helm/templates/deployment.yaml (120 lines of code) (raw):
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ include "app.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
k8s-app: {{ include "app.name" . }}
helm.sh/chart: {{ include "chart.name-version" . }}
control-plane: controller
spec:
replicas: {{ .Values.deployment.replicas }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "app.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
annotations:
{{- range $key, $value := .Values.deployment.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "app.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: Helm
k8s-app: {{ include "app.name" . }}
{{- range $key, $value := .Values.deployment.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
serviceAccountName: {{ include "service-account.name" . }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- range .Values.image.pullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
securityContext:
runAsNonRoot: true
containers:
- command:
- /manager
args:
- --leader-elect
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: manager
ports:
- name: http
containerPort: {{ .Values.deployment.containerPort }}
- name: webhook-server
containerPort: 9443
resources:
{{- toYaml .Values.resources | nindent 10 }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /etc/webhook-cert
name: webhook-cert
readOnly: true
env:
- name: REGION
value: {{ .Values.awsRegion | quote }}
- name: AWS_ACCOUNT_ID
value: {{ .Values.awsAccountId | quote }}
- name: CLUSTER_VPC_ID
value: {{ .Values.clusterVpcId | quote }}
- name: CLUSTER_NAME
value: {{ .Values.clusterName | quote }}
- name: LATTICE_ENDPOINT
value: {{ .Values.latticeEndpoint | quote }}
- name: DEFAULT_SERVICE_NETWORK
value: {{ .Values.defaultServiceNetwork | quote }}
- name: LOG_LEVEL
value: {{ .Values.log.level | quote }}
- name: WEBHOOK_ENABLED
value: {{ .Values.webhookEnabled | quote }}
- name: DISABLE_TAGGING_SERVICE_API
value: {{ .Values.disableTaggingServiceApi | quote }}
- name: ROUTE_MAX_CONCURRENT_RECONCILES
value: {{ .Values.routeMaxConcurrentReconciles | quote }}
terminationGracePeriodSeconds: 10
volumes:
- name: webhook-cert
secret:
defaultMode: 420
secretName: webhook-cert
nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }}
{{ if .Values.deployment.tolerations -}}
tolerations: {{ toYaml .Values.deployment.tolerations | nindent 8 }}
{{ end -}}
{{ if .Values.deployment.affinity -}}
affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }}
{{ end -}}
{{ if .Values.deployment.priorityClassName -}}
priorityClassName: {{ .Values.deployment.priorityClassName }}
{{ end -}}
{{ if .Values.deployment.topologySpreadConstraints -}}
topologySpreadConstraints: {{ .Values.deployment.topologySpreadConstraints | toYaml | nindent 8 }}
{{ end -}}