apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "karpenter.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "karpenter.labels" . | nindent 4 }} {{- with .Values.additionalAnnotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: replicas: {{ .Values.replicas }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- with .Values.strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: {{- include "karpenter.selectorLabels" . | nindent 6 }} template: metadata: labels: {{- include "karpenter.selectorLabels" . | nindent 8 }} {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} automountServiceAccountToken: true serviceAccountName: {{ include "karpenter.serviceAccountName" . }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} {{- with .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ . }} {{- end }} {{- with .Values.dnsPolicy }} dnsPolicy: {{ . }} {{- end }} {{- with .Values.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8}} {{- end }} {{- if .Values.hostNetwork }} hostNetwork: true {{- end }} {{- with .Values.schedulerName }} schedulerName: {{ . | quote }} {{- end }} containers: - name: {{ include "karpenter.controller.containerName" . }} securityContext: privileged: false allowPrivilegeEscalation: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 65532 runAsGroup: 65532 capabilities: drop: - ALL {{- with .Values.controller.securityContext }} {{- with .appArmorProfile }} appArmorProfile: {{- toYaml . | nindent 14}} {{- end }} {{- with .seLinuxOptions }} seLinuxOptions: {{- toYaml . | nindent 14}} {{- end }} {{- with .seccompProfile }} seccompProfile: {{- toYaml . | nindent 14}} {{- end }} {{- end }} image: {{ include "karpenter.controller.image" . }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: - name: KUBERNETES_MIN_VERSION value: "1.19.0-0" - name: KARPENTER_SERVICE value: {{ include "karpenter.fullname" . }} {{- with .Values.logLevel }} - name: LOG_LEVEL value: "{{ . }}" {{- end }} {{- with .Values.logOutputPaths }} - name: LOG_OUTPUT_PATHS value: "{{ join "," . }}" {{- end }} {{- with .Values.logErrorOutputPaths }} - name: LOG_ERROR_OUTPUT_PATHS value: "{{ join "," . }}" {{- end }} - name: METRICS_PORT value: "{{ .Values.controller.metrics.port }}" - name: HEALTH_PROBE_PORT value: "{{ .Values.controller.healthProbe.port }}" - name: SYSTEM_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: MEMORY_LIMIT valueFrom: resourceFieldRef: containerName: {{ include "karpenter.controller.containerName" . }} divisor: "0" resource: limits.memory - name: FEATURE_GATES value: "ReservedCapacity={{ .Values.settings.featureGates.reservedCapacity }},SpotToSpotConsolidation={{ .Values.settings.featureGates.spotToSpotConsolidation }},NodeRepair={{ .Values.settings.featureGates.nodeRepair }}" {{- with .Values.settings.batchMaxDuration }} - name: BATCH_MAX_DURATION value: "{{ tpl (toString .) $ }}" {{- end }} {{- with .Values.settings.batchIdleDuration }} - name: BATCH_IDLE_DURATION value: "{{ tpl (toString .) $ }}" {{- end }} {{- with .Values.settings.preferencePolicy }} - name: PREFERENCE_POLICY value: "{{ . }}" {{- end }} {{- with .Values.settings.clusterCABundle }} - name: CLUSTER_CA_BUNDLE value: "{{ tpl (toString .) $ }}" {{- end }} - name: CLUSTER_NAME value: "{{ required "Chart cannot be installed without a valid settings.clusterName!" (tpl .Values.settings.clusterName .) }}" {{- with .Values.settings.clusterEndpoint }} - name: CLUSTER_ENDPOINT value: "{{ tpl (toString .) $ }}" {{- end }} {{- with .Values.settings.isolatedVPC }} - name: ISOLATED_VPC value: "{{ tpl (toString .) $ }}" {{- end }} {{- with .Values.settings.eksControlPlane }} - name: EKS_CONTROL_PLANE value: "{{ tpl (toString .) $ }}" {{- end }} {{- with .Values.settings.vmMemoryOverheadPercent }} - name: VM_MEMORY_OVERHEAD_PERCENT value: "{{ tpl (toString .) $ }}" {{- end }} {{- with .Values.settings.interruptionQueue }} - name: INTERRUPTION_QUEUE value: "{{ tpl (toString .) $ }}" {{- end }} {{- with .Values.settings.reservedENIs }} - name: RESERVED_ENIS value: "{{ tpl (toString .) $ }}" {{- end }} {{- with .Values.controller.env }} {{- toYaml . | nindent 12 }} {{- end }} {{- with .Values.controller.envFrom }} envFrom: {{- toYaml . | nindent 12 }} {{- end }} ports: - name: http-metrics containerPort: {{ .Values.controller.metrics.port }} protocol: TCP - name: http containerPort: {{ .Values.controller.healthProbe.port }} protocol: TCP livenessProbe: initialDelaySeconds: 30 timeoutSeconds: 30 httpGet: path: /healthz port: http readinessProbe: initialDelaySeconds: 5 timeoutSeconds: 30 httpGet: path: /readyz port: http {{- with .Values.controller.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} {{- if .Values.controller.extraVolumeMounts }} volumeMounts: {{- with .Values.controller.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} {{- range .Values.controller.sidecarContainer }} - {{- toYaml . | nindent 10 }} {{- if or $.Values.controller.extraVolumeMounts $.Values.controller.sidecarVolumeMounts }} volumeMounts: {{- with $.Values.controller.extraVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} {{- with $.Values.controller.sidecarVolumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} {{- end }} {{- with .Values.initContainers }} initContainers: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} # The template below patches the .Values.affinity to add a default label selector where not specificed {{- $_ := include "karpenter.patchAffinity" $ }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.topologySpreadConstraints }} # The template below patches the .Values.topologySpreadConstraints to add a default label selector where not specificed {{- $_ := include "karpenter.patchTopologySpreadConstraints" $ }} topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.extraVolumes }} volumes: {{- with .Values.extraVolumes }} {{- toYaml . | nindent 8 }} {{- end }} {{- end }}