{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} {{- if .Values.prometheusOperator.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kube-prometheus-stack.fullname" . }}-operator namespace: {{ template "kube-prometheus-stack.namespace" . }} labels: app: {{ template "kube-prometheus-stack.name" . }}-operator {{ include "kube-prometheus-stack.labels" . | indent 4 }} spec: replicas: 1 selector: matchLabels: app: {{ template "kube-prometheus-stack.name" . }}-operator release: {{ $.Release.Name | quote }} template: metadata: labels: app: {{ template "kube-prometheus-stack.name" . }}-operator {{ include "kube-prometheus-stack.labels" . | indent 8 }} {{- if .Values.prometheusOperator.podLabels }} {{ toYaml .Values.prometheusOperator.podLabels | indent 8 }} {{- end }} {{- if .Values.prometheusOperator.podAnnotations }} annotations: {{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }} {{- end }} spec: {{- if .Values.prometheusOperator.priorityClassName }} priorityClassName: {{ .Values.prometheusOperator.priorityClassName }} {{- end }} containers: - name: {{ template "kube-prometheus-stack.name" . }} {{- if .Values.prometheusOperator.image.sha }} image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}@sha256:{{ .Values.prometheusOperator.image.sha }}" {{- else }} image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}" {{- end }} imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}" args: {{- if semverCompare "< v0.39.0" .Values.prometheusOperator.image.tag }} - --manage-crds={{ .Values.prometheusOperator.manageCrds }} {{- end }} {{- if .Values.prometheusOperator.kubeletService.enabled }} - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ template "kube-prometheus-stack.fullname" . }}-kubelet {{- end }} {{- if .Values.prometheusOperator.logFormat }} - --log-format={{ .Values.prometheusOperator.logFormat }} {{- end }} {{- if .Values.prometheusOperator.logLevel }} - --log-level={{ .Values.prometheusOperator.logLevel }} {{- end }} {{- if .Values.prometheusOperator.denyNamespaces }} - --deny-namespaces={{ .Values.prometheusOperator.denyNamespaces | join "," }} {{- end }} {{- with $.Values.prometheusOperator.namespaces }} {{ $ns := .additional }} {{- if .releaseNamespace }} {{- $ns = append $ns $namespace }} {{- end }} - --namespaces={{ $ns | join "," }} {{- end }} - --logtostderr=true - --localhost=127.0.0.1 {{- if .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.sha }} {{- else }} - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }} {{- end }} {{- if .Values.prometheusOperator.configmapReloadImage.sha }} - --config-reloader-image={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.configmapReloadImage.repository }}:{{ .Values.prometheusOperator.configmapReloadImage.tag }}@sha256:{{ .Values.prometheusOperator.configmapReloadImage.sha }} {{- else }} - --config-reloader-image={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.configmapReloadImage.repository }}:{{ .Values.prometheusOperator.configmapReloadImage.tag }} {{- end }} - --config-reloader-cpu={{ .Values.prometheusOperator.configReloaderCpu }} - --config-reloader-memory={{ .Values.prometheusOperator.configReloaderMemory }} {{- if .Values.prometheusOperator.secretFieldSelector }} - --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }} {{- end }} ports: - containerPort: 8080 name: http resources: {{ toYaml .Values.prometheusOperator.resources | indent 12 }} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true {{- if .Values.prometheusOperator.tlsProxy.enabled }} - name: tls-proxy {{- if .Values.prometheusOperator.tlsProxy.image.sha }} image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.tlsProxy.image.repository }}:{{ .Values.prometheusOperator.tlsProxy.image.tag }}@sha256:{{ .Values.prometheusOperator.tlsProxy.image.sha }} {{- else }} image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.tlsProxy.image.repository }}:{{ .Values.prometheusOperator.tlsProxy.image.tag }} {{- end }} imagePullPolicy: {{ .Values.prometheusOperator.tlsProxy.image.pullPolicy }} args: - server - --listen=:8443 - --target=127.0.0.1:8080 - --key=cert/key - --cert=cert/cert - --disable-authentication resources: {{ toYaml .Values.prometheusOperator.tlsProxy.resources | indent 12 }} volumeMounts: - name: tls-proxy-secret mountPath: /cert readOnly: true ports: - containerPort: 8443 name: https securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true {{- end }} {{- if .Values.prometheusOperator.tlsProxy.enabled }} volumes: - name: tls-proxy-secret secret: defaultMode: 420 secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission {{- end }} {{- if .Values.prometheusOperator.securityContext }} securityContext: {{ toYaml .Values.prometheusOperator.securityContext | indent 8 }} {{- end }} serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} {{- if .Values.prometheusOperator.hostNetwork }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet {{- end }} {{- with .Values.prometheusOperator.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.prometheusOperator.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.prometheusOperator.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} {{- end }}