logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153
							apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "external-secrets.fullname" . }}
  namespace: {{ .Release.Namespace | quote }}
  labels:
    {{- include "external-secrets.labels" . | nindent 4 }}
  {{- with .Values.deploymentAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
spec:
  replicas: {{ .Values.replicaCount }}
  selector:
    matchLabels:
      {{- include "external-secrets.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      labels:
        {{- include "external-secrets.selectorLabels" . | nindent 8 }}
        {{- with .Values.podLabels }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "external-secrets.serviceAccountName" . }}
      {{- with .Values.podSecurityContext }}
      securityContext:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          {{- with .Values.securityContext }}
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          {{- if or (.Values.leaderElect) (.Values.scopedNamespace) (.Values.concurrent) (.Values.extraArgs) }}
          args:
          {{- if .Values.leaderElect }}
          - --enable-leader-election=true
          {{- end }}
          {{- if .Values.scopedNamespace }}
          - --namespace={{ .Values.scopedNamespace }}
          {{- end }}
          {{- if .Values.controllerClass }}
          - --controller-class={{ .Values.controllerClass }}
          {{- end }}
          {{- if .Values.concurrent }}
          - --concurrent={{ .Values.concurrent }}
          {{- end }}
          {{- range $key, $value := .Values.extraArgs }}
            {{- if $value }}
          - --{{ $key }}={{ $value }}
            {{- else }}
          - --{{ $key }}
            {{- end }}
          {{- end }}
          {{- end }}
          ports:
            - containerPort: {{ .Values.prometheus.service.port }}
              protocol: TCP
              name: metrics
          {{- with .Values.extraEnv }}
          env:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
          {{- end }}
        - name: webhook
          {{- with .Values.securityContext }}
          securityContext:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          args:
          - --webhook=true
          - --metrics-addr=:8081
          {{- if or (.Values.leaderElect) (.Values.scopedNamespace) (.Values.concurrent) (.Values.extraArgs) }}
          {{- if .Values.leaderElect }}
          - --enable-leader-election=true
          {{- end }}
          {{- if .Values.scopedNamespace }}
          - --namespace={{ .Values.scopedNamespace }}
          {{- end }}
          {{- if .Values.controllerClass }}
          - --controller-class={{ .Values.controllerClass }}
          {{- end }}
          {{- if .Values.concurrent }}
          - --concurrent={{ .Values.concurrent }}
          {{- end }}
          {{- range $key, $value := .Values.extraArgs }}
            {{- if $value }}
          - --{{ $key }}={{ $value }}
            {{- else }}
          - --{{ $key }}
            {{- end }}
          {{- end }}
          {{- end }}
          {{- if .Values.webhook.enabled }}
          volumeMounts:
          - name: certs
            mountPath: {{ .Values.webhook.certDir }}
          {{- end }}
          ports:
            - containerPort: 9443
              protocol: TCP
              name: webhook
          readinessProbe:
            tcpSocket:
              port: 9443
            initialDelaySeconds: 20
            periodSeconds: 5
          {{- with .Values.extraEnv }}
          env:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- with .Values.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
          {{- end }}
      {{- if .Values.webhook.enabled }}
      volumes:
      - name: certs
        secret:
          secretName: {{ include "external-secrets.fullname" . }}-webhook
      {{- end }}
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName }}
      {{- end }}