github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/bindata/manifests/webhook/server.yaml

github.com/k8snetworkplumbingwg/sriov-network-operator@v1.2.1-0.20240408194816-2d2e5a45d453/bindata/manifests/webhook/server.yaml (about)

     1  ---
     2  apiVersion: apps/v1
     3  kind: DaemonSet
     4  metadata:
     5    labels:
     6      app: network-resources-injector
     7    name: network-resources-injector
     8    namespace: {{.Namespace}}
     9    annotations:
    10      kubernetes.io/description: |
    11        This daemon set launches the network resource injector component on master or worker nodes.
    12      release.openshift.io/version: "{{.ReleaseVersion}}"
    13  spec:
    14    selector:
    15      matchLabels:
    16        app: network-resources-injector
    17    updateStrategy:
    18      type: RollingUpdate
    19      rollingUpdate:
    20        maxUnavailable: 33%
    21    template:
    22      metadata:
    23        labels:
    24          app: network-resources-injector
    25          component: network
    26          type: infra
    27          openshift.io/component: network
    28      spec:
    29        securityContext:
    30          runAsNonRoot: true
    31        serviceAccountName: network-resources-injector-sa
    32        priorityClassName: "system-cluster-critical"
    33        nodeSelector:
    34          kubernetes.io/os: linux
    35        affinity:
    36          {{ if not .ExternalControlPlane }}
    37          nodeAffinity:
    38            requiredDuringSchedulingIgnoredDuringExecution:
    39              nodeSelectorTerms:
    40              - matchExpressions:
    41                - key: node-role.kubernetes.io/master
    42                  operator: Exists
    43              - matchExpressions:
    44                  - key: node-role.kubernetes.io/control-plane
    45                    operator: Exists
    46          {{ end }}
    47        tolerations:
    48        {{ if not .ExternalControlPlane }}
    49        - key: "node-role.kubernetes.io/master"
    50          operator: Exists
    51          effect: NoSchedule
    52        - key: "node-role.kubernetes.io/control-plane"
    53          operator: Exists
    54          effect: NoSchedule
    55        - key: "node.kubernetes.io/not-ready"
    56          operator: Exists
    57          effect: NoSchedule
    58        {{ end }}
    59        {{- if .ImagePullSecrets }}
    60        imagePullSecrets:
    61        {{- range .ImagePullSecrets }}
    62        - name: {{ . }}
    63        {{- end }}
    64        {{- end }}
    65        containers:
    66        - name: webhook-server
    67          image: {{.NetworkResourcesInjectorImage}}
    68          command:
    69          - webhook
    70          args:
    71          - -bind-address=0.0.0.0
    72          - -port=6443
    73          - -tls-private-key-file=/etc/tls/tls.key
    74          - -tls-cert-file=/etc/tls/tls.crt
    75          - -insecure=true
    76          - -logtostderr=true
    77          - -alsologtostderr=true
    78          env:
    79          - name: NAMESPACE
    80            valueFrom:
    81              fieldRef:
    82                fieldPath: metadata.namespace
    83          securityContext:
    84            readOnlyRootFilesystem: true
    85            allowPrivilegeEscalation: false
    86          resources:
    87            requests:
    88              cpu: 10m
    89              memory: 50Mi
    90          volumeMounts:
    91          - mountPath: /etc/tls
    92            name: tls
    93        volumes:
    94        - name: tls
    95          secret:
    96            secretName: {{.InjectorWebhookSecretName}}