github.com/operator-framework/operator-lifecycle-manager@v0.30.0/deploy/chart/templates/0000_50_olm_07-olm-operator.deployment.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: olm-operator 5 namespace: {{ .Values.namespace }} 6 labels: 7 app: olm-operator 8 spec: 9 strategy: 10 type: Recreate 11 replicas: {{ .Values.olm.replicaCount }} 12 selector: 13 matchLabels: 14 app: olm-operator 15 template: 16 metadata: 17 labels: 18 app: olm-operator 19 spec: 20 securityContext: 21 runAsNonRoot: true 22 seccompProfile: 23 type: RuntimeDefault 24 serviceAccountName: olm-operator-serviceaccount 25 {{- if or .Values.olm.tlsSecret .Values.olm.clientCASecret }} 26 volumes: 27 {{- end }} 28 {{- if .Values.olm.tlsSecret }} 29 - name: srv-cert 30 secret: 31 secretName: {{ .Values.olm.tlsSecret }} 32 {{- end }} 33 {{- if .Values.olm.clientCASecret }} 34 - name: profile-collector-cert 35 secret: 36 secretName: {{ .Values.olm.clientCASecret }} 37 {{- end }} 38 containers: 39 - name: olm-operator 40 securityContext: 41 allowPrivilegeEscalation: false 42 capabilities: 43 drop: [ "ALL" ] 44 {{- if or .Values.olm.tlsSecret .Values.olm.clientCASecret }} 45 volumeMounts: 46 {{- end }} 47 {{- if .Values.olm.tlsSecret }} 48 - name: srv-cert 49 mountPath: "/srv-cert" 50 readOnly: true 51 {{- end }} 52 {{- if .Values.olm.clientCASecret }} 53 - name: profile-collector-cert 54 mountPath: "/profile-collector-cert" 55 readOnly: true 56 {{- end }} 57 command: 58 - /bin/olm 59 args: 60 - --namespace 61 - $(OPERATOR_NAMESPACE) 62 {{- if .Values.watchedNamespaces }} 63 - --watchedNamespaces 64 - {{ .Values.watchedNamespaces }} 65 {{- end }} 66 {{- if .Values.olm.commandArgs }} 67 - {{ .Values.olm.commandArgs }} 68 {{- end }} 69 {{- if .Values.debug }} 70 - --debug 71 {{- end }} 72 {{- if .Values.writeStatusName }} 73 - --writeStatusName 74 - {{ .Values.writeStatusName }} 75 {{- end }} 76 {{- if .Values.writePackageServerStatusName }} 77 - --writePackageServerStatusName 78 - {{ .Values.writePackageServerStatusName }} 79 {{- end }} 80 {{- if .Values.olm.tlsSecret }} 81 - --tls-cert 82 - /srv-cert/tls.crt 83 - --tls-key 84 - /srv-cert/tls.key 85 {{- end }} 86 {{- if .Values.olm.clientCASecret }} 87 - --client-ca 88 - /profile-collector-cert/tls.crt 89 {{- end }} 90 image: {{ .Values.olm.image.ref }} 91 imagePullPolicy: {{ .Values.olm.image.pullPolicy }} 92 ports: 93 - containerPort: {{ .Values.olm.service.internalPort }} 94 name: metrics 95 livenessProbe: 96 httpGet: 97 path: /healthz 98 port: {{ .Values.olm.service.internalPort }} 99 scheme: {{ if .Values.olm.tlsSecret }}HTTPS{{ else }}HTTP{{end}} 100 readinessProbe: 101 httpGet: 102 path: /healthz 103 port: {{ .Values.olm.service.internalPort }} 104 scheme: {{ if .Values.olm.tlsSecret }}HTTPS{{ else }}HTTP{{end}} 105 terminationMessagePolicy: FallbackToLogsOnError 106 env: 107 - name: OPERATOR_NAMESPACE 108 valueFrom: 109 fieldRef: 110 fieldPath: metadata.namespace 111 - name: OPERATOR_NAME 112 value: olm-operator 113 {{- if .Values.debug }} 114 - name: CI 115 value: "true" 116 {{- end }} 117 {{- if .Values.olm.resources }} 118 resources: 119 {{ toYaml .Values.olm.resources | indent 12 }} 120 {{- end}} 121 {{- if .Values.olm.nodeSelector }} 122 nodeSelector: 123 {{ toYaml .Values.olm.nodeSelector | indent 8 }} 124 {{- end }} 125 {{- if .Values.olm.tolerations }} 126 tolerations: 127 {{ toYaml .Values.olm.tolerations | indent 6 }} 128 {{- end }}