apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "appmesh-inject.fullname" . }} labels: {{ include "appmesh-inject.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "appmesh-inject.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "appmesh-inject.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: appmesh annotations: prometheus.io/scrape: "false" {{- with .Values.podAnnotations }} {{ toYaml . | indent 8 }} {{- end }} spec: serviceAccountName: {{ template "appmesh-inject.serviceAccountName" . }} volumes: - name: certs secret: secretName: {{ template "appmesh-inject.fullname" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: certs mountPath: /etc/webhook/certs readOnly: true env: - name: APPMESH_NAME value: {{ .Values.mesh.name }} - name: APPMESH_LOG_LEVEL value: {{ .Values.sidecar.logLevel }} command: - ./appmeshinject - -sidecar-image={{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }} - -sidecar-cpu-requests={{ .Values.sidecar.resources.requests.cpu }} - -sidecar-memory-requests={{ .Values.sidecar.resources.requests.memory }} - -init-image={{ .Values.init.image.repository }}:{{ .Values.init.image.tag }} - -enable-stats-tags={{ .Values.stats.tagsEnabled }} - -enable-statsd={{ .Values.stats.statsdEnabled }} {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "x-ray" ) }} - -inject-xray-sidecar=true {{- end }} {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "jaeger" ) }} - -enable-jaeger-tracing=true - -jaeger-address={{ .Values.tracing.address }} - -jaeger-port={{ .Values.tracing.port }} {{- end }} {{- if and .Values.tracing.enabled ( eq .Values.tracing.provider "datadog" ) }} - -enable-datadog-tracing=true - -datadog-address={{ .Values.tracing.address }} - -datadog-port={{ .Values.tracing.port }} {{- end }} {{- if .Values.region }} - -region={{ .Values.region }} {{- end }} ports: - name: https containerPort: 8080 protocol: TCP readinessProbe: httpGet: path: /healthz port: https scheme: HTTPS livenessProbe: httpGet: path: /healthz port: https scheme: HTTPS securityContext: readOnlyRootFilesystem: true resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }}