Skip to content
Permalink
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
144 lines (143 sloc) 5.01 KB
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: {{ template "fullname" . }}-controller-manager
labels:
app: {{ template "fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
replicas: {{ .Values.controllerManager.replicas }}
strategy:
type: {{ .Values.controllerManager.updateStrategy }}
minReadySeconds: {{ .Values.apiserver.minReadySeconds }}
selector:
matchLabels:
app: {{ template "fullname" . }}-controller-manager
template:
metadata:
annotations:
prometheus.io/scrape: "{{ .Values.controllerManager.enablePrometheusScrape }}"
{{ if .Values.controllerManager.annotations }}
{{ toYaml .Values.controllerManager.annotations | indent 8 }}
{{- end }}
labels:
app: {{ template "fullname" . }}-controller-manager
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
{{- with .Values.securityContext }}
securityContext:
{{ toYaml . | indent 8 }}
{{- end }}
serviceAccountName: "{{ .Values.controllerManager.serviceAccount }}"
containers:
- name: controller-manager
image: {{ .Values.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
resources:
{{ toYaml .Values.controllerManager.resources | indent 10 }}
env:
- name: K8S_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
args:
- controller-manager
- --secure-port
- "8444"
- "--cluster-id-configmap-namespace={{ .Release.Namespace }}"
{{ if .Values.controllerManager.leaderElection.activated -}}
- "--leader-election-namespace={{ .Release.Namespace }}"
- "--leader-elect-resource-lock=configmaps"
{{- else }}
- "--leader-elect=false"
{{- end }}
{{ if .Values.controllerManager.profiling.disabled -}}
- "--profiling=false"
{{- end}}
{{ if .Values.controllerManager.profiling.contentionProfiling -}}
- "--contention-profiling=true"
{{- end}}
{{- if not .Values.useAggregator }}
- --service-catalog-api-server-url
- https://{{ template "fullname" . }}-apiserver
{{- end }}
{{ if and (.Values.controllerManager.apiserverSkipVerify) (not .Values.useAggregator) -}}
- "--service-catalog-insecure-skip-verify=true"
{{- end }}
- -v
- "{{ .Values.controllerManager.verbosity }}"
- --resync-interval
- {{ .Values.controllerManager.resyncInterval }}
{{ if .Values.controllerManager.brokerRelistIntervalActivated -}}
- --broker-relist-interval
- {{ .Values.controllerManager.brokerRelistInterval }}
{{- end }}
{{ if .Values.controllerManager.operationPollingMaximumBackoffDuration -}}
- --operation-polling-maximum-backoff-duration
- {{ .Values.controllerManager.operationPollingMaximumBackoffDuration }}
{{- end }}
- --feature-gates
- OriginatingIdentity={{.Values.originatingIdentityEnabled}}
- --feature-gates
- ServicePlanDefaults={{.Values.servicePlanDefaultsEnabled}}
{{- if .Values.asyncBindingOperationsEnabled }}
- --feature-gates
- AsyncBindingOperations=true
{{- end }}
{{- if .Values.catalogRestrictionsEnabled }}
- --feature-gates
- CatalogRestrictions=true
{{- end }}
{{- if .Values.namespacedServiceBrokerDisabled }}
- --feature-gates
- NamespacedServiceBroker=false
{{- end }}
ports:
- containerPort: 8444
volumeMounts:
- name: service-catalog-cert
mountPath: /var/run/kubernetes-service-catalog
readOnly: true
{{- if .Values.controllerManager.healthcheck.enabled }}
readinessProbe:
httpGet:
port: 8444
path: /healthz/ready
scheme: HTTPS
failureThreshold: 1
initialDelaySeconds: 20
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
httpGet:
port: 8444
path: /healthz
scheme: HTTPS
failureThreshold: 3
initialDelaySeconds: 40
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
{{- end }}
{{ if .Values.controllerManager.nodeSelector }}
nodeSelector:
{{ .Values.controllerManager.nodeSelector }}
{{ end }}
volumes:
- name: service-catalog-cert
secret:
secretName: {{ template "fullname" . }}-apiserver-cert
items:
- key: tls.crt
path: apiserver.crt
- key: tls.key
path: apiserver.key
{{- if .Values.apiserver.tls.requestHeaderCA }}
- key: requestheader-ca.crt
path: requestheader-ca.crt
{{- end }}
You can’t perform that action at this time.