istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/istio-operator/templates/deployment.yaml

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/manifests/charts/istio-operator/templates/deployment.yaml (about)

     1  apiVersion: apps/v1
     2  kind: Deployment
     3  metadata:
     4    namespace: {{.Release.Namespace}}
     5    name: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
     6  spec:
     7    replicas: 1
     8    revisionHistoryLimit: {{ .Values.deploymentHistory }}
     9    selector:
    10      matchLabels:
    11        name: istio-operator
    12    template:
    13      metadata:
    14        labels:
    15          name: istio-operator
    16          {{- range $key, $val := .Values.podLabels }}
    17          {{ $key }}: "{{ $val }}"
    18          {{- end }}
    19        annotations:
    20          prometheus.io/port: "{{ .Values.operator.monitoring.port }}"
    21          prometheus.io/scrape: "true"
    22      {{- if .Values.podAnnotations }}
    23  {{ toYaml .Values.podAnnotations | indent 8 }}
    24      {{- end }}
    25      spec:
    26        serviceAccountName: istio-operator{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}
    27        containers:
    28          - name: istio-operator
    29            image: {{.Values.hub}}/operator:{{.Values.tag}}
    30            command:
    31            - operator
    32            - server
    33            - --monitoring-host={{ .Values.operator.monitoring.host }}
    34            - --monitoring-port={{ .Values.operator.monitoring.port }}
    35            securityContext:
    36              allowPrivilegeEscalation: false
    37              capabilities:
    38                drop:
    39                - ALL
    40              privileged: false
    41              readOnlyRootFilesystem: true
    42              runAsNonRoot: true
    43  {{- if .Values.operator.seccompProfile }}
    44              seccompProfile:
    45  {{ toYaml .Values.operator.seccompProfile | trim | indent 14 }}
    46  {{- end }}
    47  {{- if .Values.imagePullPolicy }}
    48            imagePullPolicy: {{ .Values.imagePullPolicy }}
    49  {{- end }}
    50            resources:
    51  {{ toYaml .Values.operator.resources | trim | indent 12 }}
    52            env:
    53              - name: WATCH_NAMESPACE
    54                value: {{.Values.watchedNamespaces | quote}}
    55              - name: LEADER_ELECTION_NAMESPACE
    56                value: {{.Release.Namespace | quote}}
    57              - name: POD_NAME
    58                valueFrom:
    59                  fieldRef:
    60                    fieldPath: metadata.name
    61              - name: OPERATOR_NAME
    62                value: {{.Release.Namespace | quote}}
    63              - name: WAIT_FOR_RESOURCES_TIMEOUT
    64                value: {{.Values.waitForResourcesTimeout | quote}}
    65              - name: REVISION
    66                value: {{.Values.revision | quote}}
    67        {{- with .Values.nodeSelector }}
    68        nodeSelector:
    69          {{- toYaml . | nindent 8 }}
    70        {{- end }}
    71        {{- with .Values.affinity }}
    72        affinity:
    73          {{- toYaml . | nindent 8 }}
    74        {{- end }}
    75        {{- with .Values.tolerations }}
    76        tolerations:
    77          {{- toYaml . | nindent 8 }}
    78        {{- end }}
    79  ---