github.com/SamarSidharth/kpt@v0.0.0-20231122062228-c7d747ae3ace/package-examples/cert-manager-basic/webhook/deployment-cert-manager-webhook.yaml

github.com/SamarSidharth/kpt@v0.0.0-20231122062228-c7d747ae3ace/package-examples/cert-manager-basic/webhook/deployment-cert-manager-webhook.yaml (about)

     1  # Source: cert-manager/templates/webhook-deployment.yaml
     2  apiVersion: apps/v1
     3  kind: Deployment
     4  metadata:
     5    name: cert-manager-webhook
     6    namespace: "cert-manager"
     7    labels:
     8      app: webhook
     9      app.kubernetes.io/name: webhook
    10      app.kubernetes.io/instance: cert-manager
    11      app.kubernetes.io/component: "webhook"
    12      app.kubernetes.io/version: "v1.8.2"
    13  spec:
    14    replicas: 1
    15    selector:
    16      matchLabels:
    17        app.kubernetes.io/name: webhook
    18        app.kubernetes.io/instance: cert-manager
    19        app.kubernetes.io/component: "webhook"
    20    template:
    21      metadata:
    22        labels:
    23          app: webhook
    24          app.kubernetes.io/name: webhook
    25          app.kubernetes.io/instance: cert-manager
    26          app.kubernetes.io/component: "webhook"
    27          app.kubernetes.io/version: "v1.8.2"
    28      spec:
    29        serviceAccountName: cert-manager-webhook
    30        securityContext:
    31          runAsNonRoot: true
    32        containers:
    33          - name: cert-manager
    34            image: "quay.io/jetstack/cert-manager-webhook:v1.8.2"
    35            imagePullPolicy: IfNotPresent
    36            args:
    37            - --v=2
    38            - --secure-port=10250
    39            - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
    40            - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
    41            - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc
    42            ports:
    43            - name: https
    44              protocol: TCP
    45              containerPort: 10250
    46            livenessProbe:
    47              httpGet:
    48                path: /livez
    49                port: 6080
    50                scheme: HTTP
    51              initialDelaySeconds: 60
    52              periodSeconds: 10
    53              timeoutSeconds: 1
    54              successThreshold: 1
    55              failureThreshold: 3
    56            readinessProbe:
    57              httpGet:
    58                path: /healthz
    59                port: 6080
    60                scheme: HTTP
    61              initialDelaySeconds: 5
    62              periodSeconds: 5
    63              timeoutSeconds: 1
    64              successThreshold: 1
    65              failureThreshold: 3
    66            securityContext:
    67              allowPrivilegeEscalation: false
    68            env:
    69            - name: POD_NAMESPACE
    70              valueFrom:
    71                fieldRef:
    72                  fieldPath: metadata.namespace
    73        nodeSelector:
    74          kubernetes.io/os: linux
    75