# Copyright 2019 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: tekton-triggers-controller
  namespace: tekton-pipelines
  labels:
    app.kubernetes.io/name: controller
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: default
    app.kubernetes.io/version: "v0.26.1"
    app.kubernetes.io/part-of: tekton-triggers
    # tekton.dev/release value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
    triggers.tekton.dev/release: "v0.26.1"
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: controller
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: default
      app.kubernetes.io/part-of: tekton-triggers
  template:
    metadata:
      labels:
        app.kubernetes.io/name: controller
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: default
        app.kubernetes.io/version: "v0.26.1"
        app.kubernetes.io/part-of: tekton-triggers
        app: tekton-triggers-controller
        triggers.tekton.dev/release: "v0.26.1"
        # version value replaced with inputs.params.versionTag in triggers/tekton/publish.yaml
        version: "v0.26.1"
    spec:
      serviceAccountName: tekton-triggers-controller
      containers:
        - name: tekton-triggers-controller
          image: "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controller:v0.26.1@sha256:276c6167a2a9b2822d268ad7e84517ee45c92ccd978546db17ff2a3763721f7e"
          args: ["-logtostderr", "-stderrthreshold", "INFO", "-el-image", "gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/eventlistenersink:v0.26.1@sha256:6cf43395114325531c17aa3722da7c14ffcd50f2b829c6c18c6605dfb74208a0", "-el-port", "8080", "-el-security-context=true", "-el-events", "disable", "-el-readtimeout", "5", "-el-writetimeout", "40", "-el-idletimeout", "120", "-el-timeouthandler", "30", "-el-httpclient-readtimeout", "30", "-el-httpclient-keep-alive", "30", "-el-httpclient-tlshandshaketimeout", "10", "-el-httpclient-responseheadertimeout", "10", "-el-httpclient-expectcontinuetimeout", "1", "-period-seconds", "10", "-failure-threshold", "3"]
          env:
            - name: SYSTEM_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: CONFIG_LOGGING_NAME
              value: config-logging-triggers
            - name: CONFIG_OBSERVABILITY_NAME
              value: config-observability-triggers
            - name: CONFIG_DEFAULTS_NAME
              value: config-defaults-triggers
            - name: METRICS_DOMAIN
              value: tekton.dev/triggers
            - name: METRICS_PROMETHEUS_PORT
              value: "9000"
            - name: CONFIG_LEADERELECTION_NAME
              value: config-leader-election-triggers-controllers
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - "ALL"
            # User 65532 is the distroless nonroot user ID
            runAsUser: 65532
            runAsGroup: 65532
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault