andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/trilio/k8s-triliovault-operator/2.7.0/templates/deployment.yaml

203 lines
8.1 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
selector:
matchLabels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
hostNetwork: {{ .Values.podSpec.hostNetwork }}
hostIPC: {{ .Values.podSpec.hostIPC }}
hostPID: {{ .Values.podSpec.hostPID }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.podSpec.securityContext | nindent 8 }}
{{- end }}
containers:
- name: k8s-triliovault-operator
image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.proxySettings.PROXY_ENABLED }}
envFrom:
- secretRef:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- end }}
env:
{{- if .Values.proxySettings.PROXY_ENABLED }}
- name: PROXY_SETTINGS_SECRET
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: PROXY_CA_CONFIGMAP
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- end }}
{{- if .Values.tvkEnv }}
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
{{- end}}
{{- if .Values.tvkHelmRepo }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
{{- end }}
- name: INSTALL_NAMESPACE
value: {{ .Release.Namespace }}
- name: REGISTRY
value: {{ .Values.registry }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
livenessProbe:
httpGet:
path: /healthz
port: 8081
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /readyz
port: 8081
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
volumeMounts:
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: proxy-ca-cert
mountPath: /proxy-certs
readOnly: true
{{- end }}
{{- if .Values.tls.enable }}
- name: helm-tls-certs
mountPath: /root/.helm
readOnly: true
{{- if .Values.tls.verify }}
- name: helm-tls-ca
mountPath: /root/.helm/ca.crt
readOnly: true
{{- end }}
{{- end }}
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-certs
readOnly: true
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 10m
memory: 10Mi
initContainers:
- name: webhook-init
image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.proxySettings.PROXY_ENABLED }}
envFrom:
- secretRef:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- end }}
env:
{{- if .Values.proxySettings.PROXY_ENABLED }}
- name: PROXY_SETTINGS_SECRET
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: PROXY_CA_CONFIGMAP
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- end }}
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
- name: RELEASE_VERSION
value: {{ .Chart.AppVersion }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
- name: WEBHOOK_SERVICE
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
- name: WEBHOOK_NAMESPACE
value: {{ .Release.Namespace }}
- name: SECRET_NAME
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
volumeMounts:
- name: proxy-ca-cert
mountPath: /proxy-certs
readOnly: true
{{- end }}
serviceAccountName: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
{{- if .Values.nodeSelector }}
nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: proxy-ca-cert
configMap:
name: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- if .Values.tls.enable }}
- name: helm-tls-certs
secret:
secretName: {{ .Values.tls.secretName }}
defaultMode: 0400
{{- if .Values.tls.verify }}
- name: helm-tls-ca
configMap:
name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config
defaultMode: 0600
{{- end }}
{{- end }}
- name: webhook-certs
secret:
defaultMode: 420
secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
Reference in New Issue View Git Blame Copy Permalink