github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/helm/templates/dataprotection.yaml (about) 1 {{- if .Values.dataProtection.enabled }} 2 apiVersion: apps/v1 3 kind: Deployment 4 metadata: 5 name: {{ include "kubeblocks.fullname" . }}-dataprotection 6 labels: 7 {{- include "kubeblocks.labels" . | nindent 4 }} 8 app.kubernetes.io/component: "dataprotection" 9 spec: 10 {{- if not .Values.autoscaling.enabled }} 11 replicas: {{ .Values.replicaCount }} 12 {{- end }} 13 selector: 14 matchLabels: 15 {{- include "kubeblocks.selectorLabels" . | nindent 6 }} 16 {{- if .Values.updateStrategy }} 17 strategy: 18 {{ toYaml .Values.updateStrategy | nindent 4 | trim }} 19 {{- end }} 20 template: 21 metadata: 22 {{- with .Values.podAnnotations }} 23 annotations: 24 {{- toYaml . | nindent 8 }} 25 {{- end }} 26 labels: 27 {{- include "kubeblocks.selectorLabels" . | nindent 8 }} 28 spec: 29 priorityClassName: {{ template "kubeblocks.priorityClassName" . }} 30 {{- with .Values.dataProtection.image.imagePullSecrets }} 31 imagePullSecrets: 32 {{- toYaml . | nindent 8 }} 33 {{- end }} 34 serviceAccountName: {{ include "kubeblocks.serviceAccountName" . }} 35 securityContext: 36 {{- toYaml .Values.podSecurityContext | nindent 8 }} 37 initContainers: # only download tools image to local 38 - name: tools 39 image: "{{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.tools.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 40 imagePullPolicy: {{ .Values.image.pullPolicy }} 41 command: 42 - /bin/true 43 containers: 44 - name: dataprotection 45 args: 46 - "--health-probe-bind-address=:8081" 47 - "--metrics-bind-address=:8080" 48 - "--leader-elect" 49 - "--leader-elect-id=abd03fda" 50 - "--zap-devel={{- default "false" .Values.loggerSettings.developmentMode }}" 51 - "--zap-time-encoding={{- default "iso8601" .Values.loggerSettings.timeEncoding }}" 52 {{- with .Values.loggerSettings.level }} 53 - "--zap-log-level={{ . }}" 54 {{- end }} 55 {{- with .Values.loggerSettings.encoder }} 56 - "--zap-encoder={{ . }}" 57 {{- end }} 58 env: 59 - name: CM_NAMESPACE 60 value: {{ .Release.Namespace }} 61 {{- with .Values.affinity }} 62 - name: CM_AFFINITY 63 value: {{ toJson . | quote }} 64 {{- end }} 65 {{- with .Values.nodeSelector }} 66 - name: CM_NODE_SELECTOR 67 value: {{ toJson . | quote }} 68 {{- end }} 69 {{- with .Values.tolerations }} 70 - name: CM_TOLERATIONS 71 value: {{ toJson . | quote }} 72 {{- end }} 73 - name: KUBEBLOCKS_IMAGE_PULL_POLICY 74 value: {{ .Values.dataProtection.image.pullPolicy }} 75 - name: KUBEBLOCKS_TOOLS_IMAGE 76 value: "{{ .Values.image.registry | default "docker.io" }}/{{ .Values.image.tools.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 77 - name: KUBEBLOCKS_SERVICEACCOUNT_NAME 78 value: {{ include "kubeblocks.serviceAccountName" . }} 79 {{- if .Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1" }} 80 - name: VOLUMESNAPSHOT_API_BETA 81 value: "false" 82 {{- else if .Capabilities.APIVersions.Has "snapshot.storage.k8s.io/v1beta1" }} 83 - name: VOLUMESNAPSHOT_API_BETA 84 value: "true" 85 {{- end }} 86 {{- if .Values.admissionWebhooks.enabled }} 87 - name: ENABLE_WEBHOOKS 88 value: "true" 89 {{- end }} 90 - name: DP_ENCRYPTION_KEY 91 valueFrom: 92 secretKeyRef: 93 name: {{ include "kubeblocks.fullname" . }}-secret 94 key: dataProtectionEncryptionKey 95 - name: DATASAFED_IMAGE 96 value: "{{ .Values.dataProtection.image.registry | default "docker.io" }}/{{ .Values.dataProtection.image.datasafed.repository }}:{{ .Values.dataProtection.image.datasafed.tag | default "latest" }}" 97 - name: GC_FREQUENCY_SECONDS 98 value: "{{ .Values.dataProtection.gcFrequencySeconds }}" 99 {{- with .Values.securityContext }} 100 securityContext: 101 {{- toYaml . | nindent 12 }} 102 {{- end }} 103 image: "{{ .Values.dataProtection.image.registry | default "docker.io" }}/{{ .Values.dataProtection.image.repository }}:{{ .Values.dataProtection.image.tag | default .Chart.AppVersion }}" 104 imagePullPolicy: {{ .Values.dataProtection.image.pullPolicy }} 105 ports: 106 - name: webhook-server 107 containerPort: 9443 108 protocol: TCP 109 - name: health 110 containerPort: 8081 111 protocol: TCP 112 - name: metrics 113 containerPort: 8080 114 protocol: TCP 115 livenessProbe: 116 httpGet: 117 path: /healthz 118 port: health 119 initialDelaySeconds: 15 120 periodSeconds: 20 121 readinessProbe: 122 httpGet: 123 path: /readyz 124 port: health 125 initialDelaySeconds: 5 126 periodSeconds: 10 127 resources: 128 {{- toYaml .Values.resources | nindent 12 }} 129 volumeMounts: 130 - mountPath: /etc/kubeblocks 131 name: manager-config 132 {{- if .Values.admissionWebhooks.enabled }} 133 - mountPath: /tmp/k8s-webhook-server/serving-certs 134 name: cert 135 readOnly: true 136 {{- end }} 137 {{- if .Values.hostNetwork }} 138 hostNetwork: {{ .Values.hostNetwork }} 139 {{- end }} 140 {{- if .Values.dnsPolicy }} 141 dnsPolicy: {{ .Values.dnsPolicy }} 142 {{- end }} 143 {{- with .Values.topologySpreadConstraints }} 144 topologySpreadConstraints: 145 {{- toYaml . | nindent 8 }} 146 {{- end }} 147 {{- with .Values.affinity }} 148 affinity: 149 {{- toYaml . | nindent 8 }} 150 {{- end }} 151 {{- with .Values.nodeSelector }} 152 nodeSelector: 153 {{- toYaml . | nindent 8 }} 154 {{- end }} 155 {{- with .Values.tolerations }} 156 tolerations: 157 {{- toYaml . | nindent 8 }} 158 {{- end }} 159 terminationGracePeriodSeconds: 10 160 volumes: 161 - name: manager-config 162 configMap: 163 name: {{ include "kubeblocks.fullname" . }}-manager-config 164 {{- if .Values.admissionWebhooks.enabled }} 165 - name: cert 166 secret: 167 defaultMode: 420 168 secretName: {{ include "kubeblocks.fullname" . }}.{{ .Release.Namespace }}.svc.tls-pair 169 {{- end }} 170 {{- end }}