helm/korifi/controllers/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: korifi-controllers
name: korifi-controllers-controller-manager
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.controllers.replicas | default 1}}
selector:
matchLabels:
app: korifi-controllers
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
prometheus.io/path: /metrics
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
checksum/config: {{ tpl ($.Files.Get "controllers/configmap.yaml") $ | sha256sum }}
labels:
app: korifi-controllers
spec:
containers:
- name: manager
env:
- name: CONTROLLERSCONFIG
value: /etc/korifi-controllers-config
image: {{ .Values.controllers.image }}
{{- if .Values.debug }}
command:
- "/dlv"
args:
- "--listen=:40000"
- "--headless=true"
- "--api-version=2"
- "exec"
- "/manager"
- "--continue"
- "--accept-multiclient"
- "--"
- "--health-probe-bind-address=:8081"
- "--leader-elect"
{{- else }}
args:
- --health-probe-bind-address=:8081
- --leader-elect
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 8080
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
{{- include "korifi.resources" . | indent 8 }}
{{- include "korifi.securityContext" . | indent 8 }}
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
- mountPath: /etc/korifi-controllers-config
name: korifi-controllers-config
readOnly: true
{{- include "korifi.podSecurityContext" . | indent 6 }}
serviceAccountName: korifi-controllers-controller-manager
{{- if .Values.controllers.nodeSelector }}
nodeSelector:
{{ toYaml .Values.controllers.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controllers.tolerations }}
tolerations:
{{- toYaml .Values.controllers.tolerations | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: controllers-webhook-server-cert
- configMap:
name: korifi-controllers-config
name: korifi-controllers-config