helm/korifi/controllers/deployment.yaml from cloudfoundry/cf-k8s-controllers

helm/korifi/controllers/deployment.yaml
Summary

Maintainability

Test Coverage

Issues
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: korifi-controllers
  name: korifi-controllers-controller-manager
  namespace: {{ .Release.Namespace }}
spec:
  replicas: {{ .Values.controllers.replicas | default 1}}
  selector:
    matchLabels:
      app: korifi-controllers
  template:
    metadata:
      annotations:
        kubectl.kubernetes.io/default-container: manager
        prometheus.io/path: /metrics
        prometheus.io/port: "8080"
        prometheus.io/scrape: "true"
        checksum/config: {{ tpl ($.Files.Get "controllers/configmap.yaml") $ | sha256sum }}
      labels:
        app: korifi-controllers
    spec:
      containers:
      - name: manager
        env:
        - name: CONTROLLERSCONFIG
          value: /etc/korifi-controllers-config
        image: {{ .Values.controllers.image }}
{{- if .Values.debug }}
        command:
        - "/dlv"
        args:
        - "--listen=:40000"
        - "--headless=true"
        - "--api-version=2"
        - "exec"
        - "/manager"
        - "--continue"
        - "--accept-multiclient"
        - "--"
        - "--health-probe-bind-address=:8081"
        - "--leader-elect"
{{- else }}
        args:
        - --health-probe-bind-address=:8081
        - --leader-elect
{{- end }}
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8081
          initialDelaySeconds: 15
          periodSeconds: 20
        ports:
        - containerPort: 9443
          name: webhook-server
          protocol: TCP
        - containerPort: 8080
          name: metrics
          protocol: TCP
        readinessProbe:
          httpGet:
            path: /readyz
            port: 8081
          initialDelaySeconds: 5
          periodSeconds: 10
        {{- include "korifi.resources" . | indent 8 }}
        {{- include "korifi.securityContext" . | indent 8 }}
        volumeMounts:
        - mountPath: /tmp/k8s-webhook-server/serving-certs
          name: cert
          readOnly: true
        - mountPath: /etc/korifi-controllers-config
          name: korifi-controllers-config
          readOnly: true
      {{- include "korifi.podSecurityContext" . | indent 6 }}
      serviceAccountName: korifi-controllers-controller-manager
{{- if .Values.controllers.nodeSelector }}
      nodeSelector:
      {{ toYaml .Values.controllers.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.controllers.tolerations }}
      tolerations:
      {{- toYaml .Values.controllers.tolerations | nindent 8 }}
{{- end }}
      terminationGracePeriodSeconds: 10
      volumes:
      - name: cert
        secret:
          defaultMode: 420
          secretName: controllers-webhook-server-cert
      - configMap:
          name: korifi-controllers-config
        name: korifi-controllers-config