helm-chart/flink-operator/templates/flink-operator.yaml (101 lines of code) (raw):
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8443"
prometheus.io/scheme: https
prometheus.io/scrape: "true"
labels:
control-plane: controller-manager
name: flink-operator-controller-manager-metrics-service
namespace: {{ .Values.flinkOperatorNamespace.name }}
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
---
apiVersion: v1
kind: Service
metadata:
name: flink-operator-webhook-service
namespace: {{ .Values.flinkOperatorNamespace.name }}
spec:
ports:
- port: 443
targetPort: 9443
selector:
control-plane: controller-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: flink-operator
control-plane: controller-manager
name: flink-operator-controller-manager
namespace: {{ .Values.flinkOperatorNamespace.name }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: flink-operator
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: flink-operator
labels:
app: flink-operator
control-plane: controller-manager
spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=0
image: {{ .Values.rbacProxyImage.name }}
imagePullPolicy: {{ .Values.rbacProxyImage.pullPolicy }}
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
- args:
- --metrics-addr=127.0.0.1:8080
- --enable-leader-election
- --zap-devel=false
- --watch-namespace={{ .Values.watchNamespace.name }}
command:
- /flink-operator
image: {{ .Values.operatorImage.name }}
imagePullPolicy: {{ .Values.operatorImage.pullPolicy }}
name: flink-operator
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
resources:
limits:
cpu: {{ .Values.resources.limits.cpu }}
memory: {{ .Values.resources.limits.memory }}
requests:
cpu: {{ .Values.resources.requests.cpu }}
memory: {{ .Values.resources.requests.memory }}
securityContext:
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
securityContext:
runAsNonRoot: false
serviceAccountName: {{ template "flink-operator.serviceAccountName" . }}
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert