apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "freeleaps-secret-operator.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "freeleaps-secret-operator.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: {{- include "freeleaps-secret-operator.selectorLabels" . | nindent 6 }} template: metadata: labels: {{- include "freeleaps-secret-operator.selectorLabels" . | nindent 8 }} {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} spec: serviceAccountName: {{ include "freeleaps-secret-operator.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: api containerPort: {{ .Values.operator.apiServerPort }} protocol: TCP env: # General Configuration - name: SECRET_OPERATOR_DEBUG value: {{ .Values.operator.debug | quote }} - name: SECRET_OPERATOR_APISERVER_PORT value: {{ .Values.operator.apiServerPort | quote }} - name: K8S_CLUSTER_DOMAIN value: {{ .Values.operator.k8sClusterDomain | quote }} - name: AUTO_DISCOVER_K8S_CLUSTER_DOMAIN_MAX_RETRIES value: {{ .Values.operator.autoDiscoverK8sClusterDomainMaxRetries | quote }} - name: SECRET_OPERATOR_WATCHED_NAMESPACES value: {{ .Values.operator.watchedNamespaces | quote }} # Kopf Configuration - name: KOPF_PEERING_NAME value: {{ .Values.operator.kopfPeeringName | quote }} # Azure Key Vault Configuration {{- if .Values.azureKeyVault.createSecret }} - name: AZURE_TENANT_ID valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: AZURE_TENANT_ID - name: AZURE_CLIENT_ID valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: AZURE_CLIENT_ID - name: AZURE_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: AZURE_CLIENT_SECRET - name: AZURE_VAULT_URL valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: AZURE_VAULT_URL - name: AZURE_VAULT_NAME valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: AZURE_VAULT_NAME - name: AZURE_SUBSCRIPTION_ID valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: AZURE_SUBSCRIPTION_ID - name: AZURE_RESOURCE_GROUP valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: AZURE_RESOURCE_GROUP {{- else if .Values.azureKeyVault.existingSecret }} - name: AZURE_TENANT_ID valueFrom: secretKeyRef: name: {{ .Values.azureKeyVault.existingSecret }} key: AZURE_TENANT_ID - name: AZURE_CLIENT_ID valueFrom: secretKeyRef: name: {{ .Values.azureKeyVault.existingSecret }} key: AZURE_CLIENT_ID - name: AZURE_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ .Values.azureKeyVault.existingSecret }} key: AZURE_CLIENT_SECRET - name: AZURE_VAULT_URL valueFrom: secretKeyRef: name: {{ .Values.azureKeyVault.existingSecret }} key: AZURE_VAULT_URL - name: AZURE_VAULT_NAME valueFrom: secretKeyRef: name: {{ .Values.azureKeyVault.existingSecret }} key: AZURE_VAULT_NAME - name: AZURE_SUBSCRIPTION_ID valueFrom: secretKeyRef: name: {{ .Values.azureKeyVault.existingSecret }} key: AZURE_SUBSCRIPTION_ID - name: AZURE_RESOURCE_GROUP valueFrom: secretKeyRef: name: {{ .Values.azureKeyVault.existingSecret }} key: AZURE_RESOURCE_GROUP {{- end }} # JWT Configuration {{- if .Values.jwt.createSecret }} - name: JWT_SECRET_KEY valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: JWT_SECRET_KEY - name: JWT_ALGORITHM valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: JWT_ALGORITHM {{- else if .Values.jwt.existingSecret }} - name: JWT_SECRET_KEY valueFrom: secretKeyRef: name: {{ .Values.jwt.existingSecret }} key: JWT_SECRET_KEY - name: JWT_ALGORITHM valueFrom: secretKeyRef: name: {{ .Values.jwt.existingSecret }} key: JWT_ALGORITHM {{- end }} # HMAC Configuration {{- if .Values.hmac.createSecret }} - name: HMAC_SECRET_KEY valueFrom: secretKeyRef: name: {{ include "freeleaps-secret-operator.fullname" . }}-config key: HMAC_SECRET_KEY {{- else if .Values.hmac.existingSecret }} - name: HMAC_SECRET_KEY valueFrom: secretKeyRef: name: {{ .Values.hmac.existingSecret }} key: HMAC_SECRET_KEY {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}