-
Notifications
You must be signed in to change notification settings - Fork 72
Expand file tree
/
Copy pathdeployment-olmv1-system-operator-controller-controller-manager.yml
More file actions
209 lines (209 loc) · 7.21 KB
/
deployment-olmv1-system-operator-controller-controller-manager.yml
File metadata and controls
209 lines (209 loc) · 7.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
{{- if .Values.options.operatorController.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kubectl.kubernetes.io/default-logs-container: manager
{{- include "olmv1.annotations" . | nindent 4 }}
labels:
app.kubernetes.io/name: operator-controller
{{- include "olmv1.labels" . | nindent 4 }}
name: operator-controller-controller-manager
namespace: {{ .Values.namespaces.olmv1.name }}
spec:
replicas: {{ .Values.options.operatorController.deployment.replicas }}
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1 # Allow temporary extra pod for zero-downtime updates
maxUnavailable: 0 # Never allow pods to be unavailable during updates
selector:
matchLabels:
control-plane: operator-controller-controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
{{- include "olmv1.annotations" . | nindent 8 }}
{{- if .Values.options.openshift.enabled }}
target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}'
openshift.io/required-scc: privileged
{{- end }}
labels:
app.kubernetes.io/name: operator-controller
control-plane: operator-controller-controller-manager
{{- include "olmv1.labels" . | nindent 8 }}
{{- with .Values.options.operatorController.deployment.podLabels }}
{{- toYamlPretty . | nindent 8 }}
{{- end }}
spec:
containers:
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=:8443
{{- if .Values.options.profiling.enabled }}
- --pprof-bind-address=:6060
{{- end }}
{{- if not .Values.options.tilt.enabled }}
- --leader-elect
{{- end }}
{{- range .Values.options.operatorController.features.enabled }}
- --feature-gates={{- . -}}=true
{{- end }}
{{- range .Values.options.operatorController.features.disabled }}
- --feature-gates={{- . -}}=false
{{- end }}
{{- range .Values.options.operatorController.deployment.extraArguments }}
- {{ . -}}
{{- end }}
{{- if .Values.options.certManager.enabled }}
- --tls-cert=/var/certs/tls.crt
- --tls-key=/var/certs/tls.key
- --catalogd-cas-dir=/var/ca-certs
- --pull-cas-dir=/var/ca-certs
{{- else if .Values.options.openshift.enabled }}
- --tls-cert=/var/certs/tls.crt
- --tls-key=/var/certs/tls.key
- --catalogd-cas-dir=/var/ca-certs
- --v=${LOG_VERBOSITY}
- --global-pull-secret=openshift-config/pull-secret
{{- end }}
{{- if .Values.options.e2e.enabled }}
- --tls-profile=modern
{{- end }}
command:
- /operator-controller
{{- if or .Values.options.e2e.enabled .Values.options.openshift.enabled }}
env:
{{- if .Values.options.e2e.enabled }}
- name: GOCOVERDIR
value: /e2e-coverage
{{- end }}
{{- if .Values.options.openshift.enabled }}
- name: SSL_CERT_DIR
value: /var/ca-certs
{{- end }}
{{- end }}
image: "{{ .Values.options.operatorController.deployment.image }}"
name: manager
{{- if not .Values.options.tilt.enabled }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
{{- end }}
resources:
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
{{- if .Values.options.e2e.enabled }}
- mountPath: /etc/containers
name: e2e-registries-conf
- mountPath: /e2e-coverage
name: e2e-coverage-volume
{{- end }}
- mountPath: /var/cache
name: cache
- mountPath: /tmp
name: tmp
{{- if .Values.options.certManager.enabled }}
- mountPath: /var/certs
name: operator-controller-certs
readOnly: true
- mountPath: /var/ca-certs
name: ca-certs
readOnly: true
{{- else if .Values.options.openshift.enabled }}
- mountPath: /var/certs
name: operator-controller-certs
- mountPath: /var/ca-certs
name: ca-certs
readOnly: true
- mountPath: /etc/containers
name: etc-containers
readOnly: true
- mountPath: /etc/docker
name: etc-docker
readOnly: true
{{- end }}
{{- with .Values.deployments.containerSpec }}
{{- toYaml . | nindent 10 }}
{{- end }}
serviceAccountName: operator-controller-controller-manager
volumes:
{{- if .Values.options.e2e.enabled }}
- configMap:
name: e2e-registries-conf
name: e2e-registries-conf
- name: e2e-coverage-volume
persistentVolumeClaim:
claimName: e2e-coverage
{{- end }}
- emptyDir: {}
name: cache
- emptyDir: {}
name: tmp
{{- if .Values.options.certManager.enabled }}
- name: operator-controller-certs
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
optional: false
secretName: operator-controller-cert
- name: ca-certs
secret:
items:
- key: ca.crt
path: olm-ca.crt
optional: false
secretName: operator-controller-cert
{{- else if .Values.options.openshift.enabled }}
- name: operator-controller-certs
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
optional: false
secretName: operator-controller-cert
- name: ca-certs
projected:
sources:
- configMap:
items:
- key: ca-bundle.crt
path: ca-bundle.crt
name: operator-controller-trusted-ca-bundle
optional: false
- configMap:
items:
- key: service-ca.crt
path: service-ca.crt
name: openshift-service-ca.crt
optional: false
- hostPath:
path: /etc/containers
type: Directory
name: etc-containers
- hostPath:
path: /etc/docker
type: Directory
name: etc-docker
{{- end }}
{{- with .Values.deployments.templateSpec }}
{{- toYamlPretty . | nindent 6 }}
{{- end }}
{{- end }}