-
Notifications
You must be signed in to change notification settings - Fork 217
/
deployment.yaml
114 lines (114 loc) · 4.08 KB
/
deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "trivy-operator.fullname" . }}
namespace: {{ include "trivy-operator.namespace" . }}
{{- with .Values.operator.annotations }}
annotations: {{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "trivy-operator.labels" . | nindent 4 }}
{{- with .Values.operator.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
replicas: {{ .Values.operator.replicas }}
{{- with .Values.operator.revisionHistoryLimit }}
revisionHistoryLimit: {{ . }}
{{- end }}
strategy:
type: Recreate
selector:
matchLabels: {{- include "trivy-operator.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations: {{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "trivy-operator.selectorLabels" . | nindent 8 }}
{{- with .Values.operator.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "trivy-operator.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
containers:
- name: {{ .Chart.Name | quote }}
image: "{{ include "global.imageRegistry" . | default .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
{{- with .Values.image.pullPolicy }}
imagePullPolicy: {{ . }}
{{- end }}
env:
- name: OPERATOR_NAMESPACE
value: {{ include "trivy-operator.namespace" . }}
- name: OPERATOR_TARGET_NAMESPACES
value: {{ .Values.targetNamespaces | quote }}
- name: OPERATOR_EXCLUDE_NAMESPACES
value: {{ .Values.excludeNamespaces | quote }}
- name: OPERATOR_TARGET_WORKLOADS
value: {{ tpl .Values.targetWorkloads . | quote }}
- name: OPERATOR_SERVICE_ACCOUNT
value: {{ include "trivy-operator.serviceAccountName" . | quote }}
envFrom:
- configMapRef:
name: trivy-operator-config
{{- if .Values.operator.valuesFromConfigMap }}
- configMapRef:
name: {{ .Values.operator.valuesFromConfigMap }}
{{- end }}
{{- if .Values.operator.valuesFromSecret }}
- secretRef:
name: {{ .Values.operator.valuesFromSecret }}
{{- end }}
ports:
- name: metrics
containerPort: 8080
- name: probes
containerPort: 9090
readinessProbe:
httpGet:
path: /readyz/
port: probes
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
livenessProbe:
httpGet:
path: /healthz/
port: probes
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 10
{{- with .Values.resources }}
resources: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.securityContext }}
securityContext: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumeMounts }}
volumeMounts: {{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.image.pullSecrets }}
imagePullSecrets: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.podSecurityContext }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.volumes }}
volumes: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}