github.com/kyma-project/kyma-environment-broker@v0.0.1/resources/kcp/charts/kyma-environment-broker/templates/runtime-reconciler-deployment.yaml

github.com/kyma-project/kyma-environment-broker@v0.0.1/resources/kcp/charts/kyma-environment-broker/templates/runtime-reconciler-deployment.yaml (about)

     1  {{ if .Values.runtimeReconciler.enabled }}
     2  apiVersion: apps/v1
     3  kind: Deployment
     4  metadata:
     5    name: runtime-reconciler
     6    namespace: kcp-system
     7    labels:
     8      app: runtime-reconciler
     9    annotations:
    10      argocd.argoproj.io/sync-options: Prune=false
    11  spec:
    12    replicas: 1
    13    selector:
    14      matchLabels:
    15        app: runtime-reconciler
    16    template:
    17      metadata:
    18        labels:
    19          app: runtime-reconciler
    20      spec:
    21        serviceAccountName: {{ .Values.global.kyma_environment_broker.serviceAccountName }}
    22        {{- with .Values.deployment.securityContext }}
    23        securityContext:
    24          {{ toYaml . | nindent 12 }}
    25        {{- end }}
    26        containers:
    27          - name: runtime-reconciler
    28            image: "{{ .Values.global.images.container_registry.path }}/{{ .Values.global.images.kyma_environment_broker.dir }}kyma-environment-runtime-reconciler:{{ .Values.global.images.kyma_environment_runtime_reconciler.version }}"
    29            imagePullPolicy: Always
    30            ports:
    31            - containerPort: 80
    32            env:
    33              - name: RUNTIME_RECONCILER_DRY_RUN
    34                value: "{{ .Values.runtimeReconciler.dryRun }}"
    35              - name: RUNTIME_RECONCILER_JOB_ENABLED
    36                value: "{{ .Values.runtimeReconciler.jobEnabled }}"
    37              - name: RUNTIME_RECONCILER_JOB_INTERVAL
    38                value: "{{ .Values.runtimeReconciler.jobInterval }}"
    39              - name: RUNTIME_RECONCILER_JOB_RECONCILIATION_DELAY
    40                value: "{{ .Values.runtimeReconciler.jobReconciliationDelay }}"
    41              - name: RUNTIME_RECONCILER_WATCHER_ENABLED
    42                value: "{{ .Values.runtimeReconciler.watcherEnabled }}"
    43              - name: RUNTIME_RECONCILER_BTP_MANAGER_SECRET_WATCHER_ADDR
    44                value: "{{ .Values.runtimeReconciler.watcherAddress }}"
    45              - name: RUNTIME_RECONCILER_BTP_MANAGER_SECRET_WATCHER_COMPONENT_NAME
    46                value: "{{ .Values.runtimeReconciler.watcherName }}"
    47              - name: RUNTIME_RECONCILER_DATABASE_SECRET_KEY
    48                valueFrom:
    49                  secretKeyRef:
    50                    name: kcp-storage-client-secret
    51                    key: secretKey
    52                    optional: true
    53              - name: RUNTIME_RECONCILER_DATABASE_USER
    54                valueFrom:
    55                  secretKeyRef:
    56                    name: kcp-postgresql
    57                    key: postgresql-broker-username
    58              - name: RUNTIME_RECONCILER_DATABASE_PASSWORD
    59                valueFrom:
    60                  secretKeyRef:
    61                    name: kcp-postgresql
    62                    key: postgresql-broker-password
    63              - name: RUNTIME_RECONCILER_DATABASE_HOST
    64                valueFrom:
    65                  secretKeyRef:
    66                    name: kcp-postgresql
    67                    key: postgresql-serviceName
    68              - name: RUNTIME_RECONCILER_DATABASE_PORT
    69                valueFrom:
    70                  secretKeyRef:
    71                    name: kcp-postgresql
    72                    key: postgresql-servicePort
    73              - name: RUNTIME_RECONCILER_DATABASE_NAME
    74                valueFrom:
    75                  secretKeyRef:
    76                    name: kcp-postgresql
    77                    key: postgresql-broker-db-name
    78              - name: RUNTIME_RECONCILER_DATABASE_SSLMODE
    79                valueFrom:
    80                  secretKeyRef:
    81                    name: kcp-postgresql
    82                    key: postgresql-sslMode
    83              - name: RUNTIME_RECONCILER_DATABASE_SSLROOTCERT
    84                value: /secrets/cloudsql-sslrootcert/server-ca.pem
    85              - name: RUNTIME_RECONCILER_PROVISIONER_URL
    86                value: {{ .Values.provisioner.URL }}
    87          {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}}
    88            volumeMounts:
    89                - name: cloudsql-sslrootcert
    90                  mountPath: /secrets/cloudsql-sslrootcert
    91                  readOnly: true
    92          {{- end}}
    93          {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true)}}
    94          - name: cloudsql-proxy
    95            image: {{ .Values.global.images.cloudsql_proxy_image }}
    96            {{- if .Values.global.database.cloudsqlproxy.workloadIdentity.enabled }}
    97            command: ["/cloud_sql_proxy",
    98                      "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432"]
    99            {{- else }}
   100            command: ["/cloud_sql_proxy",
   101                      "-instances={{ .Values.global.database.managedGCP.instanceConnectionName }}=tcp:5432",
   102                      "-credential_file=/secrets/cloudsql-instance-credentials/credentials.json"]
   103            volumeMounts:
   104              - name: cloudsql-instance-credentials
   105                mountPath: /secrets/cloudsql-instance-credentials
   106                readOnly: true
   107            {{- end }}
   108            {{- with .Values.deployment.securityContext }}
   109            securityContext:
   110              {{ toYaml . | nindent 16 }}
   111            {{- end }}
   112          {{- end}}
   113        {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled true) (eq .Values.global.database.cloudsqlproxy.workloadIdentity.enabled false)}}
   114        volumes:
   115          - name: cloudsql-instance-credentials
   116            secret:
   117              secretName: cloudsql-instance-credentials
   118        {{- end}}
   119        {{- if and (eq .Values.global.database.embedded.enabled false) (eq .Values.global.database.cloudsqlproxy.enabled false)}}
   120        volumes:
   121          - name: cloudsql-sslrootcert
   122            secret:
   123              secretName: kcp-postgresql
   124              items: 
   125                - key: postgresql-sslRootCert
   126                  path: server-ca.pem
   127              optional: true
   128        {{- end}}
   129  {{ end }}