rancher-partner-charts/charts/trilio/k8s-triliovault-operator/2.6.0/templates/deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "k8s-triliovault-operator.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app:  {{ template "k8s-triliovault-operator.fullname" . }}
    release: "{{ .Release.Name }}"
    app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
    app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
    app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
  selector:
    matchLabels:
      app: {{ template "k8s-triliovault-operator.fullname" . }}
      release: "{{ .Release.Name }}"
  replicas: {{ .Values.replicaCount }}
  template:
    metadata:
      labels:
        app: {{ template "k8s-triliovault-operator.fullname" . }}
        release: "{{ .Release.Name }}"
        app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
        app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
        app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
        app.kubernetes.io/managed-by: {{ .Release.Service }}
    spec:
      hostNetwork: {{ .Values.podSpec.hostNetwork }}
      hostIPC: {{ .Values.podSpec.hostIPC }}
      hostPID: {{ .Values.podSpec.hostPID }}
      {{- if .Values.securityContext }}
      securityContext:
      {{- toYaml .Values.podSpec.securityContext | nindent 8 }}
      {{- end }}
      containers:
        - name: k8s-triliovault-operator
          image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }}
          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
          {{- if .Values.proxySettings.PROXY_ENABLED }}
          envFrom:
          - secretRef:
              name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
          {{- end }}
          env:
            {{- if .Values.proxySettings.PROXY_ENABLED }}
            - name: PROXY_SETTINGS_SECRET
              value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
            {{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
            - name: PROXY_CA_CONFIGMAP
              value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
            {{- end }}
            {{- end }}
            {{- if .Values.tvkEnv }}
            - name: TVK_ENV
              value: {{ .Values.tvkEnv }}
            {{- end}}
            {{- if .Values.tvkHelmRepo }}
            - name: TVK_HELM_REPO
              value: {{ .Values.tvkHelmRepo }}
            {{- end }}
            - name: INSTALL_NAMESPACE
              value: {{ .Release.Namespace }}
            - name: REGISTRY
              value: {{ .Values.registry }}
            - name: ADMISSION_MUTATION_CONFIG
              value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
            - name: ADMISSION_VALIDATION_CONFIG
              value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
            - name: NAMESPACE_VALIDATION_CONFIG
              value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
          volumeMounts:
          {{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
          - name: proxy-ca-cert
            mountPath: /proxy-certs
            readOnly: true
          {{- end }}
          {{- if .Values.tls.enable }}
          - name: helm-tls-certs
            mountPath: /root/.helm
            readOnly: true
          {{- if .Values.tls.verify }}
          - name: helm-tls-ca
            mountPath: /root/.helm/ca.crt
            readOnly: true
          {{- end }}
          {{- end }}
          - mountPath: /tmp/k8s-webhook-server/serving-certs
            name: webhook-certs
            readOnly: true
          {{- if .Values.securityContext }}
          securityContext:
          {{- toYaml .Values.securityContext | nindent 12 }}
          {{- end }}
          resources:
            limits:
              cpu: 200m
              memory: 512Mi
            requests:
              cpu: 10m
              memory: 10Mi
      initContainers:
        - name: webhook-init
          image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }}
          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
          {{- if .Values.securityContext }}
          securityContext:
          {{- toYaml .Values.securityContext | nindent 12 }}
          {{- end }}
          {{- if .Values.proxySettings.PROXY_ENABLED }}
          envFrom:
          - secretRef:
              name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
          {{- end }}
          env:
            {{- if .Values.proxySettings.PROXY_ENABLED }}
            - name: PROXY_SETTINGS_SECRET
              value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
            {{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
            - name: PROXY_CA_CONFIGMAP
              value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
            {{- end }}
            {{- end }}
            - name: TVK_ENV
              value: {{ .Values.tvkEnv }}
            - name: TVK_HELM_REPO
              value: {{ .Values.tvkHelmRepo }}
            - name: RELEASE_VERSION
              value: {{ .Chart.AppVersion }}
            - name: ADMISSION_MUTATION_CONFIG
              value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
            - name: ADMISSION_VALIDATION_CONFIG
              value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
            - name: NAMESPACE_VALIDATION_CONFIG
              value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
            - name: WEBHOOK_SERVICE
              value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
            - name: WEBHOOK_NAMESPACE
              value: {{ .Release.Namespace }}
            - name: SECRET_NAME
              value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
          {{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
          volumeMounts:
          - name: proxy-ca-cert
            mountPath: /proxy-certs
            readOnly: true
          {{- end }}
      serviceAccountName: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
      {{- if .Values.nodeSelector }}
      nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
      {{- end }}
      {{- if .Values.affinity }}
      affinity:
      {{- toYaml .Values.affinity | nindent 8 }}
      {{- end }}
      volumes:
      {{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
      - name: proxy-ca-cert
        configMap:
          name: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
      {{- end }}
      {{- if .Values.tls.enable }}
      - name: helm-tls-certs
        secret:
          secretName: {{ .Values.tls.secretName }}
          defaultMode: 0400
      {{- if .Values.tls.verify }}
      - name: helm-tls-ca
        configMap:
          name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config
          defaultMode: 0600
      {{- end }}
      {{- end }}
      - name: webhook-certs
        secret:
          defaultMode: 420
          secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs