apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "datadog-operator.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{ include "datadog-operator.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "datadog-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "datadog-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- if .Values.podLabels }} {{ toYaml .Values.podLabels | indent 8 }} {{- end }} annotations: {{- if or .Values.apiKey .Values.apiKeyExistingSecret }} checksum/api_key: {{ include (print $.Template.BasePath "/secret_api_key.yaml") . | sha256sum }} {{- end }} {{- if or .Values.appKey .Values.appKeyExistingSecret }} checksum/application_key: {{ include (print $.Template.BasePath "/secret_application_key.yaml") . | sha256sum }} {{- end }} {{- if .Values.collectOperatorMetrics }} ad.datadoghq.com/{{ .Chart.Name }}.check_names: '["openmetrics"]' ad.datadoghq.com/{{ .Chart.Name }}.init_configs: '[{}]' ad.datadoghq.com/{{ .Chart.Name }}.instances: | [{ "prometheus_url": "http://%%host%%:{{ .Values.metricsPort }}/metrics", "namespace": "datadog.operator", "metrics": ["*"] }] {{- end }} {{- if .Values.podAnnotations }} {{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "datadog-operator.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: WATCH_NAMESPACE {{- if .Values.watchNamespaces }} value: {{ .Values.watchNamespaces | join "," }} {{- else }} valueFrom: fieldRef: fieldPath: metadata.namespace {{- end }} - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name {{- if or .Values.apiKey .Values.apiKeyExistingSecret }} - name: DD_API_KEY valueFrom: secretKeyRef: name: {{ template "datadog-operator.apiKeySecretName" . }} key: api-key {{- end }} {{- if or .Values.appKey .Values.appKeyExistingSecret }} - name: DD_APP_KEY valueFrom: secretKeyRef: name: {{ template "datadog-operator.appKeySecretName" . }} key: app-key {{- end }} {{- if .Values.site }} - name: DD_SITE value: {{ .Values.site }} {{- end }} {{- if .Values.dd_url }} - name: DD_URL value: {{ .Values.dd_url }} {{- end }} {{- range .Values.env }} - name: {{ .name }} value: {{ .value | quote }} {{- end }} args: - "-supportExtendedDaemonset={{ .Values.supportExtendedDaemonset }}" - "-logEncoder=json" - "-metrics-addr=:{{ .Values.metricsPort }}" - "-loglevel={{ .Values.logLevel }}" {{- if and (not (empty .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled)) (semverCompare ">=1.0.0-0" .Values.image.tag ) }} - "-webhookEnabled={{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }}" {{- else }} - "-webhookEnabled=false" {{- end }} {{- if .Values.secretBackend.command }} - "-secretBackendCommand={{ .Values.secretBackend.command }}" {{- end }} {{- if .Values.secretBackend.arguments }} - "-secretBackendArgs={{ .Values.secretBackend.arguments }}" {{- end }} {{- if and .Values.maximumGoroutines (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} - "-maximumGoroutines={{ .Values.maximumGoroutines }}" {{- end }} - "-datadogMonitorEnabled={{ .Values.datadogMonitor.enabled }}" {{- if (semverCompare ">=1.0.0-rc.13" .Values.image.tag) }} - "-datadogAgentEnabled={{ .Values.datadogAgent.enabled }}" {{- end }} ports: - name: metrics containerPort: {{ .Values.metricsPort }} protocol: TCP {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} - name: webhook containerPort: 9443 protocol: TCP {{- end }} livenessProbe: httpGet: path: /healthz/ port: 8081 periodSeconds: 10 resources: {{- toYaml .Values.resources | nindent 12 }} {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true {{- end }} {{- if .Values.containerSecurityContext }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }} volumes: - name: cert secret: defaultMode: 420 secretName: {{ .Release.Name }}-webhook-server-cert {{- end }}