---
# Source: cloudnative-pg/charts/cloudnative-pg/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: cloudnative-pg
  namespace: cloudnative-pg
  labels:
    helm.sh/chart: cloudnative-pg-0.26.1
    app.kubernetes.io/name: cloudnative-pg
    app.kubernetes.io/instance: cloudnative-pg
    app.kubernetes.io/version: "1.27.1"
    app.kubernetes.io/managed-by: Helm
spec:
  replicas: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: cloudnative-pg
      app.kubernetes.io/instance: cloudnative-pg
  template:
    metadata:
      annotations:
        checksum/rbac: ecc7ac52a42c48513234accf4bd785afb5889e77f0672f57c00b875960e3497a
        checksum/config: c9268d2e1b50fbad8b125b152e51e44e51e393aef15b37b31b8ef35e60c039ec
        checksum/monitoring-config: 5b7dc0c42a24b297d6f659777324c4105b8ce5e022ee55e973a2f3697f4e7702
      labels:
        app.kubernetes.io/name: cloudnative-pg
        app.kubernetes.io/instance: cloudnative-pg
    spec:
      containers:
        - args:
            - controller
            - --leader-elect
            - --max-concurrent-reconciles=10
            - --config-map-name=cnpg-controller-manager-config
            - --webhook-port=9443
          command:
            - /manager
          env:
            - name: OPERATOR_IMAGE_NAME
              value: "ghcr.io/cloudnative-pg/cloudnative-pg:1.27.1"
            - name: OPERATOR_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: MONITORING_QUERIES_CONFIGMAP
              value: "cnpg-default-monitoring"
          image: "ghcr.io/cloudnative-pg/cloudnative-pg:1.27.1"
          imagePullPolicy: IfNotPresent
          livenessProbe:
            httpGet:
              path: /readyz
              port: 9443
              scheme: HTTPS
            initialDelaySeconds: 3
          name: manager
          ports:
            - containerPort: 8080
              name: metrics
              protocol: TCP
            - containerPort: 9443
              name: webhook-server
              protocol: TCP
          readinessProbe:
            httpGet:
              path: /readyz
              port: 9443
              scheme: HTTPS
            initialDelaySeconds: 3
          resources: {}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
            runAsGroup: 10001
            runAsUser: 10001
            seccompProfile:
              type: RuntimeDefault
          startupProbe:
            failureThreshold: 6
            httpGet:
              path: /readyz
              port: 9443
              scheme: HTTPS
            periodSeconds: 5
          volumeMounts:
            - mountPath: /controller
              name: scratch-data
            - mountPath: /run/secrets/cnpg.io/webhook
              name: webhook-certificates
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      serviceAccountName: cloudnative-pg
      terminationGracePeriodSeconds: 10
      volumes:
        - emptyDir: {}
          name: scratch-data
        - name: webhook-certificates
          secret:
            defaultMode: 420
            optional: true
            secretName: cnpg-webhook-cert