---
# Source: kube-prometheus-stack/charts/kube-prometheus-stack/templates/prometheus-operator/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kube-prometheus-stack-operator
  namespace: kube-prometheus-stack
  labels:
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/instance: kube-prometheus-stack
    app.kubernetes.io/version: "79.11.0"
    app.kubernetes.io/part-of: kube-prometheus-stack
    chart: kube-prometheus-stack-79.11.0
    release: "kube-prometheus-stack"
    heritage: "Helm"
    app: kube-prometheus-stack-operator
    app.kubernetes.io/name: kube-prometheus-stack-prometheus-operator
    app.kubernetes.io/component: prometheus-operator
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: kube-prometheus-stack-operator
      release: "kube-prometheus-stack"
  template:
    metadata:
      labels:
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/instance: kube-prometheus-stack
        app.kubernetes.io/version: "79.11.0"
        app.kubernetes.io/part-of: kube-prometheus-stack
        chart: kube-prometheus-stack-79.11.0
        release: "kube-prometheus-stack"
        heritage: "Helm"
        app: kube-prometheus-stack-operator
        app.kubernetes.io/name: kube-prometheus-stack-prometheus-operator
        app.kubernetes.io/component: prometheus-operator
    spec:
      containers:
        - name: kube-prometheus-stack
          image: "quay.io/prometheus-operator/prometheus-operator:v0.86.2"
          imagePullPolicy: "IfNotPresent"
          args:
            - --kubelet-service=kube-system/kube-prometheus-stack-kubelet
            - --kubelet-endpoints=true
            - --kubelet-endpointslice=false
            - --localhost=127.0.0.1
            - --prometheus-config-reloader=quay.io/prometheus-operator/prometheus-config-reloader:v0.86.2
            - --config-reloader-cpu-request=0
            - --config-reloader-cpu-limit=0
            - --config-reloader-memory-request=0
            - --config-reloader-memory-limit=0
            - --thanos-default-base-image=quay.io/thanos/thanos:v0.40.1
            - --secret-field-selector=type!=kubernetes.io/dockercfg,type!=kubernetes.io/service-account-token,type!=helm.sh/release.v1
            - --web.enable-tls=true
            - --web.cert-file=/cert/cert
            - --web.key-file=/cert/key
            - --web.listen-address=:10250
            - --web.tls-min-version=VersionTLS13
          ports:
            - containerPort: 10250
              name: https
          env:
            - name: GOGC
              value: "30"
          resources: {}
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
          volumeMounts:
            - name: tls-secret
              mountPath: /cert
              readOnly: true
          readinessProbe:
            httpGet:
              path: /healthz
              port: https
              scheme: HTTPS
            initialDelaySeconds: 0
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          livenessProbe:
            httpGet:
              path: /healthz
              port: https
              scheme: HTTPS
            initialDelaySeconds: 0
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
      volumes:
        - name: tls-secret
          secret:
            defaultMode: 420
            secretName: kube-prometheus-stack-admission
      securityContext:
        fsGroup: 65534
        runAsGroup: 65534
        runAsNonRoot: true
        runAsUser: 65534
        seccompProfile:
          type: RuntimeDefault
      serviceAccountName: kube-prometheus-stack-operator
      automountServiceAccountToken: true
      terminationGracePeriodSeconds: 30