ toYaml .Values.adminApi.extraVolumes | nindent 8 }} {{- end }} {{- if .Values.minio.enabled }} - name: minio-configuration projected: sources: - configMap: name: {{ .Release.Name }}-minio - secret: name: {{ .Release.Name }}-minio {{- if .Values.minio.tls.enabled }} - name: cert-secret-volume-mc secret: secretName: {{ .Values.minio.tls.certSecret }} items: - key: {{ .Values.minio.tls.publicCrt }} path: CAs/public.crt {{- end }} {{- end }} {{- end }}