apiVersion: apps/v1 kind: Deployment metadata: labels: app: {{ template "k8s-prometheus-adapter.name" . }} chart: {{ template "k8s-prometheus-adapter.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} name: {{ template "k8s-prometheus-adapter.fullname" . }} namespace: {{ .Release.Namespace }} spec: replicas: {{ .Values.replicas }} selector: matchLabels: app: {{ template "k8s-prometheus-adapter.name" . }} release: {{ .Release.Name }} template: metadata: labels: app: {{ template "k8s-prometheus-adapter.name" . }} chart: {{ template "k8s-prometheus-adapter.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- with .Values.podLabels }} {{- toYaml . | trim | nindent 8 }} {{- end }} name: {{ template "k8s-prometheus-adapter.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | trim | nindent 8 }} {{- end }} spec: serviceAccountName: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} {{- if .Values.hostNetwork.enabled }} hostNetwork: true {{- end }} {{- if .Values.dnsPolicy }} dnsPolicy: {{ .Values.dnsPolicy }} {{- end}} containers: - name: {{ .Chart.Name }} image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - /adapter - --secure-port={{ .Values.listenPort }} {{- if or .Values.tls.enable .Values.certManager.enabled }} - --tls-cert-file=/var/run/serving-cert/tls.crt - --tls-private-key-file=/var/run/serving-cert/tls.key {{- end }} - --cert-dir=/tmp/cert - --logtostderr=true - --prometheus-url={{ tpl .Values.prometheus.url . }}{{ if .Values.prometheus.port }}:{{ .Values.prometheus.port }}{{end}}{{ .Values.prometheus.path }} - --metrics-relist-interval={{ .Values.metricsRelistInterval }} - --v={{ .Values.logLevel }} - --config=/etc/adapter/config.yaml {{- if .Values.extraArguments }} {{- toYaml .Values.extraArguments | trim | nindent 8 }} {{- end }} ports: - containerPort: {{ .Values.listenPort }} name: https livenessProbe: httpGet: path: /healthz port: https scheme: HTTPS initialDelaySeconds: 30 readinessProbe: httpGet: path: /healthz port: https scheme: HTTPS initialDelaySeconds: 30 {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 10 }} {{- end }} {{- with .Values.dnsConfig }} dnsConfig: {{ toYaml . | indent 8 }} {{- end }} securityContext: allowPrivilegeEscalation: false capabilities: drop: ["all"] readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 volumeMounts: {{- if .Values.extraVolumeMounts }} {{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }} {{ end }} - mountPath: /etc/adapter/ name: config readOnly: true - mountPath: /tmp name: tmp {{- if or .Values.tls.enable .Values.certManager.enabled }} - mountPath: /var/run/serving-cert name: volume-serving-cert readOnly: true {{- end }} nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} {{- if .Values.nodeSelector }} {{- toYaml .Values.nodeSelector | nindent 8 }} {{- end }} affinity: {{- toYaml .Values.affinity | nindent 8 }} priorityClassName: {{ .Values.priorityClassName }} tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} {{- if .Values.tolerations }} {{- toYaml .Values.tolerations | nindent 8 }} {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} - name: {{ . }} {{- end }} {{- end }} volumes: {{- if .Values.extraVolumes }} {{ toYaml .Values.extraVolumes | trim | nindent 6 }} {{ end }} - name: config configMap: name: {{ .Values.rules.existing | default (include "k8s-prometheus-adapter.fullname" . ) }} - name: tmp emptyDir: {} {{- if or .Values.tls.enable .Values.certManager.enabled }} - name: volume-serving-cert secret: secretName: {{ template "k8s-prometheus-adapter.fullname" . }} {{- end }}