apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "storageos.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "storageos.name" . }}
    app.kubernetes.io/component: operator
    control-plane: controller-manager
    chart: {{ template "storageos.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: {{ template "storageos.name" . }}
      app.kubernetes.io/component: operator
      control-plane: controller-manager
      release: {{ .Release.Name }}
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/default-container: manager
      labels:
        app: {{ template "storageos.name" . }}
        app.kubernetes.io/component: operator
        control-plane: controller-manager
        release: {{ .Release.Name }}
    spec:
      {{- with .Values.images.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
      - args:
        - --config=operator_config.yaml
        command:
        - /manager
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: DISABLE_CONFIG_WATCH
        envFrom:
        - configMapRef:
            name: storageos-related-images
        image: "{{ .Values.images.operator.registry}}/{{ .Values.images.operator.image }}:{{ .Values.images.operator.tag }}"
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8081
          initialDelaySeconds: 15
          periodSeconds: 20
        name: manager
        readinessProbe:
          httpGet:
            path: /readyz
            port: 8081
          initialDelaySeconds: 5
          periodSeconds: 10
        resources:
          limits:
            cpu: 250m
          requests:
            cpu: 10m
            memory: 600Mi
        securityContext:
          allowPrivilegeEscalation: false
        volumeMounts:
        - mountPath: /operator_config.yaml
          name: storageos-operator
          subPath: operator_config.yaml
      - args:
        - --secure-listen-address=0.0.0.0:8443
        - --upstream=http://127.0.0.1:8080/
        - --logtostderr=true
        - --v=10
        image: "{{ .Values.images.kubeRbacProxy.registry}}/{{ .Values.images.kubeRbacProxy.image }}:{{ .Values.images.kubeRbacProxy.tag }}"
        name: kube-rbac-proxy
        ports:
        - containerPort: 8443
          name: https
      securityContext:
        runAsUser: 65532
      serviceAccountName: storageos-operator
      terminationGracePeriodSeconds: 10
      topologySpreadConstraints:
      - labelSelector:
          matchLabels:
            app.kubernetes.io/component: operator
            app: {{ template "storageos.name" . }}
        maxSkew: 1
        topologyKey: kubernetes.io/hostname
        whenUnsatisfiable: ScheduleAnyway
      volumes:
      - configMap:
          name: storageos-operator
        name: storageos-operator