mirror of https://github.com/openkruise/charts.git
259 lines
7.3 KiB
YAML
259 lines
7.3 KiB
YAML
{{- if .Values.installation.createNamespace }}
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
labels:
|
|
control-plane: openkruise
|
|
name: {{ .Values.installation.namespace }}
|
|
{{- end }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: kruise-daemon-config
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: kruise-webhook-service
|
|
namespace: {{ .Values.installation.namespace }}
|
|
spec:
|
|
{{ ( include "webhookServiceSpec" . ) | indent 2 }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: kruise-webhook-certs
|
|
namespace: {{ .Values.installation.namespace }}
|
|
{{ ( include "webhookSecretData" . ) }}
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
control-plane: controller-manager
|
|
name: kruise-controller-manager
|
|
namespace: {{ .Values.installation.namespace }}
|
|
spec:
|
|
replicas: {{ .Values.manager.replicas }}
|
|
selector:
|
|
matchLabels:
|
|
control-plane: controller-manager
|
|
minReadySeconds: 3
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 0
|
|
maxSurge: 100%
|
|
template:
|
|
metadata:
|
|
labels:
|
|
control-plane: controller-manager
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- args:
|
|
- --enable-leader-election
|
|
- --metrics-addr=:{{ .Values.manager.metrics.port }}
|
|
- --health-probe-addr=:{{ .Values.manager.healthProbe.port }}
|
|
- --logtostderr=true
|
|
- --leader-election-namespace={{ .Values.installation.namespace }}
|
|
- --v={{ .Values.manager.log.level }}
|
|
- --feature-gates={{ .Values.featureGates }}
|
|
- --sync-period={{ .Values.manager.resyncPeriod }}
|
|
command:
|
|
- /manager
|
|
image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
|
|
imagePullPolicy: Always
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
add: [ 'NET_BIND_SERVICE' ]
|
|
allowPrivilegeEscalation: false
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
name: manager
|
|
env:
|
|
{{- if .Values.enableKubeCacheMutationDetector }}
|
|
- name: KUBE_CACHE_MUTATION_DETECTOR
|
|
value: "true"
|
|
{{- end }}
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: WEBHOOK_PORT
|
|
value: "{{ .Values.manager.webhook.port }}"
|
|
- name: WEBHOOK_CONFIGURATION_FAILURE_POLICY_PODS
|
|
value: {{ .Values.webhookConfiguration.failurePolicy.pods }}
|
|
ports:
|
|
- containerPort: {{ .Values.manager.webhook.port }}
|
|
name: webhook-server
|
|
protocol: TCP
|
|
- containerPort: {{ .Values.manager.metrics.port }}
|
|
name: metrics
|
|
protocol: TCP
|
|
- containerPort: {{ .Values.manager.healthProbe.port }}
|
|
name: health
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: readyz
|
|
port: {{ .Values.manager.healthProbe.port }}
|
|
resources:
|
|
{{- toYaml .Values.manager.resources | nindent 12 }}
|
|
hostNetwork: {{ .Values.manager.hostNetwork }}
|
|
terminationGracePeriodSeconds: 10
|
|
serviceAccountName: kruise-manager
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- podAffinityTerm:
|
|
labelSelector:
|
|
matchExpressions:
|
|
- key: control-plane
|
|
operator: In
|
|
values:
|
|
- controller-manager
|
|
topologyKey: kubernetes.io/hostname
|
|
weight: 100
|
|
{{- with .Values.manager.nodeAffinity }}
|
|
nodeAffinity:
|
|
{{ toYaml . | indent 10 }}
|
|
{{- end }}
|
|
|
|
{{- if .Values.manager.nodeSelector }}
|
|
nodeSelector:
|
|
{{ toYaml .Values.manager.nodeSelector | indent 8 }}
|
|
{{- end }}
|
|
|
|
{{- if .Values.manager.tolerations }}
|
|
tolerations:
|
|
{{ toYaml .Values.manager.tolerations | indent 8 }}
|
|
{{- end }}
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: kruise-manager
|
|
{{- if .Values.serviceAccount.annotations }}
|
|
annotations:
|
|
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
|
{{- end }}
|
|
namespace: {{ .Values.installation.namespace }}
|
|
{{ ( include "serviceAccountManager" . ) }}
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: kruise-daemon
|
|
{{- if .Values.serviceAccount.annotations }}
|
|
annotations:
|
|
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
|
|
{{- end }}
|
|
namespace: {{ .Values.installation.namespace }}
|
|
{{ ( include "serviceAccountDaemon" . ) }}
|
|
---
|
|
{{ if contains "KruiseDaemon=false" .Values.featureGates }}{{ else }}
|
|
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: kruise-daemon
|
|
namespace: {{ .Values.installation.namespace }}
|
|
labels:
|
|
control-plane: daemon
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
control-plane: daemon
|
|
minReadySeconds: 3
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 10%
|
|
template:
|
|
metadata:
|
|
labels:
|
|
control-plane: daemon
|
|
spec:
|
|
{{- with .Values.imagePullSecrets }}
|
|
imagePullSecrets:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.daemon.affinity }}
|
|
affinity:
|
|
{{ toYaml .Values.daemon.affinity | indent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.daemon.nodeSelector }}
|
|
nodeSelector:
|
|
{{ toYaml .Values.daemon.nodeSelector | indent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- command:
|
|
- /kruise-daemon
|
|
args:
|
|
- --logtostderr=true
|
|
- --v=4
|
|
- --addr=:{{ .Values.daemon.port }}
|
|
- --feature-gates={{ .Values.featureGates }}
|
|
- --socket-file={{ .Values.daemon.socketFile }}
|
|
{{- if not .Values.daemon.enablePprof }}
|
|
- --enable-pprof=false
|
|
{{- else }}
|
|
- --enable-pprof=true
|
|
- --pprof-addr={{ .Values.daemon.pprofAddr }}
|
|
{{- end }}
|
|
image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}
|
|
imagePullPolicy: Always
|
|
securityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
add: [ 'NET_BIND_SERVICE' ]
|
|
allowPrivilegeEscalation: false
|
|
name: daemon
|
|
env:
|
|
{{- if .Values.enableKubeCacheMutationDetector }}
|
|
- name: KUBE_CACHE_MUTATION_DETECTOR
|
|
value: "true"
|
|
{{- end }}
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
apiVersion: v1
|
|
fieldPath: spec.nodeName
|
|
{{- if .Values.daemon.extraEnvs }}
|
|
{{- toYaml .Values.daemon.extraEnvs | nindent 8 }}
|
|
{{- end }}
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
httpGet:
|
|
path: /healthz
|
|
port: {{ .Values.daemon.port }}
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
resources:
|
|
{{- toYaml .Values.daemon.resources | nindent 12 }}
|
|
volumeMounts:
|
|
- mountPath: /hostvarrun
|
|
name: runtime-socket
|
|
readOnly: true
|
|
tolerations:
|
|
- operator: Exists
|
|
hostNetwork: true
|
|
terminationGracePeriodSeconds: 10
|
|
serviceAccountName: kruise-daemon
|
|
volumes:
|
|
- hostPath:
|
|
path: {{ .Values.daemon.socketLocation }}
|
|
type: ""
|
|
name: runtime-socket
|
|
{{- end }}
|