github.com/kubevela/workflow@v0.6.0/charts/vela-workflow/templates/admission-webhooks/job-patch/job-createSecret.yaml

github.com/kubevela/workflow@v0.6.0/charts/vela-workflow/templates/admission-webhooks/job-patch/job-createSecret.yaml (about)

     1  {{- if and .Values.admissionWebhooks.enabled .Values.admissionWebhooks.patch.enabled (not .Values.admissionWebhooks.certManager.enabled) }}
     2  apiVersion: batch/v1
     3  kind: Job
     4  metadata:
     5    name:  {{ template "kubevela.fullname" . }}-admission-create
     6    namespace: {{ .Release.Namespace }}
     7    annotations:
     8      "helm.sh/hook": pre-install,pre-upgrade
     9      "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
    10    labels:
    11      app: {{ template "kubevela.name" . }}-admission-create
    12      {{- include "kubevela.labels" . | nindent 4 }}
    13  spec:
    14    {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
    15    # Alpha feature since k8s 1.12
    16    ttlSecondsAfterFinished: 0
    17    {{- end }}
    18    template:
    19      metadata:
    20        name:  {{ template "kubevela.fullname" . }}-admission-create
    21        labels:
    22          app: {{ template "kubevela.name" . }}-admission-create
    23          {{- include "kubevela.labels" . | nindent 8 }}
    24      spec:
    25        {{- with .Values.imagePullSecrets }}
    26        imagePullSecrets:
    27        {{- toYaml . | nindent 8 }}
    28        {{- end }}
    29        containers:
    30          - name: create
    31            image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }}
    32            imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }}
    33            args:
    34              - create
    35              - --host={{ template "kubevela.name" . }}-webhook,{{ template "kubevela.name" . }}-webhook.{{ .Release.Namespace }}.svc
    36              - --namespace={{ .Release.Namespace }}
    37              - --secret-name={{ template "kubevela.fullname" . }}-admission
    38              - --key-name=tls.key
    39              - --cert-name=tls.crt
    40        restartPolicy: OnFailure
    41        serviceAccountName: {{ template "kubevela.fullname" . }}-admission
    42        {{- with .Values.admissionWebhooks.patch.nodeSelector }}
    43        nodeSelector:
    44        {{- toYaml . | nindent 8 }}
    45        {{- end }}
    46        {{- with .Values.admissionWebhooks.patch.affinity }}
    47        affinity:
    48  {{ toYaml . | indent 8 }}
    49        {{- end }}
    50        {{- with .Values.admissionWebhooks.patch.tolerations }}
    51        tolerations:
    52  {{ toYaml . | indent 8 }}
    53        {{- end }}
    54        securityContext:
    55          runAsGroup: 2000
    56          runAsNonRoot: true
    57          runAsUser: 2000
    58  {{- end }}