rancher-charts/charts/rancher-monitoring/9.4.200/templates/prometheus-operator/deployment.yaml

{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
{{- if .Values.prometheusOperator.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "kube-prometheus-stack.fullname" . }}-operator
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
  labels:
    app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: {{ template "kube-prometheus-stack.name" . }}-operator
      release: {{ $.Release.Name | quote }}
  template:
    metadata:
      labels:
        app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 8 }}
{{- if .Values.prometheusOperator.podLabels }}
{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.podAnnotations }}
      annotations:
{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }}
{{- end }}
    spec:
    {{- if .Values.prometheusOperator.priorityClassName }}
      priorityClassName: {{ .Values.prometheusOperator.priorityClassName }}
    {{- end }}
      containers:
        - name: {{ template "kube-prometheus-stack.name" . }}
          {{- if .Values.prometheusOperator.image.sha }}
          image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}@sha256:{{ .Values.prometheusOperator.image.sha }}"
          {{- else }}
          image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}"
          {{- end }}
          imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}"
          args:
          {{- if semverCompare "< v0.39.0" .Values.prometheusOperator.image.tag }}
            - --manage-crds={{ .Values.prometheusOperator.manageCrds }}
          {{- end }}
          {{- if .Values.prometheusOperator.kubeletService.enabled }}
            - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ template "kube-prometheus-stack.fullname" . }}-kubelet
          {{- end }}
          {{- if .Values.prometheusOperator.logFormat }}
            - --log-format={{ .Values.prometheusOperator.logFormat }}
          {{- end }}
          {{- if .Values.prometheusOperator.logLevel }}
            - --log-level={{ .Values.prometheusOperator.logLevel }}
          {{- end }}
          {{- if .Values.prometheusOperator.denyNamespaces }}
            - --deny-namespaces={{ .Values.prometheusOperator.denyNamespaces | join "," }}
          {{- end }}
          {{- with $.Values.prometheusOperator.namespaces }}
          {{ $ns := .additional }}
          {{- if .releaseNamespace }}
          {{- $ns = append $ns $namespace }}
          {{- end }}
            - --namespaces={{ $ns | join "," }}
          {{- end }}
            - --logtostderr=true
            - --localhost=127.0.0.1
            {{- if .Values.prometheusOperator.prometheusConfigReloaderImage.sha }}
            - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.sha }}
            {{- else }}
            - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}
            {{- end }}
            {{- if .Values.prometheusOperator.configmapReloadImage.sha }}
            - --config-reloader-image={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.configmapReloadImage.repository }}:{{ .Values.prometheusOperator.configmapReloadImage.tag }}@sha256:{{ .Values.prometheusOperator.configmapReloadImage.sha }}
            {{- else }}
            - --config-reloader-image={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.configmapReloadImage.repository }}:{{ .Values.prometheusOperator.configmapReloadImage.tag }}
            {{- end }}
            - --config-reloader-cpu={{ .Values.prometheusOperator.configReloaderCpu }}
            - --config-reloader-memory={{ .Values.prometheusOperator.configReloaderMemory }}
            {{- if .Values.prometheusOperator.secretFieldSelector }}
            - --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }}
            {{- end }}
          ports:
            - containerPort: 8080
              name: http
          resources:
{{ toYaml .Values.prometheusOperator.resources | indent 12 }}
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
        {{- if .Values.prometheusOperator.tlsProxy.enabled }}
        - name: tls-proxy
          {{- if .Values.prometheusOperator.tlsProxy.image.sha }}
          image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.tlsProxy.image.repository }}:{{ .Values.prometheusOperator.tlsProxy.image.tag }}@sha256:{{ .Values.prometheusOperator.tlsProxy.image.sha }}
          {{- else }}
          image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.tlsProxy.image.repository }}:{{ .Values.prometheusOperator.tlsProxy.image.tag }}
          {{- end }}
          imagePullPolicy: {{ .Values.prometheusOperator.tlsProxy.image.pullPolicy }}
          args:
            - server
            - --listen=:8443
            - --target=127.0.0.1:8080
            - --key=cert/key
            - --cert=cert/cert
            - --disable-authentication
          resources:
{{ toYaml .Values.prometheusOperator.tlsProxy.resources | indent 12 }}
          volumeMounts:
          - name: tls-proxy-secret
            mountPath: /cert
            readOnly: true
          ports:
            - containerPort: 8443
              name: https
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
        {{- end }}
{{- if .Values.prometheusOperator.tlsProxy.enabled }}
      volumes:
        - name: tls-proxy-secret
          secret:
            defaultMode: 420
            secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- end }}
{{- if .Values.prometheusOperator.securityContext }}
      securityContext:
{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }}
{{- end }}
      serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
{{- if .Values.prometheusOperator.hostNetwork }}
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
{{- end }}
    {{- with .Values.prometheusOperator.nodeSelector }}
      nodeSelector:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.prometheusOperator.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.prometheusOperator.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
    {{- end }}
{{- end }}