apiVersion: apps/v1 kind: Deployment metadata: name: fleet-agent spec: selector: matchLabels: app: fleet-agent template: metadata: labels: app: fleet-agent spec: containers: - env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}' name: fleet-agent command: - fleetagent {{- if .Values.debug }} - --debug - --debug-level - {{ quote .Values.debugLevel }} {{- else }} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true {{- end }} serviceAccountName: fleet-agent nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} {{- if .Values.fleetAgent.nodeSelector }} {{ toYaml .Values.fleetAgent.nodeSelector | indent 8 }} {{- end }} tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} {{- if .Values.fleetAgent.tolerations }} {{ toYaml .Values.fleetAgent.tolerations | indent 8 }} {{- end }} {{- if not .Values.debug }} securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 {{- end }}