# Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership. # The ASF licenses this file to You under the Apache License, Version 2.0 # (the "License"); you may not use this file except in compliance with # the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-operator"))) | printf "%s-operator" }} namespace: {{ .Release.Namespace }} labels: control-plane: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-controller-manager"))) | printf "%s-controller-manager" }} {{- include "operator.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: control-plane: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-controller-manager"))) | printf "%s-controller-manager" }} {{- include "operator.selectorLabels" . | nindent 6 }} template: metadata: labels: control-plane: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-controller-manager"))) | printf "%s-controller-manager" }} {{- include "operator.selectorLabels" . | nindent 8 }} spec: containers: - args: - --config=controller_manager_config.yaml command: - /manager image: {{ .Values.image.repository }}:{{ required "operator.image.tag is required" .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager {{- if .Values.webhook.enabled }} ports: - containerPort: {{ .Values.webhook.service.port }} name: webhook-server protocol: TCP {{- end }} readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: {{- toYaml .Values.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 10 }} volumeMounts: {{- if .Values.webhook.enabled }} - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true {{- end }} - mountPath: /controller_manager_config.yaml name: manager-config subPath: controller_manager_config.yaml - args: {{- if .Values.metrics.enabled }} - --secure-listen-address=0.0.0.0:{{ .Values.metrics.service.port }} {{- end }} - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 name: kube-rbac-proxy {{- if .Values.metrics.enabled }} ports: - containerPort: {{ .Values.metrics.service.port }} name: https protocol: TCP {{- end }} securityContext: runAsNonRoot: true serviceAccountName: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-controller-manager"))) | printf "%s-controller-manager" }} terminationGracePeriodSeconds: 10 volumes: {{- if .Values.webhook.enabled }} - name: cert secret: defaultMode: 420 secretName: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-controller-manager-cert"))) | printf "%s-controller-manager-cert" }} {{- end }} - configMap: name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-manager-config"))) | printf "%s-manager-config" }} name: manager-config {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }}