github.com/looshlee/beatles@v0.0.0-20220727174639-742810ab631c/install/kubernetes/cilium/charts/operator/templates/deployment.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 labels: 5 io.cilium/app: operator 6 name: cilium-operator 7 name: cilium-operator 8 namespace: {{ .Release.Namespace }} 9 spec: 10 replicas: 1 11 selector: 12 matchLabels: 13 io.cilium/app: operator 14 name: cilium-operator 15 strategy: 16 rollingUpdate: 17 maxSurge: 1 18 maxUnavailable: 1 19 type: RollingUpdate 20 template: 21 metadata: 22 annotations: 23 {{- if and .Values.global.prometheus.enabled (not .Values.global.prometheus.serviceMonitor.enabled) }} 24 prometheus.io/port: "6942" 25 prometheus.io/scrape: "true" 26 {{- end }} 27 labels: 28 io.cilium/app: operator 29 name: cilium-operator 30 spec: 31 containers: 32 - args: 33 - --debug=$(CILIUM_DEBUG) 34 - --identity-allocation-mode=$(CILIUM_IDENTITY_ALLOCATION_MODE) 35 {{- if .Values.global.prometheus.enabled }} 36 - --enable-metrics 37 {{- end }} 38 {{- if .Values.global.kubeConfigPath }} 39 - --k8s-kubeconfig-path={{ .Values.global.kubeConfigPath }} 40 {{- end }} 41 command: 42 - cilium-operator 43 env: 44 - name: CILIUM_K8S_NAMESPACE 45 valueFrom: 46 fieldRef: 47 apiVersion: v1 48 fieldPath: metadata.namespace 49 - name: K8S_NODE_NAME 50 valueFrom: 51 fieldRef: 52 apiVersion: v1 53 fieldPath: spec.nodeName 54 - name: CILIUM_DEBUG 55 valueFrom: 56 configMapKeyRef: 57 key: debug 58 name: cilium-config 59 optional: true 60 - name: CILIUM_CLUSTER_NAME 61 valueFrom: 62 configMapKeyRef: 63 key: cluster-name 64 name: cilium-config 65 optional: true 66 - name: CILIUM_CLUSTER_ID 67 valueFrom: 68 configMapKeyRef: 69 key: cluster-id 70 name: cilium-config 71 optional: true 72 - name: CILIUM_IPAM 73 valueFrom: 74 configMapKeyRef: 75 key: ipam 76 name: cilium-config 77 optional: true 78 - name: CILIUM_DISABLE_ENDPOINT_CRD 79 valueFrom: 80 configMapKeyRef: 81 key: disable-endpoint-crd 82 name: cilium-config 83 optional: true 84 - name: CILIUM_KVSTORE 85 valueFrom: 86 configMapKeyRef: 87 key: kvstore 88 name: cilium-config 89 optional: true 90 - name: CILIUM_KVSTORE_OPT 91 valueFrom: 92 configMapKeyRef: 93 key: kvstore-opt 94 name: cilium-config 95 optional: true 96 - name: AWS_ACCESS_KEY_ID 97 valueFrom: 98 secretKeyRef: 99 key: AWS_ACCESS_KEY_ID 100 name: cilium-aws 101 optional: true 102 - name: AWS_SECRET_ACCESS_KEY 103 valueFrom: 104 secretKeyRef: 105 key: AWS_SECRET_ACCESS_KEY 106 name: cilium-aws 107 optional: true 108 - name: AWS_DEFAULT_REGION 109 valueFrom: 110 secretKeyRef: 111 key: AWS_DEFAULT_REGION 112 name: cilium-aws 113 optional: true 114 - name: CILIUM_IDENTITY_ALLOCATION_MODE 115 valueFrom: 116 configMapKeyRef: 117 key: identity-allocation-mode 118 name: cilium-config 119 optional: true 120 {{- if .Values.global.k8sServiceHost }} 121 - name: KUBERNETES_SERVICE_HOST 122 value: {{ .Values.global.k8sServiceHost | quote }} 123 {{- end }} 124 {{- if .Values.global.k8sServicePort }} 125 - name: KUBERNETES_SERVICE_PORT 126 value: {{ .Values.global.k8sServicePort | quote }} 127 {{- end }} 128 {{- if contains "/" .Values.image }} 129 image: "{{ .Values.image }}" 130 {{- else }} 131 image: "{{ .Values.global.registry }}/{{ .Values.image }}:{{ .Values.global.tag }}" 132 {{- end }} 133 imagePullPolicy: {{ .Values.global.pullPolicy }} 134 name: cilium-operator 135 {{- if .Values.global.prometheus.enabled }} 136 ports: 137 - containerPort: 6942 138 hostPort: 6942 139 name: prometheus 140 protocol: TCP 141 {{- end }} 142 livenessProbe: 143 httpGet: 144 {{- if .Values.global.ipv4.enabled }} 145 host: '127.0.0.1' 146 {{- else }} 147 host: '[::1]' 148 {{- end }} 149 path: /healthz 150 port: 9234 151 scheme: HTTP 152 initialDelaySeconds: 60 153 periodSeconds: 10 154 timeoutSeconds: 3 155 {{- if or .Values.global.etcd.enabled .Values.global.kubeConfigPath }} 156 volumeMounts: 157 {{- end }} 158 {{- if .Values.global.etcd.enabled }} 159 - mountPath: /var/lib/etcd-config 160 name: etcd-config-path 161 readOnly: true 162 {{- if or .Values.global.etcd.ssl .Values.global.etcd.managed }} 163 - mountPath: /var/lib/etcd-secrets 164 name: etcd-secrets 165 readOnly: true 166 {{- end }} 167 {{- end }} 168 {{- if .Values.global.kubeConfigPath }} 169 - mountPath: {{ .Values.global.kubeConfigPath }} 170 name: kube-config 171 readOnly: true 172 {{- end}} 173 174 hostNetwork: true 175 {{- if .Values.global.etcd.managed }} 176 # In managed etcd mode, Cilium must be able to resolve the DNS name of 177 # the etcd service 178 dnsPolicy: ClusterFirstWithHostNet 179 {{- end }} 180 restartPolicy: Always 181 serviceAccount: cilium-operator 182 serviceAccountName: cilium-operator 183 {{- if or .Values.global.etcd.enabled .Values.global.kubeConfigPath }} 184 volumes: 185 {{- end }} 186 {{- if .Values.global.etcd.enabled }} 187 # To read the etcd config stored in config maps 188 - configMap: 189 defaultMode: 420 190 items: 191 - key: etcd-config 192 path: etcd.config 193 name: cilium-config 194 name: etcd-config-path 195 {{- if or .Values.global.etcd.ssl .Values.global.etcd.managed }} 196 # To read the k8s etcd secrets in case the user might want to use TLS 197 - name: etcd-secrets 198 secret: 199 defaultMode: 420 200 optional: true 201 secretName: cilium-etcd-secrets 202 {{- end }} 203 {{- end }} 204 {{- if .Values.global.kubeConfigPath }} 205 - hostPath: 206 path: {{ .Values.global.kubeConfigPath }} 207 type: FileOrCreate 208 name: kube-config 209 {{- end }}