{{- if .Values.worker.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "shoal.fullname" . }}-worker labels: {{- include "shoal.labels" . | nindent 4 }} app.kubernetes.io/component: worker spec: replicas: {{ .Values.worker.replicas }} selector: matchLabels: {{- include "shoal.selectorLabels" . | nindent 6 }} app.kubernetes.io/component: worker template: metadata: labels: {{- include "shoal.selectorLabels" . | nindent 8 }} app.kubernetes.io/component: worker annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- with .Values.worker.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "shoal.serviceAccountName" . }} securityContext: runAsNonRoot: true runAsUser: 10001 fsGroup: 10001 containers: - name: worker image: {{ include "shoal.image" . | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["shoal-worker"] envFrom: - configMapRef: name: {{ include "shoal.fullname" . }}-config - secretRef: name: {{ include "shoal.secretName" . }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} volumeMounts: - name: cache mountPath: {{ .Values.config.cache.dir }} securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"] volumes: - name: cache emptyDir: sizeLimit: {{ .Values.worker.cacheVolume.sizeLimit }} {{- with .Values.worker.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.worker.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.worker.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- end }}