github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/bindata/manifests/operator-webhook/server.yaml

github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/bindata/manifests/operator-webhook/server.yaml (about)

     1  ---
     2  apiVersion: apps/v1
     3  kind: DaemonSet
     4  metadata:
     5    name: operator-webhook
     6    namespace: {{.Namespace}}
     7    labels:
     8      app: operator-webhook
     9    annotations:
    10      kubernetes.io/description: |
    11        This deployment launches the sriov network operator admission control webhook component.
    12      release.openshift.io/version: "{{.ReleaseVersion}}"
    13  spec:
    14    selector:
    15      matchLabels:
    16        app: operator-webhook
    17    updateStrategy:
    18      type: RollingUpdate
    19      rollingUpdate:
    20        maxUnavailable: 33%
    21    template:
    22      metadata:
    23        labels:
    24          app: operator-webhook
    25      spec:
    26        securityContext:
    27          runAsNonRoot: true
    28        serviceAccountName: operator-webhook-sa
    29        priorityClassName: "system-cluster-critical"
    30        nodeSelector:
    31          kubernetes.io/os: linux
    32        affinity:
    33          {{ if not .ExternalControlPlane }}
    34          nodeAffinity:
    35            requiredDuringSchedulingIgnoredDuringExecution:
    36              nodeSelectorTerms:
    37              - matchExpressions:
    38                - key: node-role.kubernetes.io/master
    39                  operator: Exists
    40              - matchExpressions:
    41                  - key: node-role.kubernetes.io/control-plane
    42                    operator: Exists
    43          {{ end }}
    44        tolerations:
    45        {{ if not .ExternalControlPlane }}
    46        - key: "node-role.kubernetes.io/master"
    47          operator: Exists
    48          effect: NoSchedule
    49        - key: "node-role.kubernetes.io/control-plane"
    50          operator: Exists
    51          effect: NoSchedule
    52        - key: "node.kubernetes.io/not-ready"
    53          operator: Exists
    54          effect: NoSchedule
    55        {{ end }}
    56        {{- if .ImagePullSecrets }}
    57        imagePullSecrets:
    58        {{- range .ImagePullSecrets }}
    59        - name: {{ . }}
    60        {{- end }}
    61        {{- end }}
    62        containers:
    63        - name: webhook-server
    64          image: {{.SriovNetworkWebhookImage}}
    65          command:
    66          - webhook
    67          args:
    68          - "start"
    69          - "--port=6443"
    70          - "--tls-private-key-file=/etc/tls/tls.key"
    71          - "--tls-cert-file=/etc/tls/tls.crt"
    72          - "--alsologtostderr=true"
    73          - "--v=3"
    74          env:
    75          - name: NAMESPACE
    76            valueFrom:
    77              fieldRef:
    78                fieldPath: metadata.namespace
    79          - name: DEV_MODE
    80            value: "{{.DevMode}}"
    81          securityContext:
    82            readOnlyRootFilesystem: true
    83            allowPrivilegeEscalation: false
    84          resources:
    85            requests:
    86              cpu: 10m
    87              memory: 50Mi
    88          volumeMounts:
    89          - mountPath: /etc/tls
    90            name: tls
    91        volumes:
    92        - name: tls
    93          secret:
    94            secretName: {{.OperatorWebhookSecretName}}