github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/charts/verrazzano-platform-operator/templates/deployment.yaml (about) 1 # Copyright (C) 2020, 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 apiVersion: apps/v1 4 kind: Deployment 5 metadata: 6 name: {{ .Values.name }} 7 namespace: {{ .Values.namespace }} 8 labels: 9 app: {{ .Values.name }} 10 app.kubernetes.io/version: {{ .Chart.Version }} 11 spec: 12 replicas: 1 13 strategy: 14 type: Recreate 15 selector: 16 matchLabels: 17 app: {{ .Values.name }} 18 template: 19 metadata: 20 labels: 21 app: {{ .Values.name }} 22 app.kubernetes.io/version: {{ .Chart.Version }} 23 spec: 24 terminationGracePeriodSeconds: 0 25 initContainers: 26 - name: webhookswait 27 imagePullPolicy: {{ .Values.imagePullPolicy }} 28 image: {{ .Values.image }} 29 command: [ 'sh', '-c', "/verrazzano/platform-operator/scripts/wait4webhook.sh" ] 30 securityContext: 31 privileged: false 32 allowPrivilegeEscalation: false 33 capabilities: 34 drop: 35 - ALL 36 {{- if .Values.affinity }} 37 affinity: {{ toYaml .Values.affinity | nindent 8 }} 38 {{- end }} 39 containers: 40 - name: {{ .Values.name }} 41 imagePullPolicy: {{ .Values.imagePullPolicy }} 42 image: {{ .Values.image }} 43 ports: 44 - containerPort: 9100 45 name: http-metric 46 protocol: TCP 47 args: 48 - --zap-log-level=info 49 - --health-check-period=60 50 env: 51 - name: VERRAZZANO_KUBECONFIG 52 value: /home/verrazzano/kubeconfig 53 - name: KUBECONFIG 54 value: /home/verrazzano/kubeconfig 55 {{- if .Values.global.registry }} 56 - name: REGISTRY 57 value: {{ .Values.global.registry }} 58 {{- end }} 59 {{- if .Values.global.repository }} 60 - name: IMAGE_REPO 61 value: {{ .Values.global.repository }} 62 {{- end }} 63 {{- if .Values.global.appOperatorImage }} 64 - name: APP_OPERATOR_IMAGE 65 value: {{ .Values.global.appOperatorImage }} 66 {{- end }} 67 {{- if .Values.global.clusterOperatorImage }} 68 - name: CLUSTER_OPERATOR_IMAGE 69 value: {{ .Values.global.clusterOperatorImage }} 70 {{- end }} 71 {{- if .Values.global.authProxyImage }} 72 - name: AUTH_PROXY_IMAGE 73 value: {{ .Values.global.authProxyImage }} 74 {{- end }} 75 - name: GOPROXY 76 value: direct 77 - name: GITHUB_TOKEN 78 valueFrom: 79 secretKeyRef: 80 name: verrazzano-github-token 81 key: GITHUB_TOKEN 82 optional: true 83 resources: 84 requests: 85 memory: 72Mi 86 securityContext: 87 privileged: false 88 allowPrivilegeEscalation: false 89 capabilities: 90 drop: 91 - ALL 92 serviceAccountName: {{ .Values.name }} 93 securityContext: 94 runAsUser: 1000 95 runAsGroup: 999 96 runAsNonRoot: true 97 seccompProfile: 98 type: RuntimeDefault 99 --- 100 apiVersion: apps/v1 101 kind: Deployment 102 metadata: 103 name: {{ .Values.name }}-webhook 104 namespace: {{ .Values.namespace }} 105 labels: 106 app: {{ .Values.name }}-webhook 107 app.kubernetes.io/version: {{ .Chart.Version }} 108 spec: 109 replicas: 1 110 strategy: 111 type: RollingUpdate 112 rollingUpdate: 113 maxUnavailable: 0 114 maxSurge: 1 115 selector: 116 matchLabels: 117 app: {{ .Values.name }}-webhook 118 template: 119 metadata: 120 labels: 121 app: {{ .Values.name }}-webhook 122 app.kubernetes.io/version: {{ .Chart.Version }} 123 spec: 124 terminationGracePeriodSeconds: 0 125 {{- if .Values.webhookAffinity }} 126 affinity: {{ toYaml .Values.webhookAffinity | nindent 8 }} 127 {{- end }} 128 initContainers: 129 - name: initwebhooks 130 imagePullPolicy: {{ .Values.imagePullPolicy }} 131 image: {{ .Values.image }} 132 args: 133 - --zap-log-level=info 134 - --run-webhook-init=true 135 resources: 136 requests: 137 memory: 72Mi 138 volumeMounts: 139 - name: webhook-certs 140 mountPath: /etc/webhook/certs 141 securityContext: 142 privileged: false 143 allowPrivilegeEscalation: false 144 capabilities: 145 drop: 146 - ALL 147 containers: 148 - name: webhook-run 149 image: {{ .Values.image }} 150 imagePullPolicy: {{ .Values.imagePullPolicy }} 151 args: 152 - --zap-log-level=info 153 - --run-webhooks=true 154 - --resource-validation={{ .Values.webhooks.resourceValidation }} 155 volumeMounts: 156 - name: webhook-certs 157 mountPath: /etc/webhook/certs 158 resources: 159 requests: 160 memory: 72Mi 161 ports: 162 - containerPort: 9100 163 name: http-metric 164 protocol: TCP 165 - containerPort: 9443 166 name: webhook 167 protocol: TCP 168 securityContext: 169 privileged: false 170 allowPrivilegeEscalation: false 171 capabilities: 172 drop: 173 - ALL 174 volumes: 175 - name: webhook-certs 176 emptyDir: {} 177 serviceAccountName: {{ .Values.name }} 178 securityContext: 179 runAsUser: 1000 180 runAsGroup: 999 181 runAsNonRoot: true 182 seccompProfile: 183 type: RuntimeDefault