kubezero/charts/kubezero-metrics/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml

{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
{{- if .Values.prometheusOperator.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "kube-prometheus-stack.fullname" . }}-operator
  namespace: {{ template "kube-prometheus-stack.namespace" . }}
  labels:
    app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 4 }}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: {{ template "kube-prometheus-stack.name" . }}-operator
      release: {{ $.Release.Name | quote }}
  template:
    metadata:
      labels:
        app: {{ template "kube-prometheus-stack.name" . }}-operator
{{ include "kube-prometheus-stack.labels" . | indent 8 }}
{{- if .Values.prometheusOperator.podLabels }}
{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }}
{{- end }}
{{- if .Values.prometheusOperator.podAnnotations }}
      annotations:
{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }}
{{- end }}
    spec:
    {{- if .Values.prometheusOperator.priorityClassName }}
      priorityClassName: {{ .Values.prometheusOperator.priorityClassName }}
    {{- end }}
      containers:
        - name: {{ template "kube-prometheus-stack.name" . }}
          {{- if .Values.prometheusOperator.image.sha }}
          image: "{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}@sha256:{{ .Values.prometheusOperator.image.sha }}"
          {{- else }}
          image: "{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}"
          {{- end }}
          imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}"
          args:
            {{- if .Values.prometheusOperator.kubeletService.enabled }}
            - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ template "kube-prometheus-stack.fullname" . }}-kubelet
            {{- end }}
            {{- if .Values.prometheusOperator.logFormat }}
            - --log-format={{ .Values.prometheusOperator.logFormat }}
            {{- end }}
            {{- if .Values.prometheusOperator.logLevel }}
            - --log-level={{ .Values.prometheusOperator.logLevel }}
            {{- end }}
            {{- if .Values.prometheusOperator.denyNamespaces }}
            - --deny-namespaces={{ .Values.prometheusOperator.denyNamespaces | join "," }}
            {{- end }}
            {{- with $.Values.prometheusOperator.namespaces }}
            {{ $ns := .additional }}
            {{- if .releaseNamespace }}
            {{- $ns = append $ns $namespace }}
            {{- end }}
            - --namespaces={{ $ns | join "," }}
            {{- end }}
            - --localhost=127.0.0.1
            {{- if .Values.prometheusOperator.prometheusDefaultBaseImage }}
            - --prometheus-default-base-image={{ .Values.prometheusOperator.prometheusDefaultBaseImage }}
            {{- end }}
            {{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
            - --alertmanager-default-base-image={{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }}
            {{- end }}
            {{- if .Values.prometheusOperator.prometheusConfigReloaderImage.sha }}
            - --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.sha }}
            {{- else }}
            - --prometheus-config-reloader={{ .Values.prometheusOperator.prometheusConfigReloaderImage.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloaderImage.tag }}
            {{- end }}
            - --config-reloader-cpu={{ .Values.prometheusOperator.configReloaderCpu }}
            - --config-reloader-memory={{ .Values.prometheusOperator.configReloaderMemory }}
            {{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }}
            - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }}
            {{- end }}
            {{- if .Values.prometheusOperator.prometheusInstanceNamespaces }}
            - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }}
            {{- end }}
            {{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }}
            - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }}
            {{- end }}
            {{- if .Values.prometheusOperator.secretFieldSelector }}
            - --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }}
            {{- end }}
            {{- if .Values.prometheusOperator.clusterDomain }}
            - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }}
            {{- end }}
            {{- if .Values.prometheusOperator.tls.enabled }}
            - --web.enable-tls=true
            - --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }}
            - --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }}
            - --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }}
            - --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }}
          ports:
            - containerPort: {{ .Values.prometheusOperator.tls.internalPort }}
              name: https
          {{- else }}
          ports:
            - containerPort: 8080
              name: http
          {{- end }}
          resources:
{{ toYaml .Values.prometheusOperator.resources | indent 12 }}
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
{{- if .Values.prometheusOperator.tls.enabled }}
          volumeMounts:
            - name: tls-secret
              mountPath: /cert
              readOnly: true
      volumes:
        - name: tls-secret
          secret:
            defaultMode: 420
            secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- end }}
    {{- with .Values.prometheusOperator.dnsConfig }}
      dnsConfig:
{{ toYaml . | indent 8 }}
    {{- end }}
{{- if .Values.prometheusOperator.securityContext }}
      securityContext:
{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }}
{{- end }}
      serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }}
{{- if .Values.prometheusOperator.hostNetwork }}
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
{{- end }}
    {{- with .Values.prometheusOperator.nodeSelector }}
      nodeSelector:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.prometheusOperator.affinity }}
      affinity:
{{ toYaml . | indent 8 }}
    {{- end }}
    {{- with .Values.prometheusOperator.tolerations }}
      tolerations:
{{ toYaml . | indent 8 }}
    {{- end }}
{{- end }}