apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "actions-runner-controller.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "actions-runner-controller.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: {{- include "actions-runner-controller.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "actions-runner-controller.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "actions-runner-controller.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- with .Values.priorityClassName }} priorityClassName: "{{ . }}" {{- end }} containers: - args: - "--metrics-addr=127.0.0.1:8080" - "--enable-leader-election" - "--sync-period={{ .Values.syncPeriod }}" - "--docker-image={{ .Values.image.dindSidecarRepositoryAndTag }}" {{- if .Values.scope.singleNamespace }} - "--watch-namespace={{ default .Release.Namespace .Values.scope.watchNamespace }}" {{- end }} command: - "/manager" env: - name: GITHUB_TOKEN valueFrom: secretKeyRef: key: github_token name: {{ include "actions-runner-controller.secretName" . }} optional: true - name: GITHUB_APP_ID valueFrom: secretKeyRef: key: github_app_id name: {{ include "actions-runner-controller.secretName" . }} optional: true - name: GITHUB_APP_INSTALLATION_ID valueFrom: secretKeyRef: key: github_app_installation_id name: {{ include "actions-runner-controller.secretName" . }} optional: true - name: GITHUB_APP_PRIVATE_KEY value: /etc/actions-runner-controller/github_app_private_key {{- range $key, $val := .Values.env }} - name: {{ $key }} value: {{ $val | quote }} {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" name: manager imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 9443 name: webhook-server protocol: TCP resources: {{- toYaml .Values.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} volumeMounts: - mountPath: "/etc/actions-runner-controller" name: secret readOnly: true - mountPath: /tmp name: tmp - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" - "--logtostderr=true" - "--v=10" image: "{{ .Values.kube_rbac_proxy.image.repository }}:{{ .Values.kube_rbac_proxy.image.tag }}" name: kube-rbac-proxy imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - containerPort: 8443 name: https resources: {{- toYaml .Values.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} terminationGracePeriodSeconds: 10 volumes: - name: secret secret: secretName: {{ include "actions-runner-controller.secretName" . }} - name: cert secret: defaultMode: 420 secretName: webhook-server-cert - name: tmp emptyDir: {} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}