{{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} apiVersion: v1 data: .dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password .Values.imagePullSecrets.email (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }} kind: Secret metadata: name: kubeslice-image-pull-secret namespace: kubeslice-system type: kubernetes.io/dockerconfigjson {{- end }} --- apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: kubeslice-operator namespace: kubeslice-system spec: replicas: 1 selector: matchLabels: control-plane: controller-manager spoke-cluster: {{ .Values.cluster.name }} template: metadata: annotations: kubectl.kubernetes.io/default-container: manager prometheus.io/port: "8080" prometheus.io/scrape: "true" labels: control-plane: controller-manager spoke-cluster: {{ .Values.cluster.name }} spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=:8080 - --leader-elect command: - /manager image: '{{ .Values.operator.image }}:{{ .Values.operator.tag }}' imagePullPolicy: '{{ .Values.operator.pullPolicy }}' env: - name: LOG_LEVEL value: {{ .Values.operator.logLevel }} - name: HUB_HOST_ENDPOINT valueFrom: secretKeyRef: name: kubeslice-hub key: endpoint - name: HUB_PROJECT_NAMESPACE valueFrom: secretKeyRef: name: kubeslice-hub key: namespace - name: CLUSTER_NAME value: {{ .Values.cluster.name }} - name: AVESHA_VL3_ROUTER_IMAGE value: "{{ .Values.router.image }}:{{ .Values.router.tag }}" - name: AVESHA_VL3_ROUTER_PULLPOLICY value: {{ .Values.router.pullPolicy }} - name: AVESHA_VL3_SIDECAR_IMAGE value: "{{ .Values.routerSidecar.image }}:{{ .Values.routerSidecar.tag }}" - name: AVESHA_VL3_SIDECAR_IMAGE_PULLPOLICY value: {{ .Values.routerSidecar.pullPolicy }} - name: CLUSTER_ENDPOINT value: "{{ .Values.cluster.endpoint }}" - name: AVESHA_GW_SIDECAR_IMAGE value: '{{ .Values.gateway.image }}:{{ .Values.gateway.tag }}' - name: AVESHA_GW_SIDECAR_IMAGE_PULLPOLICY value: '{{ .Values.gateway.pullPolicy }}' - name: AVESHA_OPENVPN_SERVER_IMAGE value: '{{ .Values.openvpn.server.image }}:{{ .Values.openvpn.server.tag }}' - name: AVESHA_OPENVPN_SERVER_PULLPOLICY value: '{{ .Values.openvpn.server.pullPolicy }}' - name: AVESHA_OPENVPN_CLIENT_IMAGE value: '{{ .Values.openvpn.client.image }}:{{ .Values.openvpn.client.tag }}' - name: AVESHA_OPENVPN_CLIENT_PULLPOLICY value: '{{ .Values.openvpn.client.pullPolicy }}' {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} - name: IMAGE_PULL_SECRET_NAME value: kubeslice-image-pull-secret {{- end }} livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false volumeMounts: - name: kubeslice-worker-event-schema-conf mountPath: /events/event-schema/ - mountPath: /var/run/secrets/kubernetes.io/hub-serviceaccount name: hub-secret readOnly: true - mountPath: /etc/webhook/certs name: webhook-certs readOnly: true serviceAccountName: kubeslice-controller-manager terminationGracePeriodSeconds: 10 volumes: - name: kubeslice-worker-event-schema-conf configMap: name: kubeslice-worker-event-schema-conf defaultMode: 420 - name: webhook-certs secret: secretName: kubeslice-admission-webhook-certs - name: hub-secret secret: defaultMode: 420 secretName: kubeslice-hub items: - key: "ca.crt" path: "ca.crt" - key: "token" path: "token" {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} imagePullSecrets: - name: kubeslice-image-pull-secret {{- end }} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: kubeslice.io/node-type operator: In values: - gateway --- apiVersion: v1 data: {{ if .Values.events.disabled }} worker.yaml: |- disabledEvents: - LicenseSecretNotFound {{ else }} worker.yaml: |- disabledEvents: - LicenseSecretNotFound {{ end }} kind: ConfigMap metadata: labels: name: event-schema name: kubeslice-worker-event-schema-conf namespace: kubeslice-system