{{- if .Values.deploy.operator }} apiVersion: "apps/v1" kind: "Deployment" metadata: {{- with .Values.operator.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: app: {{ .Release.Name }} version: "{{ .Chart.Version }}" group: stackgres.io name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: matchLabels: app: {{ .Release.Name }} group: stackgres.io template: metadata: labels: app: {{ .Release.Name }} group: stackgres.io spec: {{- with .Values.operator.affinity}} affinity: {{- toYaml . | nindent 8 }} {{- end}} serviceAccountName: {{ .Release.Name }} {{- with .Values.operator.affinity}} affinity: {{- toYaml . | nindent 8 }} {{- end}} {{- with .Values.operator.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end}} {{- with .Values.operator.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} securityContext: {{- if or (not (.Capabilities.APIVersions.Has "project.openshift.io/v1")) .Values.developer.disableArbitraryUser }} runAsNonRoot: true {{- if .Values.operator.image.tag | hasSuffix "-jvm" }} runAsUser: 185 runAsGroup: 185 fsGroup: 185 {{- else }} runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 {{- end }} {{- end }} containers: {{- if not (and .Values.developer.externalOperatorIp .Values.developer.externalOperatorPort) }} - name: {{ .Release.Name }} image: "{{ include "operator-image" . }}" imagePullPolicy: {{ .Values.operator.image.pullPolicy }} env: - name: OPERATOR_NAME value: "{{ .Release.Name }}" - name: OPERATOR_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - name: OPERATOR_IMAGE_VERSION value: "{{ .Values.operator.image.tag }}" - name: OPERATOR_JVM_IMAGE_VERSION value: "{{ trimSuffix "-jvm" .Values.operator.image.tag }}-jvm" - name: OPERATOR_NATIVE_IMAGE_VERSION value: "{{ trimSuffix "-jvm" .Values.operator.image.tag }}" - name: DISABLE_RECONCILIATION value: "false" - name: INSTALL_CRDS value: "{{ if or .Values.disableClusterRole .Values.disableCrdsAndWebhooksUpdate }}false{{ else }}true{{ end }}" - name: WAIT_CRDS_UPGRADE value: "{{ if or .Values.disableClusterRole .Values.disableCrdsAndWebhooksUpdate }}true{{ else }}false{{ end }}" - name: INSTALL_WEBHOOKS value: "{{ if or .Values.disableClusterRole .Values.disableCrdsAndWebhooksUpdate }}false{{ else }}true{{ end }}" - name: INSTALL_CONVERSION_WEBHOOKS value: "{{ if or .Values.allowedNamespaces .Values.allowedNamespaceLabelSelector .Values.disableClusterRole }}false{{ else }}true{{ end }}" - name: ALLOWED_NAMESPACES {{- $allowedNamespaces := regexSplit " " (include "allowedNamespaces" .) -1 }} value: "{{ if not ($allowedNamespaces | has "_all_namespaces_placeholder") }}{{ range $index, $namespace := $allowedNamespaces }}{{ if $index }},{{ end }}{{ $namespace }}{{ end }}{{ end }}" - name: CLUSTER_ROLE_DISABLED value: "{{ if .Values.disableClusterRole }}true{{ else }}false{{ end }}" {{- if not .Values.cert.certManager.autoConfigure }} - name: INSTALL_CERTS value: "true" {{- end }} - name: SGCONFIG_NAMESPACE value: {{ .Values.sgConfigNamespace | default .Release.Namespace }} - name: PROMETHEUS_AUTOBIND value: "{{ or .Values.collector.prometheusOperator.allowDiscovery (gt (len .Values.collector.prometheusOperator.monitors) 0) }}" {{- if and (.Capabilities.APIVersions.Has "project.openshift.io/v1") (not .Values.developer.disableArbitraryUser) }} - name: USE_ARBITRARY_USER value: "true" {{- end }} {{- if .Values.developer.logLevel }} - name: OPERATOR_LOG_LEVEL value: "{{ .Values.developer.logLevel }}" {{- end }} {{- if .Values.developer.showStackTraces }} - name: OPERATOR_SHOW_STACK_TRACES value: "{{ .Values.developer.showStackTraces }}" {{- end }} {{- if .Values.developer.extraOpts }} - name: APP_OPTS value: '{{ range .Values.developer.extraOpts }}{{ . }} {{ end }}' {{- end }} {{- if .Values.developer.extraOpts }} - name: JAVA_OPTS value: '{{ range .Values.developer.extraOpts }}{{ . }} {{ end }}' {{- end }} {{- if .Values.developer.enableJvmDebug }} - name: DEBUG_OPERATOR value: "{{ .Values.developer.enableJvmDebug }}" {{- end }} {{- if .Values.developer.enableJvmDebugSuspend }} - name: DEBUG_OPERATOR_SUSPEND value: "{{ .Values.developer.enableJvmDebugSuspend }}" {{- end }} - name: OPERATOR_SERVICE_ACCOUNT valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.serviceAccountName - name: OPERATOR_POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name - name: OPERATOR_IP valueFrom: fieldRef: fieldPath: status.podIP {{- if and .Values.grafana.url .Values.grafana.token .Values.grafana.webHost }} - name: GRAFANA_EMBEDDED value: "true" {{ end }} - name: SG_CONTAINER_REGISTRY value: "{{ .Values.containerRegistry }}" - name: SG_IMAGE_PULL_POLICY value: "{{ .Values.imagePullPolicy }}" {{- if .Values.extensions.cache.enabled }} - name: EXTENSIONS_REPOSITORY_URLS value: "{{ range $index, $element := .Values.extensions.repositoryUrls }}{{ if $index }},{{ end }}{{ $element := regexReplaceAll "([?&])proxyUrl=[^&]+[&]" $element "${1}" }}{{ $element := regexReplaceAll "([?&])proxyUrl=[^&]+$" $element "" }}{{ $element }}{{ if $element | contains "?" }}&{{ else }}?{{ end }}proxyUrl=http%3A%2F%2F{{ $.Release.Name }}-extensions-cache.{{ $.Release.Namespace }}%3FsetHttpScheme%3Dtrue&retry=3%3A5{{ end }}" {{- else }} - name: EXTENSIONS_REPOSITORY_URLS value: "{{ range $index, $element := .Values.extensions.repositoryUrls }}{{ if $index }},{{ end }}{{ $element }}{{ end }}" {{- end }} {{- if .Values.developer.extraEnv }} {{- range $name,$value := .Values.developer.extraEnv }} - name: {{ $name }} value: {{ $value }} {{- end }} {{- end }} {{- with .Values.developer.version }} - name: OPERATOR_VERSION value: {{ . | quote }} {{- end }} ports: - containerPort: 8080 name: "http" protocol: "TCP" - containerPort: 8443 name: "https" protocol: "TCP" livenessProbe: httpGet: path: "/q/health/live" port: 8080 scheme: "HTTP" initialDelaySeconds: 10 periodSeconds: 60 timeoutSeconds: 10 readinessProbe: httpGet: path: "/q/health/ready" port: 8080 scheme: "HTTP" initialDelaySeconds: 0 periodSeconds: 2 timeoutSeconds: 1 {{- with .Values.operator.resources }} resources: {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: - name: operator-certs mountPath: /etc/operator/certs readOnly: true {{- with ((.Values.developer.patches).operator).volumeMounts }} {{- toYaml . | nindent 10 }} {{- end }} {{- else }} - name: {{ .Release.Name }}-nginx image: "registry.access.redhat.com/ubi8/nginx-120:1-92" imagePullPolicy: IfNotPresent args: - '/bin/sh' - '-ec' {{- if .Values.developer.showDebug }} - '-x' {{- end }} - exec nginx -g 'daemon off;' ports: - containerPort: 9443 name: "proxyhttps" protocol: "TCP" volumeMounts: - name: operator-certs mountPath: /etc/operator/certs readOnly: true - name: operator-nginx-conf mountPath: /etc/nginx/conf.d readOnly: true - name: operator-nginx subPath: var/cache/nginx mountPath: /var/cache/nginx readOnly: false - name: operator-nginx subPath: var/run mountPath: /var/run readOnly: false {{- end }} volumes: - name: operator-certs secret: secretName: {{ include "cert-name" . }} optional: true {{- if and .Values.developer.externalOperatorIp .Values.developer.externalOperatorPort }} - name: operator-nginx-conf configMap: name: {{ .Release.Name }}-nginx optional: false items: - key: stackgres-operator.conf path: stackgres-operator.conf - name: operator-nginx emptyDir: {} {{- end }} {{- with ((.Values.developer.patches).operator).volumes }} {{- toYaml . | nindent 8 }} {{- end }} {{- end }}