ZeroDownTime
/
kubezero
3
0
Fork 0
Code Issues 1 Pull Requests 24 Releases Wiki Activity
kubezero/charts/kubezero-addons/templates/forseti/deployment.yaml

86 lines
2.3 KiB
YAML
Raw Blame History

{{- if .Values.forseti.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: kubezero-forseti
namespace: kube-system
labels:
app: kubezero-forseti
spec:
replicas: 1
selector:
matchLabels:
app: kubezero-forseti
template:
metadata:
labels:
app: kubezero-forseti
spec:
containers:
- name: kubezero-forseti
image: "{{ .Values.forseti.image.name }}:{{ .Values.forseti.image.tag }}"
imagePullPolicy: Always
args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=:8080
#- --zap-log-level=2
#- --dry-run
#- --leader-elect
command:
- /forseti
env:
- name: AWS_REGION
value: "{{ .Values.forseti.aws.region }}"
- name: AWS_ROLE_ARN
value: "{{ .Values.forseti.aws.iamRoleArn }}"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: regional
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: /var/run/secrets/sts.amazonaws.com/serviceaccount/token
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/run/secrets/sts.amazonaws.com/serviceaccount/
name: aws-token
readOnly: true
securityContext:
runAsNonRoot: true
serviceAccountName: kubezero-forseti
terminationGracePeriodSeconds: 10
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node-role.kubernetes.io/control-plane
effect: NoSchedule
volumes:
- name: aws-token
projected:
defaultMode: 420
sources:
- serviceAccountToken:
audience: sts.amazonaws.com
expirationSeconds: 86400
path: token
{{- end }}
Reference in New Issue View Git Blame Copy Permalink