240 lines
8.3 KiB
YAML
240 lines
8.3 KiB
YAML
{{- if .Values.deploy.operator }}
|
|
apiVersion: "apps/v1"
|
|
kind: "Deployment"
|
|
metadata:
|
|
{{- with .Values.operator.annotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
labels:
|
|
app: {{ .Release.Name }}
|
|
version: "{{ .Chart.Version }}"
|
|
group: stackgres.io
|
|
name: {{ .Release.Name }}
|
|
namespace: {{ .Release.Namespace }}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: {{ .Release.Name }}
|
|
group: stackgres.io
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: {{ .Release.Name }}
|
|
group: stackgres.io
|
|
spec:
|
|
{{- with .Values.operator.affinity}}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end}}
|
|
serviceAccountName: {{ .Release.Name }}
|
|
{{- if .Values.serviceAccount.create }}
|
|
{{- if .Values.serviceAccount.repoCredentials }}
|
|
imagePullSecrets:
|
|
{{- range .Values.serviceAccount.repoCredentials }}
|
|
- name: {{ . }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- with .Values.operator.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end}}
|
|
securityContext:
|
|
{{- if or (not (.Capabilities.APIVersions.Has "project.openshift.io/v1")) .Values.developer.disableArbitraryUser }}
|
|
runAsNonRoot: true
|
|
{{- if .Values.operator.image.tag | hasSuffix "-jvm" }}
|
|
runAsUser: 185
|
|
runAsGroup: 185
|
|
fsGroup: 185
|
|
{{- else }}
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
{{- end }}
|
|
{{- end }}
|
|
containers:
|
|
{{- if not (and .Values.developer.externalOperatorIp .Values.developer.externalOperatorPort) }}
|
|
- name: {{ .Release.Name }}
|
|
image: "{{ include "operator-image" . }}"
|
|
imagePullPolicy: {{ .Values.operator.image.pullPolicy }}
|
|
env:
|
|
- name: OPERATOR_NAME
|
|
value: "{{ .Release.Name }}"
|
|
- name: OPERATOR_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.namespace
|
|
- name: OPERATOR_IMAGE_VERSION
|
|
value: "{{ .Values.operator.image.tag }}"
|
|
- name: DISABLE_RECONCILIATION
|
|
value: "false"
|
|
- name: INSTALL_CRDS
|
|
value: "true"
|
|
- name: INSTALL_WEBHOOKS
|
|
value: "true"
|
|
{{- if not .Values.cert.certManager.autoConfigure }}
|
|
- name: INSTALL_CERTS
|
|
value: "true"
|
|
{{- end }}
|
|
- name: PROMETHEUS_AUTOBIND
|
|
value: "{{ .Values.prometheus.allowAutobind }}"
|
|
{{- if and (.Capabilities.APIVersions.Has "project.openshift.io/v1") (not .Values.developer.disableArbitraryUser) }}
|
|
- name: USE_ARBITRARY_USER
|
|
value: "true"
|
|
{{- end }}
|
|
{{- if .Values.developer.logLevel }}
|
|
- name: OPERATOR_LOG_LEVEL
|
|
value: "{{ .Values.developer.logLevel }}"
|
|
{{- end }}
|
|
{{- if .Values.developer.showStackTraces }}
|
|
- name: OPERATOR_SHOW_STACK_TRACES
|
|
value: "{{ .Values.developer.showStackTraces }}"
|
|
{{- end }}
|
|
{{- if .Values.developer.extraOpts }}
|
|
- name: APP_OPTS
|
|
value: '{{ range .Values.developer.extraOpts }}{{ . }} {{ end }}'
|
|
{{- end }}
|
|
{{- if .Values.developer.extraOpts }}
|
|
- name: JAVA_OPTS
|
|
value: '{{ range .Values.developer.extraOpts }}{{ . }} {{ end }}'
|
|
{{- end }}
|
|
{{- if .Values.developer.enableJvmDebug }}
|
|
- name: DEBUG_OPERATOR
|
|
value: "{{ .Values.developer.enableJvmDebug }}"
|
|
{{- end }}
|
|
{{- if .Values.developer.enableJvmDebugSuspend }}
|
|
- name: DEBUG_OPERATOR_SUSPEND
|
|
value: "{{ .Values.developer.enableJvmDebugSuspend }}"
|
|
{{- end }}
|
|
- name: OPERATOR_SERVICE_ACCOUNT
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: spec.serviceAccountName
|
|
- name: OPERATOR_POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: metadata.name
|
|
- name: OPERATOR_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
{{- if and .Values.grafana.url .Values.grafana.token .Values.grafana.webHost }}
|
|
- name: GRAFANA_EMBEDDED
|
|
value: "true"
|
|
{{ end }}
|
|
- name: SG_CONTAINER_REGISTRY
|
|
value: "{{ .Values.containerRegistry }}"
|
|
- name: SG_IMAGE_PULL_POLICY
|
|
value: "{{ .Values.imagePullPolicy }}"
|
|
{{- if .Values.extensions.cache.enabled }}
|
|
- name: EXTENSIONS_REPOSITORY_URLS
|
|
value: "{{ range $index, $element := .Values.extensions.repositoryUrls }}{{ if $index }},{{ end }}{{ $element := regexReplaceAll "([?&])proxyUrl=[^&]+[&]" $element "${1}" }}{{ $element := regexReplaceAll "([?&])proxyUrl=[^&]+$" $element "" }}{{ $element }}{{ if $element | contains "?" }}&{{ else }}?{{ end }}proxyUrl=http%3A%2F%2F{{ $.Release.Name }}-extensions-cache.{{ $.Release.Namespace }}%3FsetHttpScheme%3Dtrue&retry=3%3A5{{ end }}"
|
|
{{- else }}
|
|
- name: EXTENSIONS_REPOSITORY_URLS
|
|
value: "{{ range $index, $element := .Values.extensions.repositoryUrls }}{{ if $index }},{{ end }}{{ $element }}{{ end }}"
|
|
{{- end }}
|
|
{{- if .Values.developer.extraEnv }}
|
|
{{- range $name,$value := .Values.developer.extraEnv }}
|
|
- name: {{ $name }}
|
|
value: {{ $value }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- with .Values.developer.version }}
|
|
- name: OPERATOR_VERSION
|
|
value: {{ . | quote }}
|
|
{{- end }}
|
|
ports:
|
|
- containerPort: 8080
|
|
name: "http"
|
|
protocol: "TCP"
|
|
- containerPort: 8443
|
|
name: "https"
|
|
protocol: "TCP"
|
|
livenessProbe:
|
|
httpGet:
|
|
path: "/q/health/live"
|
|
port: 8080
|
|
scheme: "HTTP"
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 60
|
|
timeoutSeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: "/q/health/ready"
|
|
port: 8080
|
|
scheme: "HTTP"
|
|
initialDelaySeconds: 0
|
|
periodSeconds: 2
|
|
timeoutSeconds: 1
|
|
{{- with .Values.operator.resources }}
|
|
resources:
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: operator-certs
|
|
mountPath: /etc/operator/certs
|
|
readOnly: true
|
|
{{- with ((.Values.developer.patches).operator).volumeMounts }}
|
|
{{- toYaml . | nindent 10 }}
|
|
{{- end }}
|
|
{{- else }}
|
|
- name: {{ .Release.Name }}-nginx
|
|
image: "registry.access.redhat.com/ubi8/nginx-120:1-92"
|
|
imagePullPolicy: IfNotPresent
|
|
args:
|
|
- '/bin/sh'
|
|
- '-ec'
|
|
{{- if .Values.developer.showDebug }}
|
|
- '-x'
|
|
{{- end }}
|
|
- exec nginx -g 'daemon off;'
|
|
ports:
|
|
- containerPort: 9443
|
|
name: "proxyhttps"
|
|
protocol: "TCP"
|
|
volumeMounts:
|
|
- name: operator-certs
|
|
mountPath: /etc/operator/certs
|
|
readOnly: true
|
|
- name: operator-nginx-conf
|
|
mountPath: /etc/nginx/conf.d
|
|
readOnly: true
|
|
- name: operator-nginx
|
|
subPath: var/cache/nginx
|
|
mountPath: /var/cache/nginx
|
|
readOnly: false
|
|
- name: operator-nginx
|
|
subPath: var/run
|
|
mountPath: /var/run
|
|
readOnly: false
|
|
{{- end }}
|
|
volumes:
|
|
- name: operator-certs
|
|
secret:
|
|
secretName: {{ include "cert-name" . }}
|
|
optional: true
|
|
{{- if and .Values.developer.externalOperatorIp .Values.developer.externalOperatorPort }}
|
|
- name: operator-nginx-conf
|
|
configMap:
|
|
name: {{ .Release.Name }}-nginx
|
|
optional: false
|
|
items:
|
|
- key: stackgres-operator.conf
|
|
path: stackgres-operator.conf
|
|
- name: operator-nginx
|
|
emptyDir: {}
|
|
{{- end }}
|
|
{{- with ((.Values.developer.patches).operator).volumes }}
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.operator.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- end }}
|