rancher-charts/charts/rancher-provisioning-capi/100.0.0+up0.0.1/templates/deployment-capi-controller-...

107 lines
3.2 KiB
YAML

apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
control-plane: controller-manager
name: capi-controller-manager
namespace: "{{ .Release.Namespace }}"
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: cluster-api
control-plane: controller-manager
template:
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
control-plane: controller-manager
spec:
containers:
- command:
- /manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- if .Values.extraEnv }}
{{ toYaml .Values.extraEnv | indent 12 }}
{{- end }}
imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsGroup: 65532
runAsUser: 65532
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
args:
- --leader-elect
{{ toYaml .Values.args | indent 12 }}
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: capi-manager
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
secretName: capi-webhook-service-cert
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
{{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 6 }}
{{- else }}
- effect: NoSchedule
key: node-role.kubernetes.io/controlplane
value: "true"
- effect: NoSchedule
key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
- effect: NoSchedule
key: "node-role.kubernetes.io/master"
operator: "Exists"
- effect: "NoExecute"
key: "node-role.kubernetes.io/etcd"
operator: "Exists"
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{.Values.priorityClassName}}"
{{- end }}