operator-templating/template/deploy/helm/[[operator]]/templates/deployment.yaml.j2 at bace8607ac9a326fa4575c177cc8b3ab5904e6a6 · stackabletech/operator-templating · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
{[% if operator.run_as is undefined or operator.run_as == "deployment" %}]
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "operator.fullname" . }}-deployment
  labels:
    {{- include "operator.labels" . | nindent 4 }}
spec:
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      {{- include "operator.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      annotations:
        internal.stackable.tech/image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        {{- with .Values.podAnnotations }}
        {{- toYaml . | nindent 8 }}
        {{- end }}
      labels:
        {{- if .Values.maintenance.customResourceDefinitions.maintain }}
        webhook.stackable.tech/conversion: enabled
        {{- end }}
        {{- include "operator.selectorLabels" . | nindent 8 }}
    spec:
      {{- with .Values.image.pullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      serviceAccountName: {{ include "operator.fullname" . }}-serviceaccount
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
        - name: {{ include "operator.appname" . }}
          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          volumeMounts:
            - mountPath: /etc/stackable/{{ include "operator.appname" . }}/config-spec
              name: config-spec
          env:
            # The following env vars are passed as clap (think CLI) arguments to the operator.
            # They are picked up by clap using the structs defied in the operator.
            # (which is turn pulls in https://github.com/stackabletech/operator-rs/blob/main/crates/stackable-operator/src/cli.rs)
            # You can read there about the expected values and purposes.

            # Sometimes products need to know the operator image, e.g. the opa-bundle-builder OPA
            # sidecar uses the operator image.
            - name: OPERATOR_IMAGE
              # Tilt can use annotations as image paths, but not env variables
              valueFrom:
                fieldRef:
                  fieldPath: metadata.annotations['internal.stackable.tech/image']

            # Namespace the operator Pod is running in, e.g. used to construct the conversion
            # webhook endpoint.
            - name: OPERATOR_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace

            # The name of the Kubernetes Service that point to the operator Pod, e.g. used to
            # construct the conversion webhook endpoint.
            - name: OPERATOR_SERVICE_NAME
              value: {{ include "operator.fullname" . }}

            # Operators need to know the node name they are running on, to e.g. discover the
            # Kubernetes domain name from the kubelet API.
            - name: KUBERNETES_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName

            {{- if .Values.kubernetesClusterDomain }}
            - name: KUBERNETES_CLUSTER_DOMAIN
              value: {{ .Values.kubernetesClusterDomain | quote }}
            {{- end }}

            {{- include "telemetry.envVars" . | nindent 12 }}
            {{- include "maintenance.envVars" . | nindent 12 }}
{[% if operator.product_string in ['opa'] %}]
            - name: OPA_BUNDLE_BUILDER_CLUSTERROLE
              value: {{ include "operator.fullname" . }}-opa-bundle-builder-clusterrole
{[% endif %}]
      volumes:
        - name: config-spec
          configMap:
            name: {{ include "operator.fullname" . }}-configmap
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.priorityClassName }}
      priorityClassName: {{ . }}
      {{- end }}
{[% else %}]
# Templated Deployment disabled for this operator
{[% endif %}]