github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/prometheus-community/prometheus-adapter/templates/deployment.yaml (about)

     1  apiVersion: apps/v1
     2  kind: Deployment
     3  metadata:
     4    {{- if .Values.customAnnotations }}
     5    annotations:
     6    {{- toYaml .Values.customAnnotations | nindent 4 }}
     7    {{- end }}
     8    labels:
     9      {{- include "k8s-prometheus-adapter.labels" . | indent 4 }}
    10    name: {{ template "k8s-prometheus-adapter.fullname" . }}
    11    namespace: {{ include "k8s-prometheus-adapter.namespace" . }}
    12  spec:
    13    replicas: {{ .Values.replicas }}
    14    strategy: {{ toYaml .Values.strategy | nindent 4 }}
    15    selector:
    16      matchLabels:
    17        {{- include "k8s-prometheus-adapter.selectorLabels" . | indent 6 }}
    18    template:
    19      metadata:
    20        {{- if .Values.customAnnotations }}
    21        annotations:
    22        {{- toYaml .Values.customAnnotations | nindent 8 }}
    23        {{- end }}
    24        labels:
    25          {{- include "k8s-prometheus-adapter.labels" . | indent 8 }}
    26          {{- with .Values.podLabels }}
    27          {{- toYaml . | trim | nindent 8 }}
    28          {{- end }}
    29        name: {{ template "k8s-prometheus-adapter.name" . }}
    30        annotations:
    31          checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
    32          {{- with .Values.podAnnotations }}
    33          {{- toYaml . | trim | nindent 8 }}
    34          {{- end }}
    35      spec:
    36        serviceAccountName: {{ template "k8s-prometheus-adapter.serviceAccountName" . }}
    37        {{- if .Values.hostNetwork.enabled }}
    38        hostNetwork: true
    39        {{- end }}
    40        {{- if .Values.dnsPolicy }}
    41        dnsPolicy: {{ .Values.dnsPolicy }}
    42        {{- end}}
    43        containers:
    44        - name: {{ .Chart.Name }}
    45          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
    46          imagePullPolicy: {{ .Values.image.pullPolicy }}
    47          args:
    48          - /adapter
    49          - --secure-port={{ .Values.listenPort }}
    50          {{- if or .Values.tls.enable .Values.certManager.enabled }}
    51          - --tls-cert-file=/var/run/serving-cert/tls.crt
    52          - --tls-private-key-file=/var/run/serving-cert/tls.key
    53          {{- end }}
    54          - --cert-dir=/tmp/cert
    55          - --logtostderr=true
    56          - --prometheus-url={{ tpl .Values.prometheus.url . }}{{ if .Values.prometheus.port }}:{{ .Values.prometheus.port }}{{end}}{{ .Values.prometheus.path }}
    57          - --metrics-relist-interval={{ .Values.metricsRelistInterval }}
    58          - --v={{ .Values.logLevel }}
    59          - --config=/etc/adapter/config.yaml
    60          {{- if .Values.extraArguments }}
    61          {{- toYaml .Values.extraArguments | trim | nindent 8 }}
    62          {{- end }}
    63          ports:
    64          - containerPort: {{ .Values.listenPort }}
    65            name: https
    66          livenessProbe:
    67            httpGet:
    68              path: /healthz
    69              port: https
    70              scheme: HTTPS
    71            initialDelaySeconds: 30
    72            timeoutSeconds: 5
    73          readinessProbe:
    74            httpGet:
    75              path: /healthz
    76              port: https
    77              scheme: HTTPS
    78            initialDelaySeconds: 30
    79            timeoutSeconds: 5
    80          {{- if .Values.resources }}
    81          resources:
    82            {{- toYaml .Values.resources | nindent 10 }}
    83          {{- end }}
    84          {{- with .Values.dnsConfig }}
    85          dnsConfig:
    86          {{ toYaml . | indent 8 }}
    87          {{- end }}
    88          securityContext:
    89            allowPrivilegeEscalation: false
    90            capabilities:
    91              drop: ["ALL"]
    92            readOnlyRootFilesystem: true
    93            runAsNonRoot: true
    94            privileged: false
    95            {{- if .Values.runAsUser }}
    96            runAsUser: {{ .Values.runAsUser }}
    97            {{- end }}
    98          volumeMounts:
    99          {{- if .Values.extraVolumeMounts }}
   100          {{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }}
   101          {{ end }}
   102          - mountPath: /etc/adapter/
   103            name: config
   104            readOnly: true
   105          - mountPath: /tmp
   106            name: tmp
   107          {{- if or .Values.tls.enable .Values.certManager.enabled }}
   108          - mountPath: /var/run/serving-cert
   109            name: volume-serving-cert
   110            readOnly: true
   111          {{- end }}
   112        nodeSelector:
   113          {{- toYaml .Values.nodeSelector | nindent 8 }}
   114        affinity:
   115          {{- toYaml .Values.affinity | nindent 8 }}
   116        topologySpreadConstraints:
   117          {{- toYaml .Values.topologySpreadConstraints | nindent 8 }}
   118        priorityClassName: {{ .Values.priorityClassName }}
   119        {{- if .Values.podSecurityContext }}
   120        securityContext:
   121          {{- toYaml .Values.podSecurityContext | nindent 8 }}
   122        {{- end }}
   123        tolerations:
   124          {{- toYaml .Values.tolerations | nindent 8 }}
   125        {{- if .Values.image.pullSecrets }}
   126        imagePullSecrets:
   127          {{- range .Values.image.pullSecrets }}
   128          - name: {{ . }}
   129          {{- end }}
   130        {{- end }}
   131        volumes:
   132        {{- if .Values.extraVolumes  }}
   133        {{ toYaml .Values.extraVolumes | trim | nindent 6 }}
   134        {{ end }}
   135        - name: config
   136          configMap:
   137            name: {{ .Values.rules.existing | default (include "k8s-prometheus-adapter.fullname" . ) }}
   138        - name: tmp
   139          emptyDir: {}
   140        {{- if or .Values.tls.enable .Values.certManager.enabled }}
   141        - name: volume-serving-cert
   142          secret:
   143            secretName: {{ template "k8s-prometheus-adapter.fullname" . }}
   144        {{- end }}