{{- if eq (include "aggregator.deployMethod" .) "statefulset" }} {{/* A cloud integration secret is required for cloud cost to function as a dedicated pod. UI based configuration is not supported for cloud cost with aggregator. */}} {{- if ((.Values.kubecostAggregator).cloudCost).enabled }} {{- if not ( or (.Values.kubecostProductConfigs).cloudIntegrationSecret (.Values.kubecostProductConfigs).cloudIntegrationJSON ((.Values.kubecostProductConfigs).athenaBucketName)) }} {{- fail "\n\nA cloud-integration secret is required when using the aggregator statefulset and cloudCost is enabled." }} {{- end }} {{- end }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "cloudCost.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{ include "cloudCost.commonLabels" . | nindent 4 }} {{- with .Values.global.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: replicas: 1 selector: matchLabels: {{ include "cloudCost.selectorLabels" . | nindent 6 }} strategy: type: Recreate template: metadata: labels: {{/* Force pod restarts on upgrades to ensure the nginx config is current */}} {{- if not .Values.global.platforms.cicd.enabled }} helm-rollout-restarter: {{ randAlphaNum 5 | quote }} {{- end }} app.kubernetes.io/name: cloud-cost app.kubernetes.io/instance: {{ .Release.Name }} app: cloud-cost {{- with .Values.global.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.global.podAnnotations}} annotations: {{- toYaml . | nindent 8 }} {{- end }} spec: {{- if .Values.global.platforms.openshift.enabled }} securityContext: {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }} {{- else if .Values.global.securityContext }} securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} {{- else }} securityContext: runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 {{- end }} restartPolicy: Always serviceAccountName: {{ template "cloudCost.serviceAccountName" . }} volumes: {{- if .Values.kubecostModel.etlBucketConfigSecret }} - name: etl-bucket-config secret: defaultMode: 420 secretName: {{ .Values.kubecostModel.etlBucketConfigSecret }} {{- end }} {{- if .Values.kubecostModel.federatedStorageConfigSecret }} - name: federated-storage-config secret: defaultMode: 420 secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret }} {{- end }} {{- if (.Values.kubecostProductConfigs).cloudIntegrationSecret }} - name: cloud-integration secret: secretName: {{ .Values.kubecostProductConfigs.cloudIntegrationSecret }} items: - key: cloud-integration.json path: cloud-integration.json {{- else if or (.Values.kubecostProductConfigs).cloudIntegrationJSON ((.Values.kubecostProductConfigs).athenaProjectID) }} - name: cloud-integration secret: secretName: cloud-integration items: - key: cloud-integration.json path: cloud-integration.json {{- end }} {{/* Despite the name, this is not persistent-configs. The name is for compatibility with single-pod install. All data stored here is ephemeral, and does not require persistence. */}} - name: persistent-configs emptyDir: {} {{- if .Values.kubecostModel.plugins.enabled }} {{- if .Values.kubecostModel.plugins.install.enabled}} - name: install-script configMap: name: {{ template "cost-analyzer.fullname" . }}-install-plugins {{- end }} - name: plugins-dir emptyDir: {} {{- if and (not .Values.kubecostModel.plugins.existingCustomSecret.enabled) .Values.kubecostModel.plugins.secretName }} - name: plugins-config secret: secretName: {{ .Values.kubecostModel.plugins.secretName }} items: - key: datadog_config.json path: datadog_config.json {{- end }} {{- if .Values.kubecostModel.plugins.existingCustomSecret.enabled }} - name: plugins-config secret: secretName: {{ .Values.kubecostModel.plugins.existingCustomSecret.name }} items: - key: datadog_config.json path: datadog_config.json {{- end }} - name: tmp emptyDir: {} {{- end }} {{- if .Values.kubecostAggregator.cloudCost.extraVolumes }} {{- toYaml .Values.kubecostAggregator.cloudCost.extraVolumes | nindent 8 }} {{- end }} initContainers: {{- if (and .Values.kubecostModel.plugins.enabled .Values.kubecostModel.plugins.install.enabled )}} - name: plugin-installer image: {{ .Values.kubecostModel.plugins.install.fullImageName }} command: ["sh", "/install/install_plugins.sh"] {{- with .Values.kubecostModel.plugins.install.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: install-script mountPath: /install - name: plugins-dir mountPath: {{ .Values.kubecostModel.plugins.folder }} {{- end }} containers: {{- include "aggregator.cloudCost.containerTemplate" . | nindent 8 }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} {{- end }} {{- if .Values.kubecostAggregator.priority }} {{- if .Values.kubecostAggregator.priority.enabled }} {{- if .Values.kubecostAggregator.priority.name }} priorityClassName: {{ .Values.kubecostAggregator.priority.name }} {{- else }} priorityClassName: {{ template "cost-analyzer.fullname" . }}-aggregator-priority {{- end }} {{- end }} {{- end }} {{- with .Values.kubecostAggregator.cloudCost.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.kubecostAggregator.cloudCost.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.kubecostAggregator.cloudCost.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- end }}