apiVersion: apps/v1 kind: Deployment metadata: name: fleet-controller spec: selector: matchLabels: app: fleet-controller template: metadata: labels: app: fleet-controller spec: containers: - env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: FLEET_PROPAGATE_DEBUG_SETTINGS_TO_AGENTS value: {{ quote .Values.propagateDebugSettingsToAgents }} {{- if .Values.clusterEnqueueDelay }} - name: FLEET_CLUSTER_ENQUEUE_DELAY value: {{ .Values.clusterEnqueueDelay }} {{- end }} {{- if .Values.proxy }} - name: HTTP_PROXY value: {{ .Values.proxy }} - name: HTTPS_PROXY value: {{ .Values.proxy }} - name: NO_PROXY value: {{ .Values.noProxy }} {{- end }} {{- if .Values.cpuPprof }} - name: FLEET_CPU_PPROF_DIR value: /tmp/pprof/ {{- end }} {{- if .Values.cpuPprof }} - name: FLEET_CPU_PPROF_PERIOD value: {{ quote .Values.cpuPprof.period }} {{- end }} {{- if .Values.debug }} - name: CATTLE_DEV_MODE value: "true" {{- end }} image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' name: fleet-controller imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" command: - fleetcontroller {{- if not .Values.gitops.enabled }} - --disable-gitops {{- end }} {{- if not .Values.bootstrap.enabled }} - --disable-bootstrap {{- end }} {{- if .Values.debug }} - --debug - --debug-level - {{ quote .Values.debugLevel }} {{- else }} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true privileged: false capabilities: drop: - ALL {{- end }} volumeMounts: - mountPath: /tmp name: tmp {{- if .Values.cpuPprof }} - mountPath: /tmp/pprof name: pprof {{- end }} volumes: - name: tmp emptyDir: {} {{- if .Values.cpuPprof }} - name: pprof {{ toYaml .Values.cpuPprof.volumeConfiguration | nindent 10 }} {{- end }} serviceAccountName: fleet-controller nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} {{- if .Values.nodeSelector }} {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} {{- if .Values.tolerations }} {{ toYaml .Values.tolerations | indent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: "{{.Values.priorityClassName}}" {{- end }} {{- if not .Values.debug }} securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 {{- end }}