apiVersion: apps/v1 kind: Deployment metadata: labels: app.kubeshark.com/app: front {{- include "kubeshark.labels" . | nindent 4 }} {{- if .Values.tap.annotations }} annotations: {{- toYaml .Values.tap.annotations | nindent 4 }} {{- end }} name: {{ include "kubeshark.name" . }}-front namespace: {{ .Release.Namespace }} spec: replicas: 1 # Set the desired number of replicas selector: matchLabels: app.kubeshark.com/app: front {{- include "kubeshark.selectorLabels" . | nindent 6 }} template: metadata: labels: app.kubeshark.com/app: front {{- include "kubeshark.labels" . | nindent 8 }} spec: containers: - env: - name: REACT_APP_AUTH_ENABLED value: '{{- if or (and .Values.cloudLicenseEnabled (not (empty .Values.license))) (not .Values.internetConnectivity) -}} {{ (and .Values.tap.auth.enabled (eq .Values.tap.auth.type "dex")) | ternary true false }} {{- else -}} {{ .Values.cloudLicenseEnabled | ternary "true" .Values.tap.auth.enabled }} {{- end }}' - name: REACT_APP_AUTH_TYPE value: '{{- if and .Values.cloudLicenseEnabled (not (eq .Values.tap.auth.type "dex")) -}} default {{- else -}} {{ .Values.tap.auth.type }} {{- end }}' - name: REACT_APP_COMPLETE_STREAMING_ENABLED value: '{{- if and (hasKey .Values.tap "dashboard") (hasKey .Values.tap.dashboard "completeStreamingEnabled") -}} {{ eq .Values.tap.dashboard.completeStreamingEnabled true | ternary "true" "false" }} {{- else -}} true {{- end }}' - name: REACT_APP_STREAMING_TYPE value: '{{ default "" (((.Values).tap).dashboard).streamingType }}' - name: REACT_APP_AUTH_SAML_IDP_METADATA_URL value: '{{ not (eq .Values.tap.auth.saml.idpMetadataUrl "") | ternary .Values.tap.auth.saml.idpMetadataUrl " " }}' - name: REACT_APP_TIMEZONE value: '{{ not (eq .Values.timezone "") | ternary .Values.timezone " " }}' - name: REACT_APP_SCRIPTING_DISABLED value: '{{- if .Values.tap.liveConfigMapChangesDisabled -}} {{- if .Values.demoModeEnabled -}} {{ .Values.demoModeEnabled | ternary false true }} {{- else -}} true {{- end }} {{- else -}} false {{- end }}' - name: REACT_APP_TARGETED_PODS_UPDATE_DISABLED value: '{{ .Values.tap.liveConfigMapChangesDisabled }}' - name: REACT_APP_PRESET_FILTERS_CHANGING_ENABLED value: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "false" "true" }}' - name: REACT_APP_BPF_OVERRIDE_DISABLED value: '{{ eq .Values.tap.packetCapture "af_packet" | ternary "false" "true" }}' - name: REACT_APP_RECORDING_DISABLED value: '{{ .Values.tap.liveConfigMapChangesDisabled }}' - name: REACT_APP_STOP_TRAFFIC_CAPTURING_DISABLED value: '{{- if and .Values.tap.liveConfigMapChangesDisabled .Values.tap.capture.stopped -}} false {{- else -}} {{ .Values.tap.liveConfigMapChangesDisabled | ternary "true" "false" }} {{- end -}}' - name: 'REACT_APP_CLOUD_LICENSE_ENABLED' value: '{{- if or (and .Values.cloudLicenseEnabled (not (empty .Values.license))) (not .Values.internetConnectivity) -}} "false" {{- else -}} {{ .Values.cloudLicenseEnabled }} {{- end }}' - name: 'REACT_APP_AI_ASSISTANT_ENABLED' value: '{{ .Values.aiAssistantEnabled | ternary "true" "false" }}' - name: REACT_APP_SUPPORT_CHAT_ENABLED value: '{{ and .Values.supportChatEnabled .Values.internetConnectivity | ternary "true" "false" }}' - name: REACT_APP_BETA_ENABLED value: '{{ default false .Values.betaEnabled | ternary "true" "false" }}' - name: REACT_APP_DISSECTORS_UPDATING_ENABLED value: '{{ .Values.tap.liveConfigMapChangesDisabled | ternary "false" "true" }}' - name: REACT_APP_RAW_CAPTURE_ENABLED value: '{{ .Values.tap.capture.raw.enabled | ternary "true" "false" }}' - name: REACT_APP_SENTRY_ENABLED value: '{{ (include "sentry.enabled" .) }}' - name: REACT_APP_SENTRY_ENVIRONMENT value: '{{ .Values.tap.sentry.environment }}' {{- if .Values.tap.docker.overrideImage.front }} image: '{{ .Values.tap.docker.overrideImage.front }}' {{- else if .Values.tap.docker.overrideTag.front }} image: '{{ .Values.tap.docker.registry }}/front:{{ .Values.tap.docker.overrideTag.front }}' {{ else }} image: '{{ .Values.tap.docker.registry }}/front:{{ not (eq .Values.tap.docker.tag "") | ternary .Values.tap.docker.tag (include "kubeshark.defaultVersion" .) }}' {{- end }} imagePullPolicy: {{ .Values.tap.docker.imagePullPolicy }} name: kubeshark-front livenessProbe: periodSeconds: 1 failureThreshold: 3 successThreshold: 1 initialDelaySeconds: 3 tcpSocket: port: 8080 readinessProbe: periodSeconds: 1 failureThreshold: 3 successThreshold: 1 initialDelaySeconds: 3 tcpSocket: port: 8080 timeoutSeconds: 1 resources: limits: cpu: 750m memory: 1Gi requests: cpu: 50m memory: 50Mi volumeMounts: - name: nginx-config mountPath: /etc/nginx/conf.d/default.conf subPath: default.conf readOnly: true {{- if gt (len .Values.tap.nodeSelectorTerms.front) 0}} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: {{- toYaml .Values.tap.nodeSelectorTerms.front | nindent 12 }} {{- end }} {{- if or .Values.tap.dns.nameservers .Values.tap.dns.searches .Values.tap.dns.options }} dnsConfig: {{- if .Values.tap.dns.nameservers }} nameservers: {{- range .Values.tap.dns.nameservers }} - {{ . | quote }} {{- end }} {{- end }} {{- if .Values.tap.dns.searches }} searches: {{- range .Values.tap.dns.searches }} - {{ . | quote }} {{- end }} {{- end }} {{- if .Values.tap.dns.options }} options: {{- range .Values.tap.dns.options }} - name: {{ .name | quote }} {{- if .value }} value: {{ .value | quote }} {{- end }} {{- end }} {{- end }} {{- end }} {{- if .Values.tap.tolerations.front }} tolerations: {{- range .Values.tap.tolerations.front }} - key: {{ .key | quote }} operator: {{ .operator | quote }} {{- if .value }} value: {{ .value | quote }} {{- end }} {{- if .effect }} effect: {{ .effect | quote }} {{- end }} {{- if .tolerationSeconds }} tolerationSeconds: {{ .tolerationSeconds }} {{- end }} {{- end }} {{- end }} volumes: - name: nginx-config configMap: name: kubeshark-nginx-config-map dnsPolicy: ClusterFirstWithHostNet serviceAccountName: {{ include "kubeshark.serviceAccountName" . }} {{- if .Values.tap.priorityClass }} priorityClassName: {{ .Values.tap.priorityClass | quote }} {{- end }}