{{- if and (not .Values.agent) (not .Values.cloudAgent) }} {{- if eq (include "aggregator.deployMethod" .) "statefulset" }} apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ template "aggregator.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "aggregator.commonLabels" . | nindent 4 }} {{- with .Values.global.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: replicas: {{ .Values.kubecostAggregator.replicas }} serviceName: {{ template "aggregator.serviceName" . }} selector: matchLabels: {{- include "aggregator.selectorLabels" . | nindent 6 }} volumeClaimTemplates: - metadata: name: aggregator-db-storage spec: accessModes: [ "ReadWriteOnce" ] storageClassName: {{ .Values.kubecostAggregator.aggregatorDbStorage.storageClass }} resources: requests: storage: {{ .Values.kubecostAggregator.aggregatorDbStorage.storageRequest }} - metadata: # In the StatefulSet config, Aggregator should not share any filesystem # state with the cost-model to maintain independence and improve # stability (in the event of bad file-locking state). Still, there is # a need to "mount" ConfigMap files (using the watcher) to a file system; # that's what this per-replica Volume is used for. name: persistent-configs spec: accessModes: [ "ReadWriteOnce" ] storageClassName: {{ .Values.kubecostAggregator.persistentConfigsStorage.storageClass }} resources: requests: storage: {{ .Values.kubecostAggregator.persistentConfigsStorage.storageRequest }} template: metadata: labels: app.kubernetes.io/name: aggregator app.kubernetes.io/instance: {{ .Release.Name }} app: aggregator {{- with .Values.global.additionalLabels }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.global.podAnnotations}} annotations: {{- toYaml . | nindent 8 }} {{- end }} spec: restartPolicy: Always {{- if .Values.kubecostAggregator.securityContext }} securityContext: {{- toYaml .Values.kubecostAggregator.securityContext | nindent 8 }} {{- else if and (.Values.global.platforms.openshift.enabled) (.Values.global.platforms.openshift.securityContext) }} securityContext: {{- toYaml .Values.global.platforms.openshift.securityContext | nindent 8 }} {{- else if .Values.global.securityContext }} securityContext: {{- toYaml .Values.global.securityContext | nindent 8 }} {{- end }} serviceAccountName: {{ template "aggregator.serviceAccountName" . }} volumes: - name: aggregator-staging emptyDir: sizeLimit: {{ .Values.kubecostAggregator.stagingEmptyDirSizeLimit }} {{- $etlBackupBucketSecret := "" }} {{- if .Values.kubecostModel.federatedStorageConfigSecret }} {{- $etlBackupBucketSecret = .Values.kubecostModel.federatedStorageConfigSecret }} {{- end }} {{- if $etlBackupBucketSecret }} {{- if .Values.kubecostModel.federatedStorageConfigSecret }} - name: federated-storage-config secret: defaultMode: 420 secretName: {{ .Values.kubecostModel.federatedStorageConfigSecret }} {{- end }} - name: etl-bucket-config secret: defaultMode: 420 secretName: {{ $etlBackupBucketSecret }} {{- else }} {{- fail "Kubecost Aggregator Enterprise Config requires .Values.kubecostModel.federatedStorageConfigSecret" }} {{- end }} {{- if .Values.saml }} {{- if .Values.saml.enabled }} {{- if .Values.saml.secretName }} - name: secret-volume secret: secretName: {{ .Values.saml.secretName }} {{- end }} {{- if .Values.saml.encryptionCertSecret }} - name: saml-encryption-cert secret: secretName: {{ .Values.saml.encryptionCertSecret }} {{- end }} {{- if .Values.saml.decryptionKeySecret }} - name: saml-decryption-key secret: secretName: {{ .Values.saml.decryptionKeySecret }} {{- end }} {{- if .Values.saml.metadataSecretName }} - name: metadata-secret-volume secret: secretName: {{ .Values.saml.metadataSecretName }} {{- end }} - name: saml-auth-secret secret: secretName: {{ .Values.saml.authSecretName | default "kubecost-saml-secret" }} {{- if .Values.saml.rbac.enabled }} - name: saml-roles configMap: name: {{ template "cost-analyzer.fullname" . }}-saml {{- end }} {{- end }} {{- end }} {{- if .Values.oidc }} {{- if .Values.oidc.enabled }} - name: oidc-config configMap: name: {{ template "cost-analyzer.fullname" . }}-oidc {{- if and (not .Values.oidc.existingCustomSecret.enabled) .Values.oidc.secretName }} - name: oidc-client-secret secret: secretName: {{ .Values.oidc.secretName }} {{- end }} {{- if .Values.oidc.existingCustomSecret.enabled }} - name: oidc-client-secret secret: secretName: {{ .Values.oidc.existingCustomSecret.name }} {{- end }} {{- end }} {{- end }} containers: {{- include "aggregator.containerTemplate" . | nindent 8 }} {{- if .Values.kubecostAggregator.jaeger.enabled }} {{ include "aggregator.jaeger.sidecarContainerTemplate" . | nindent 8 }} {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} {{- end }} {{- if .Values.kubecostAggregator.priority }} {{- if .Values.kubecostAggregator.priority.enabled }} {{- if .Values.kubecostAggregator.priority.name }} priorityClassName: {{ .Values.kubecostAggregator.priority.name }} {{- else }} priorityClassName: {{ template "cost-analyzer.fullname" . }}-aggregator-priority {{- end }} {{- end }} {{- end }} {{- with .Values.kubecostAggregator.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.kubecostAggregator.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.kubecostAggregator.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- end }} {{- end }}