apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ks-controller-manager
    tier: backend
    version: {{ .Chart.AppVersion }}
  name: ks-controller-manager
  namespace: kubesphere-system
spec:
  strategy:
    rollingUpdate:
      maxSurge: 0
    type: RollingUpdate
  progressDeadlineSeconds: 600
  replicas: {{ .Values.replicaCount }}
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: ks-controller-manager
      tier: backend
      # version: {{ .Chart.AppVersion }}
  template:
    metadata:
      labels:
        app: ks-controller-manager
        tier: backend
        # version: {{ .Chart.AppVersion }}
    spec:
      {{- with .Values.imagePullSecrets }}
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
      - command:
        - controller-manager
        - --logtostderr=true
        - --leader-elect=true
        image: {{ .Values.image.ks_controller_manager_repo }}:{{ .Values.image.ks_controller_manager_tag | default .Chart.AppVersion }}
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        name: ks-controller-manager
        ports:
        - containerPort: 8080
          protocol: TCP
        - containerPort: 8443
          protocol: TCP
        resources:
          {{- toYaml .Values.controllerManagerResources | nindent 12 }}
        volumeMounts:
        - mountPath: /etc/kubesphere/
          name: kubesphere-config
        - mountPath: /tmp/k8s-webhook-server/serving-certs
          name: webhook-secret
        - mountPath: /var/lib/kubelet/plugins/
          name: kubelet-plugin
        - mountPath: /etc/localtime
          name: host-time
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
      terminationGracePeriodSeconds: 30
      volumes:
        - name: kubesphere-config
          configMap:
            name: kubesphere-config
            defaultMode: 420
        - name: webhook-secret
          secret:
            defaultMode: 420
            secretName: ks-controller-manager-webhook-cert
        - name: kubelet-plugin
          hostPath:
            path: /var/lib/kubelet/plugins/
            type: DirectoryOrCreate
        - hostPath:
            path: /etc/localtime
            type: ""
          name: host-time
      {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            preference:
              matchExpressions:
              - key: node-role.kubernetes.io/master
                operator: In
                values:
                - ""
{{- if gt .Values.replicaCount 1.0 }}
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
          - topologyKey: kubernetes.io/hostname
            labelSelector:
              matchExpressions:
              - key: app
                operator: In
                values:
                - ks-controller-manager
            namespaces:
            - kubesphere-system
{{- end }}

---

apiVersion: v1
kind: Service
metadata:
  labels:
    app: ks-controller-manager
    tier: backend
    version: {{ .Chart.AppVersion }}
  name: ks-controller-manager
  namespace: kubesphere-system
spec:
  ports:
  - port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    app: ks-controller-manager
    tier: backend
    # version: {{ .Chart.AppVersion }}
  sessionAffinity: None
  type: ClusterIP