helm/templates/deployment.yaml (120 lines of code) (raw):

apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "app.fullname" . }} namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} k8s-app: {{ include "app.name" . }} helm.sh/chart: {{ include "chart.name-version" . }} control-plane: controller spec: replicas: {{ .Values.deployment.replicas }} selector: matchLabels: app.kubernetes.io/name: {{ include "app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: annotations: {{- range $key, $value := .Values.deployment.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} labels: app.kubernetes.io/name: {{ include "app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: Helm k8s-app: {{ include "app.name" . }} {{- range $key, $value := .Values.deployment.labels }} {{ $key }}: {{ $value | quote }} {{- end }} spec: serviceAccountName: {{ include "service-account.name" . }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} - name: {{ . }} {{- end }} {{- end }} securityContext: runAsNonRoot: true containers: - command: - /manager args: - --leader-elect image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} name: manager ports: - name: http containerPort: {{ .Values.deployment.containerPort }} - name: webhook-server containerPort: 9443 resources: {{- toYaml .Values.resources | nindent 10 }} livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/webhook-cert name: webhook-cert readOnly: true env: - name: REGION value: {{ .Values.awsRegion | quote }} - name: AWS_ACCOUNT_ID value: {{ .Values.awsAccountId | quote }} - name: CLUSTER_VPC_ID value: {{ .Values.clusterVpcId | quote }} - name: CLUSTER_NAME value: {{ .Values.clusterName | quote }} - name: LATTICE_ENDPOINT value: {{ .Values.latticeEndpoint | quote }} - name: DEFAULT_SERVICE_NETWORK value: {{ .Values.defaultServiceNetwork | quote }} - name: LOG_LEVEL value: {{ .Values.log.level | quote }} - name: WEBHOOK_ENABLED value: {{ .Values.webhookEnabled | quote }} - name: DISABLE_TAGGING_SERVICE_API value: {{ .Values.disableTaggingServiceApi | quote }} - name: ROUTE_MAX_CONCURRENT_RECONCILES value: {{ .Values.routeMaxConcurrentReconciles | quote }} terminationGracePeriodSeconds: 10 volumes: - name: webhook-cert secret: defaultMode: 420 secretName: webhook-cert nodeSelector: {{ toYaml .Values.deployment.nodeSelector | nindent 8 }} {{ if .Values.deployment.tolerations -}} tolerations: {{ toYaml .Values.deployment.tolerations | nindent 8 }} {{ end -}} {{ if .Values.deployment.affinity -}} affinity: {{ toYaml .Values.deployment.affinity | nindent 8 }} {{ end -}} {{ if .Values.deployment.priorityClassName -}} priorityClassName: {{ .Values.deployment.priorityClassName }} {{ end -}} {{ if .Values.deployment.topologySpreadConstraints -}} topologySpreadConstraints: {{ .Values.deployment.topologySpreadConstraints | toYaml | nindent 8 }} {{ end -}}