apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/name: kube-state-metrics
    app.kubernetes.io/version: v1.9.7
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
  name: kube-state-metrics
  namespace: {{ .Release.Namespace }}
spec:
  replicas: {{ .Values.monitors.kubeStateMetrics.replicas }}
  selector:
    matchLabels:
      app.kubernetes.io/name: kube-state-metrics
  template:
    metadata:
      labels:
        app.kubernetes.io/name: kube-state-metrics
        app.kubernetes.io/version: v1.9.7
        app.kubernetes.io/instance: {{ .Release.Name }}
        app.kubernetes.io/managed-by: {{ .Release.Service }}
    spec:
      containers:
      - args:
              - --host=127.0.0.1
              - --port=8081
              - --telemetry-host=127.0.0.1
              - --telemetry-port=8082
        image: {{ .Values.monitors.kubeStateMetrics.repo }}{{"/"}}{{ .Values.monitors.kubeStateMetrics.image }}:{{.Values.monitors.kubeStateMetrics.version }}
        name: kube-state-metrics
        resources:
{{ toYaml .Values.monitors.kubeStateMetrics.resources | indent 10 }}
      - args:
          - --logtostderr
          - --secure-listen-address=:8443
          - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
          - --upstream=http://127.0.0.1:8081/
        image: {{ .Values.monitors.kubeRBACProxy.repo }}{{"/"}}{{ .Values.monitors.kubeRBACProxy.image }}:{{ .Values.monitors.kubeRBACProxy.version }}
        name: kube-rbac-proxy-main
        resources:
{{ toYaml .Values.monitors.kubeRBACProxy.resources | indent 10 }}
        ports:
        - containerPort: 8443
          name: https-main
        securityContext:
          runAsGroup: 65532
          runAsNonRoot: true
          runAsUser: 65532
      - args:
        - --logtostderr
        - --secure-listen-address=:9443
        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - --upstream=http://127.0.0.1:8082/
        image: {{ .Values.monitors.kubeRBACProxy.repo }}{{"/"}}{{ .Values.monitors.kubeRBACProxy.image }}:{{ .Values.monitors.kubeRBACProxy.version }}
        name: kube-rbac-proxy-self
        resources:
{{ toYaml .Values.monitors.kubeRBACProxy.resources | indent 10 }}
        ports:
        - containerPort: 9443
          name: https-self
        securityContext:
          runAsGroup: 65532
          runAsNonRoot: true
          runAsUser: 65532
      {{- with .Values.monitors.kubeStateMetrics.nodeSelector }}
      nodeSelector:
      {{ toYaml . | indent 2 }}
      {{- end }}
      serviceAccountName: kube-state-metrics