277 lines
14 KiB
YAML
277 lines
14 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: {{ template "k8s-triliovault-operator.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
|
release: "{{ .Release.Name }}"
|
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
|
|
spec:
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 25%
|
|
maxUnavailable: 25%
|
|
selector:
|
|
matchLabels:
|
|
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
|
release: "{{ .Release.Name }}"
|
|
replicas: {{ .Values.replicaCount }}
|
|
template:
|
|
metadata:
|
|
{{- if .Values.podAnnotations }}
|
|
annotations:
|
|
{{- range $key, $value := .Values.podAnnotations }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
{{- end }}
|
|
labels:
|
|
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
|
release: "{{ .Release.Name }}"
|
|
{{- include "k8s-triliovault-operator.labels" . | nindent 8 }}
|
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
|
|
{{- range $key, $value := .Values.podLabels }}
|
|
{{ $key }}: {{ $value | quote }}
|
|
{{- end }}
|
|
spec:
|
|
hostNetwork: {{ .Values.podSpec.hostNetwork }}
|
|
hostIPC: {{ .Values.podSpec.hostIPC }}
|
|
hostPID: {{ .Values.podSpec.hostPID }}
|
|
{{- if .Values.priorityClassName }}
|
|
{{ template "k8s-triliovault-operator.priorityClassValidator" .}}
|
|
priorityClassName: {{ .Values.priorityClassName }}
|
|
{{- end }}
|
|
{{- if .Values.securityContext }}
|
|
securityContext:
|
|
{{- toYaml .Values.podSpec.securityContext | nindent 8 }}
|
|
{{- end }}
|
|
{{- if include "k8s-triliovault-operator.imagePullSecret" . }}
|
|
imagePullSecrets:
|
|
- name: {{ template "k8s-triliovault-operator.imagePullSecret" . }}
|
|
{{- end }}
|
|
containers:
|
|
- name: k8s-triliovault-operator
|
|
image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }}
|
|
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
|
env:
|
|
{{- if .Values.proxySettings.PROXY_ENABLED }}
|
|
- name: HTTP_PROXY
|
|
value: {{ .Values.proxySettings.HTTP_PROXY }}
|
|
- name: HTTPS_PROXY
|
|
value: {{ .Values.proxySettings.HTTPS_PROXY }}
|
|
- name: NO_PROXY
|
|
value: {{ .Values.proxySettings.NO_PROXY }}
|
|
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
|
- name: PROXY_CA_CONFIGMAP
|
|
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
|
{{- end }}
|
|
{{- end }}
|
|
- name: MASTER_ENCRYPTION_KEY_NAMESPACE
|
|
value: {{ .Values.masterEncryptionKeyConfig.namespace | default .Release.Namespace }}
|
|
- name: MASTER_ENCRYPTION_KEY_NAME
|
|
value: {{ .Values.masterEncryptionKeyConfig.name }}
|
|
{{- if .Values.observability.enabled }}
|
|
- name: OBSERVABILITY_SECRET_NAME
|
|
value: {{ .Values.observability.name }}
|
|
- name: OBSERVABILITY_SECRET_NAMESPACE
|
|
value: {{ .Values.observability.namespace | default .Release.Namespace }}
|
|
{{- end}}
|
|
- name: INSTALL_NAMESPACE
|
|
value: {{ .Release.Namespace }}
|
|
- name: REGISTRY
|
|
value: {{ .Values.registry }}
|
|
- name: RELATED_IMAGE_INGRESS_CONTROLLER
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "ingress-controller" "image"}}:{{ index .Values "relatedImages" "ingress-controller" "tag" }}
|
|
- name: RELATED_IMAGE_KUBE_CERTGEN
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "kube-certgen" "image"}}:{{ index .Values "relatedImages" "kube-certgen" "tag" }}
|
|
- name: RELATED_IMAGE_METAMOVER
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.metamover.image }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_CONTROL_PLANE
|
|
value: {{ .Values.registry }}/{{index .Values "relatedImages" "control-plane" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_WEB
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.web.image }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_WEB_BACKEND
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "web-backend" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_EXPORTER
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.exporter.image }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_ADMISSION_WEBHOOK
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "admission-webhook" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_ANALYZER
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.analyzer.image }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_DATAMOVER
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.datamover.image }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_DATASTORE_ATTACHER
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "datastore-attacher" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_BACKUP_SCHEDULER
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "backup-scheduler" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_BACKUP_CLEANER
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "backup-cleaner" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_TARGET_BROWSER
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "target-browser" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_BACKUP_RETENTION
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "backup-retention" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_HOOK
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.hook.image }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_RESOURCE_CLEANER
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "resource-cleaner" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_TVK_INIT
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "tvk-init" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_DEX
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.dex.image }}:{{ .Values.relatedImages.dex.tag }}
|
|
- name: RELATED_IMAGE_MINIO
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.minio.image }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: RELATED_IMAGE_NATS
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.nats.image }}:{{ .Values.relatedImages.nats.tag }}
|
|
- name: RELATED_IMAGE_SERVICE_MANAGER
|
|
value: {{ .Values.registry }}/{{index .Values "relatedImages" "service-manager" "image" }}:{{ .Values.relatedImages.tags.event }}
|
|
- name: RELATED_IMAGE_SYNCER
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.syncer.image }}:{{ .Values.relatedImages.tags.event }}
|
|
- name: RELATED_IMAGE_WATCHER
|
|
value: {{ .Values.registry }}/{{ .Values.relatedImages.watcher.image }}:{{ .Values.relatedImages.tags.event }}
|
|
- name: RELATED_IMAGE_CONTINUOUS_RESTORE
|
|
value: {{ .Values.registry }}/{{ index .Values "relatedImages" "continuous-restore" "image" }}:{{ .Values.relatedImages.tags.tvk }}
|
|
- name: ADMISSION_MUTATION_CONFIG
|
|
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
|
|
- name: ADMISSION_VALIDATION_CONFIG
|
|
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
|
|
- name: RELEASE_VERSION
|
|
value: !!str {{ .Chart.AppVersion }}
|
|
- name: OPERATOR_INSTANCE_NAME
|
|
value: {{ template "k8s-triliovault-operator.appName" . }}
|
|
{{- if .Values.podAnnotations }}
|
|
- name: POD_ANNOTATIONS
|
|
value: {{ .Values.podAnnotations | toPrettyJson | quote }}
|
|
{{- end }}
|
|
{{- if .Values.podLabels }}
|
|
- name: POD_LABELS
|
|
value: {{ .Values.podLabels | toPrettyJson | quote }}
|
|
{{- end }}
|
|
- name: PRIORITY_CLASS_NAME
|
|
value: {{ .Values.priorityClassName }}
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8081
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 30
|
|
timeoutSeconds: 2
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: 8081
|
|
scheme: HTTP
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
timeoutSeconds: 1
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
volumeMounts:
|
|
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
|
- name: proxy-ca-cert
|
|
mountPath: /proxy-certs
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- if .Values.tls.enable }}
|
|
- name: helm-tls-certs
|
|
mountPath: /root/.helm
|
|
readOnly: true
|
|
{{- if .Values.tls.verify }}
|
|
- name: helm-tls-ca
|
|
mountPath: /root/.helm/ca.crt
|
|
readOnly: true
|
|
{{- end }}
|
|
{{- end }}
|
|
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
|
name: webhook-certs
|
|
readOnly: true
|
|
{{- if .Values.securityContext }}
|
|
securityContext:
|
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
{{- end }}
|
|
resources:
|
|
limits:
|
|
cpu: 200m
|
|
memory: 512Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 256Mi
|
|
initContainers:
|
|
- name: webhook-init
|
|
image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }}
|
|
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
|
{{- if .Values.securityContext }}
|
|
securityContext:
|
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
{{- end }}
|
|
env:
|
|
{{- if .Values.proxySettings.PROXY_ENABLED }}
|
|
- name: HTTP_PROXY
|
|
value: {{ .Values.proxySettings.HTTP_PROXY }}
|
|
- name: HTTPS_PROXY
|
|
value: {{ .Values.proxySettings.HTTPS_PROXY }}
|
|
- name: NO_PROXY
|
|
value: {{ .Values.proxySettings.NO_PROXY }}
|
|
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
|
- name: PROXY_CA_CONFIGMAP
|
|
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
|
{{- end }}
|
|
{{- end }}
|
|
- name: MASTER_ENCRYPTION_KEY_NAMESPACE
|
|
value: {{ .Values.masterEncryptionKeyConfig.namespace | default .Release.Namespace }}
|
|
- name: MASTER_ENCRYPTION_KEY_NAME
|
|
value: {{ .Values.masterEncryptionKeyConfig.name }}
|
|
- name: RELEASE_VERSION
|
|
value: !!str {{ .Chart.AppVersion }}
|
|
- name: ADMISSION_MUTATION_CONFIG
|
|
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
|
|
- name: ADMISSION_VALIDATION_CONFIG
|
|
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
|
|
- name: NAMESPACE_VALIDATION_CONFIG
|
|
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
|
|
- name: WEBHOOK_SERVICE
|
|
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
|
- name: WEBHOOK_NAMESPACE
|
|
value: {{ .Release.Namespace }}
|
|
- name: SECRET_NAME
|
|
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
|
|
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
|
|
volumeMounts:
|
|
- name: proxy-ca-cert
|
|
mountPath: /proxy-certs
|
|
readOnly: true
|
|
{{- end }}
|
|
serviceAccountName: {{ template "k8s-triliovault-operator.serviceAccountName" . }}
|
|
{{- if .Values.nodeSelector }}
|
|
nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml .Values.affinity | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml .Values.tolerations | nindent 8 }}
|
|
{{- end }}
|
|
volumes:
|
|
{{- if .Values.tls.enable }}
|
|
- name: helm-tls-certs
|
|
secret:
|
|
secretName: {{ .Values.tls.secretName }}
|
|
defaultMode: 0400
|
|
{{- if .Values.tls.verify }}
|
|
- name: helm-tls-ca
|
|
configMap:
|
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-helm-tls-ca-config
|
|
defaultMode: 0600
|
|
{{- end }}
|
|
{{- end }}
|
|
- name: webhook-certs
|
|
secret:
|
|
defaultMode: 420
|
|
secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
|