github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/charts/verrazzano-monitoring-operator/templates/deployment.yaml (about) 1 # Copyright (c) 2022, 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 apiVersion: apps/v1 5 kind: Deployment 6 metadata: 7 name: {{ .Values.monitoringOperator.name }} 8 namespace: {{ .Release.Namespace }} 9 labels: 10 k8s-app: {{ .Values.monitoringOperator.name }} 11 app: {{ .Values.monitoringOperator.name }} 12 spec: 13 replicas: 1 14 selector: 15 matchLabels: 16 k8s-app: {{ .Values.monitoringOperator.name }} 17 template: 18 metadata: 19 annotations: 20 traffic.sidecar.istio.io/excludeOutboundPorts: "443" 21 labels: 22 k8s-app: {{ .Values.monitoringOperator.name }} 23 app: {{ .Values.monitoringOperator.name }} 24 spec: 25 containers: 26 - name: {{ .Values.monitoringOperator.name }} 27 imagePullPolicy: {{ .Values.image.pullPolicy }} 28 image: {{ .Values.monitoringOperator.imageName }}:{{ .Values.monitoringOperator.imageVersion }} 29 ports: 30 - containerPort: 8080 31 name: http 32 protocol: TCP 33 - containerPort: {{ .Values.monitoringOperator.metricsPort }} 34 name: http-metrics 35 protocol: TCP 36 - containerPort: {{ .Values.monitoringOperator.exporterPort }} 37 name: http-prom 38 protocol: TCP 39 resources: 40 requests: 41 memory: {{ .Values.monitoringOperator.RequestMemory }} 42 volumeMounts: 43 - name: cert-volume 44 mountPath: /etc/certs 45 env: 46 - name: ISTIO_PROXY_IMAGE 47 value: {{ .Values.monitoringOperator.istioProxyImage }} 48 - name: GRAFANA_IMAGE 49 value: {{ .Values.monitoringOperator.grafanaImage }} 50 - name: K8S_SIDECAR_IMAGE 51 value: {{ .Values.monitoringOperator.k8sSidecarImage }} 52 - name: ALERT_MANAGER_IMAGE 53 value: {{ .Values.monitoringOperator.alertManagerImage }} 54 - name: OPENSEARCH_IMAGE 55 value: {{ .Values.monitoringOperator.osImage }} 56 - name: OPENSEARCH_INIT_IMAGE 57 value: {{ .Values.monitoringOperator.osInitImage }} 58 - name: OPENSEARCH_DASHBOARDS_IMAGE 59 value: {{ .Values.monitoringOperator.osdImage }} 60 - name: OPENSEARCH_WAIT_TARGET_VERSION 61 value: {{ .Values.monitoringOperator.osWaitTargetVersion }} 62 - name: OIDC_PROXY_IMAGE 63 value: {{ .Values.monitoringOperator.oidcProxyImage }} 64 - name: OIDC_AUTH_ENABLED 65 value: {{ .Values.monitoringOperator.oidcAuthEnabled | quote }} 66 - name: AUTH_PROXY_SERVICE_NAME 67 value: {{ .Values.api.name }} 68 - name: AUTH_PROXY_SERVICE_PORT 69 value: {{ .Values.api.port | quote }} 70 livenessProbe: 71 failureThreshold: 5 72 httpGet: 73 path: /health 74 port: 8080 75 scheme: HTTPS 76 initialDelaySeconds: 3 77 periodSeconds: 10 78 successThreshold: 1 79 timeoutSeconds: 5 80 args: 81 - --zap-log-level=info 82 - --zap-devel=false 83 - --namespace={{ .Release.Namespace }} 84 securityContext: 85 privileged: false 86 allowPrivilegeEscalation: false 87 capabilities: 88 drop: 89 - ALL 90 serviceAccountName: {{ .Values.monitoringOperator.name }} 91 volumes: 92 - name: cert-volume 93 emptyDir: {} 94 securityContext: 95 runAsUser: 1000 96 runAsGroup: 999 97 runAsNonRoot: true 98 seccompProfile: 99 type: RuntimeDefault