examples/operator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "operator.fullname" . }}-controller-manager
labels:
control-plane: controller-manager
{{- include "operator.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.controllerManager.replicas }}
selector:
matchLabels:
control-plane: controller-manager
{{- include "operator.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
control-plane: controller-manager
{{- include "operator.selectorLabels" . | nindent 8 }}
spec:
containers:
- args: {{- toYaml .Values.controllerManager.kubeRbacProxy.args | nindent 8 }}
env:
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ quote .Values.kubernetesClusterDomain }}
image: {{ .Values.controllerManager.kubeRbacProxy.image.repository }}:{{ .Values.controllerManager.kubeRbacProxy.image.tag
| default .Chart.AppVersion }}
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
resources: {}
- args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }}
command:
- /manager
env:
- name: VAR1
valueFrom:
secretKeyRef:
key: VAR1
name: {{ include "operator.fullname" . }}-secret-vars
- name: VAR2
value: {{ quote .Values.controllerManager.manager.env.var2 }}
- name: VAR3_MY_ENV
value: {{ quote .Values.controllerManager.manager.env.var3MyEnv }}
- name: VAR4
valueFrom:
configMapKeyRef:
key: VAR4
name: {{ include "operator.fullname" . }}-configmap-vars
- name: VAR5
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: VAR6
valueFrom:
resourceFieldRef:
divisor: "0"
resource: limits.cpu
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ quote .Values.kubernetesClusterDomain }}
image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag
| default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.controllerManager.manager.imagePullPolicy }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10
}}
securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext
| nindent 10 }}
volumeMounts:
- mountPath: /controller_manager_config.yaml
name: manager-config
subPath: controller_manager_config.yaml
- mountPath: /my.ca
name: secret-volume
imagePullSecrets:
- name: {{ include "operator.fullname" . }}-secret-registry-credentials
nodeSelector: {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
securityContext:
runAsNonRoot: true
serviceAccountName: {{ include "operator.fullname" . }}-controller-manager
terminationGracePeriodSeconds: 10
topologySpreadConstraints:
- matchLabelKeys:
- app
- pod-template-hash
maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
volumes:
- configMap:
name: {{ include "operator.fullname" . }}-manager-config
name: manager-config
- name: secret-volume
secret:
secretName: {{ include "operator.fullname" . }}-secret-ca