apiVersion: apps/v1 kind: Deployment metadata: labels: {{- include "keycloak-operator.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} name: {{ .Values.name }} spec: replicas: 1 selector: matchLabels: name: {{ .Values.name }} template: metadata: labels: name: {{ .Values.name }} spec: serviceAccountName: edp-{{ .Values.name }} securityContext: runAsNonRoot: true {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Values.name }} # Replace this with the built image name image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} imagePullPolicy: "{{ .Values.imagePullPolicy }}" command: - /manager securityContext: allowPrivilegeEscalation: false env: - name: WATCH_NAMESPACE {{- if .Values.clusterReconciliationEnabled }} value: "" {{- else }} valueFrom: fieldRef: fieldPath: metadata.namespace {{- end }} - name: OPERATOR_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name {{- if .Values.extraVolumeMounts }} volumeMounts: {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} {{- end }} livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.extraVolumes }} volumes: {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}