deploy/timescaledb/stackgres-operator/templates/operator-deployment.yaml

{{- if .Values.deploy.operator }}
apiVersion: "apps/v1"
kind: "Deployment"
metadata:
  {{- with .Values.operator.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  labels:
    app: {{ .Release.Name }}
    version: "{{ .Chart.Version }}"
    group:  stackgres.io
  name: {{ .Release.Name }}
  namespace: {{ .Release.Namespace }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: {{ .Release.Name }}
      group:  stackgres.io
  template:
    metadata:
      labels:
        app: {{ .Release.Name }}
        group:  stackgres.io
    spec:
      {{- with .Values.operator.affinity}}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end}}
      serviceAccountName: {{ .Release.Name }}
      {{- with .Values.operator.affinity}}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end}}
      {{- with .Values.operator.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end}}
      {{- with .Values.operator.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      securityContext:
        {{- if or (not (.Capabilities.APIVersions.Has "project.openshift.io/v1")) .Values.developer.disableArbitraryUser }}
        runAsNonRoot: true
        {{- if .Values.operator.image.tag | hasSuffix "-jvm" }}
        runAsUser: 185
        runAsGroup: 185
        fsGroup: 185
        {{- else }}
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        {{- end }}
        {{- end }}
      containers:
      {{- if not (and .Values.developer.externalOperatorIp .Values.developer.externalOperatorPort) }}
      - name: {{ .Release.Name }}
        image: "{{ include "operator-image" . }}"
        imagePullPolicy: {{ .Values.operator.image.pullPolicy }}
        env:
          - name: OPERATOR_NAME
            value: "{{ .Release.Name }}"
          - name: OPERATOR_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          - name: OPERATOR_IMAGE_VERSION
            value: "{{ .Values.operator.image.tag }}"
          - name: OPERATOR_JVM_IMAGE_VERSION
            value: "{{ trimSuffix "-jvm" .Values.operator.image.tag }}-jvm"
          - name: OPERATOR_NATIVE_IMAGE_VERSION
            value: "{{ trimSuffix "-jvm" .Values.operator.image.tag }}"
          - name: DISABLE_RECONCILIATION
            value: "false"
          - name: INSTALL_CRDS
            value: "{{ if or .Values.disableClusterRole .Values.disableCrdsAndWebhooksUpdate }}false{{ else }}true{{ end }}"
          - name: WAIT_CRDS_UPGRADE
            value: "{{ if or .Values.disableClusterRole .Values.disableCrdsAndWebhooksUpdate }}true{{ else }}false{{ end }}"
          - name: INSTALL_WEBHOOKS
            value: "{{ if or .Values.disableClusterRole .Values.disableCrdsAndWebhooksUpdate }}false{{ else }}true{{ end }}"
          - name: INSTALL_CONVERSION_WEBHOOKS
            value: "{{ if or .Values.allowedNamespaces .Values.allowedNamespaceLabelSelector .Values.disableClusterRole }}false{{ else }}true{{ end }}"
          - name: ALLOWED_NAMESPACES
            {{- $allowedNamespaces := regexSplit " " (include "allowedNamespaces" .) -1 }}
            value: "{{ if not ($allowedNamespaces | has "_all_namespaces_placeholder") }}{{ range $index, $namespace := $allowedNamespaces }}{{ if $index }},{{ end }}{{ $namespace }}{{ end }}{{ end }}"
          - name: CLUSTER_ROLE_DISABLED
            value: "{{ if .Values.disableClusterRole }}true{{ else }}false{{ end }}"
          {{- if not .Values.cert.certManager.autoConfigure }}
          - name: INSTALL_CERTS
            value: "true"
          {{- end }}
          - name: SGCONFIG_NAMESPACE
            value: {{ .Values.sgConfigNamespace | default .Release.Namespace }}
          - name: PROMETHEUS_AUTOBIND
            value: "{{ or .Values.collector.prometheusOperator.allowDiscovery (gt (len .Values.collector.prometheusOperator.monitors) 0) }}"
          {{- if and (.Capabilities.APIVersions.Has "project.openshift.io/v1") (not .Values.developer.disableArbitraryUser) }}
          - name: USE_ARBITRARY_USER
            value: "true"
          {{- end }}
          {{- if .Values.developer.logLevel }}
          - name: OPERATOR_LOG_LEVEL
            value: "{{ .Values.developer.logLevel }}"
          {{- end }}
          {{- if .Values.developer.showStackTraces }}
          - name: OPERATOR_SHOW_STACK_TRACES
            value: "{{ .Values.developer.showStackTraces }}"
          {{- end }}
          {{- if .Values.developer.extraOpts }}
          - name: APP_OPTS
            value: '{{ range .Values.developer.extraOpts }}{{ . }} {{ end }}'
          {{- end }}
          {{- if .Values.developer.extraOpts }}
          - name: JAVA_OPTS
            value: '{{ range .Values.developer.extraOpts }}{{ . }} {{ end }}'
          {{- end }}
          {{- if .Values.developer.enableJvmDebug }}
          - name: DEBUG_OPERATOR
            value: "{{ .Values.developer.enableJvmDebug }}"
          {{- end }}
          {{- if .Values.developer.enableJvmDebugSuspend }}
          - name: DEBUG_OPERATOR_SUSPEND
            value: "{{ .Values.developer.enableJvmDebugSuspend }}"
          {{- end }}
          - name: OPERATOR_SERVICE_ACCOUNT
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: spec.serviceAccountName
          - name: OPERATOR_POD_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.name
          - name: OPERATOR_IP
            valueFrom:
              fieldRef:
                fieldPath: status.podIP
          {{- if and .Values.grafana.url .Values.grafana.token .Values.grafana.webHost }}
          - name: GRAFANA_EMBEDDED
            value: "true"
          {{ end }}
          - name: SG_CONTAINER_REGISTRY
            value: "{{ .Values.containerRegistry }}"
          - name: SG_IMAGE_PULL_POLICY
            value: "{{ .Values.imagePullPolicy }}"
          {{- if .Values.extensions.cache.enabled }}
          - name: EXTENSIONS_REPOSITORY_URLS
            value: "{{ range $index, $element := .Values.extensions.repositoryUrls }}{{ if $index }},{{ end }}{{ $element := regexReplaceAll "([?&])proxyUrl=[^&]+[&]" $element "${1}" }}{{ $element := regexReplaceAll "([?&])proxyUrl=[^&]+$" $element "" }}{{ $element }}{{ if $element | contains "?" }}&{{ else }}?{{ end }}proxyUrl=http%3A%2F%2F{{ $.Release.Name }}-extensions-cache.{{ $.Release.Namespace }}%3FsetHttpScheme%3Dtrue&retry=3%3A5{{ end }}"
          {{- else }}
          - name: EXTENSIONS_REPOSITORY_URLS
            value: "{{ range $index, $element := .Values.extensions.repositoryUrls }}{{ if $index }},{{ end }}{{ $element }}{{ end }}"
          {{- end }}
          {{- if .Values.developer.extraEnv }}
          {{- range $name,$value := .Values.developer.extraEnv }}
          - name: {{ $name }}
            value: {{ $value }}
          {{- end }}
          {{- end }}
          {{- with .Values.developer.version }}
          - name: OPERATOR_VERSION
            value: {{ . | quote }}
          {{- end }}
        ports:
        - containerPort: 8080
          name: "http"
          protocol: "TCP"
        - containerPort: 8443
          name: "https"
          protocol: "TCP"
        livenessProbe:
          httpGet:
            path: "/q/health/live"
            port: 8080
            scheme: "HTTP"
          initialDelaySeconds: 10
          periodSeconds: 60
          timeoutSeconds: 10
        readinessProbe:
          httpGet:
            path: "/q/health/ready"
            port: 8080
            scheme: "HTTP"
          initialDelaySeconds: 0
          periodSeconds: 2
          timeoutSeconds: 1
        {{- with .Values.operator.resources }}
        resources:
          {{- toYaml . | nindent 10 }}
        {{- end }}
        volumeMounts:
          - name: operator-certs
            mountPath: /etc/operator/certs
            readOnly: true
          {{- with ((.Values.developer.patches).operator).volumeMounts }}
          {{- toYaml . | nindent 10 }}
          {{- end }}
      {{- else }}
      - name: {{ .Release.Name }}-nginx
        image: "registry.access.redhat.com/ubi8/nginx-120:1-92"
        imagePullPolicy: IfNotPresent
        args:
          - '/bin/sh'
          - '-ec'
          {{- if .Values.developer.showDebug }}
          - '-x'
          {{- end }}
          - exec nginx -g 'daemon off;'
        ports:
        - containerPort: 9443
          name: "proxyhttps"
          protocol: "TCP"
        volumeMounts:
          - name: operator-certs
            mountPath: /etc/operator/certs
            readOnly: true
          - name: operator-nginx-conf
            mountPath: /etc/nginx/conf.d
            readOnly: true
          - name: operator-nginx
            subPath: var/cache/nginx
            mountPath: /var/cache/nginx
            readOnly: false
          - name: operator-nginx
            subPath: var/run
            mountPath: /var/run
            readOnly: false
      {{- end }}
      volumes:
        - name: operator-certs
          secret:
            secretName: {{ include "cert-name" . }}
            optional: true
        {{- if and .Values.developer.externalOperatorIp .Values.developer.externalOperatorPort }}
        - name: operator-nginx-conf
          configMap:
            name: {{ .Release.Name }}-nginx
            optional: false
            items:
              - key: stackgres-operator.conf
                path: stackgres-operator.conf
        - name: operator-nginx
          emptyDir: {}
        {{- end }}
        {{- with ((.Values.developer.patches).operator).volumes }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
{{- end }}