mirror of https://git.rancher.io/charts
57 lines
2.0 KiB
YAML
57 lines
2.0 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: cis-operator
|
|
namespace: {{ template "cis.namespace" . }}
|
|
labels:
|
|
cis.cattle.io/operator: cis-operator
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
cis.cattle.io/operator: cis-operator
|
|
template:
|
|
metadata:
|
|
labels:
|
|
cis.cattle.io/operator: cis-operator
|
|
spec:
|
|
serviceAccountName: cis-operator-serviceaccount
|
|
containers:
|
|
- name: cis-operator
|
|
image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
|
|
imagePullPolicy: Always
|
|
ports:
|
|
- name: cismetrics
|
|
containerPort: {{ .Values.alerts.metricsPort }}
|
|
env:
|
|
- name: SECURITY_SCAN_IMAGE
|
|
value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
|
|
- name: SECURITY_SCAN_IMAGE_TAG
|
|
value: {{ .Values.image.securityScan.tag }}
|
|
- name: SONOBUOY_IMAGE
|
|
value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
|
|
- name: SONOBUOY_IMAGE_TAG
|
|
value: {{ .Values.image.sonobuoy.tag }}
|
|
- name: CIS_ALERTS_METRICS_PORT
|
|
value: '{{ .Values.alerts.metricsPort }}'
|
|
- name: CIS_ALERTS_SEVERITY
|
|
value: {{ .Values.alerts.severity }}
|
|
- name: CIS_ALERTS_ENABLED
|
|
value: {{ .Values.alerts.enabled | default "false" | quote }}
|
|
- name: CLUSTER_NAME
|
|
value: {{ .Values.global.cattle.clusterName }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
nodeSelector:
|
|
kubernetes.io/os: linux
|
|
{{- with .Values.nodeSelector }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
tolerations:
|
|
{{- include "linux_node_tolerations" . | nindent 8}}
|
|
{{- with .Values.tolerations }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }} |