github.com/replicatedcom/ship@v0.50.0/integration/init/istio-1.0.3/expected/.ship/upstream/charts/sidecarInjectorWebhook/templates/deployment.yaml (about)

     1  apiVersion: extensions/v1beta1
     2  kind: Deployment
     3  metadata:
     4    name: istio-sidecar-injector
     5    namespace: {{ .Release.Namespace }}
     6    labels:
     7      app: {{ template "sidecar-injector.name" . }}
     8      chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
     9      release: {{ .Release.Name }}
    10      heritage: {{ .Release.Service }}
    11      istio: sidecar-injector
    12  spec:
    13    replicas: {{ .Values.replicaCount }}
    14    template:
    15      metadata:
    16        labels:
    17          istio: sidecar-injector
    18        annotations:
    19          sidecar.istio.io/inject: "false"
    20          scheduler.alpha.kubernetes.io/critical-pod: ""
    21      spec:
    22        serviceAccountName: istio-sidecar-injector-service-account
    23   {{- if .Values.global.priorityClassName }}
    24        priorityClassName: "{{ .Values.global.priorityClassName }}"
    25  {{- end }}
    26        containers:
    27          - name: sidecar-injector-webhook
    28            image: "{{ .Values.global.hub }}/{{ .Values.image }}:{{ .Values.global.tag }}"
    29            imagePullPolicy: {{ .Values.global.imagePullPolicy }}
    30            args:
    31              - --caCertFile=/etc/istio/certs/root-cert.pem
    32              - --tlsCertFile=/etc/istio/certs/cert-chain.pem
    33              - --tlsKeyFile=/etc/istio/certs/key.pem
    34              - --injectConfig=/etc/istio/inject/config
    35              - --meshConfig=/etc/istio/config/mesh
    36              - --healthCheckInterval=2s
    37              - --healthCheckFile=/health
    38            volumeMounts:
    39            - name: config-volume
    40              mountPath: /etc/istio/config
    41              readOnly: true
    42            - name: certs
    43              mountPath: /etc/istio/certs
    44              readOnly: true
    45            - name: inject-config
    46              mountPath: /etc/istio/inject
    47              readOnly: true
    48            livenessProbe:
    49              exec:
    50                command:
    51                  - /usr/local/bin/sidecar-injector
    52                  - probe
    53                  - --probe-path=/health
    54                  - --interval=4s
    55              initialDelaySeconds: 4
    56              periodSeconds: 4
    57            readinessProbe:
    58              exec:
    59                command:
    60                  - /usr/local/bin/sidecar-injector
    61                  - probe
    62                  - --probe-path=/health
    63                  - --interval=4s
    64              initialDelaySeconds: 4
    65              periodSeconds: 4
    66            resources:
    67  {{- if .Values.resources }}
    68  {{ toYaml .Values.resources | indent 12 }}
    69  {{- else }}
    70  {{ toYaml .Values.global.defaultResources | indent 12 }}
    71  {{- end }}
    72        volumes:
    73        - name: config-volume
    74          configMap:
    75            name: istio
    76        - name: certs
    77          secret:
    78            secretName: istio.istio-sidecar-injector-service-account
    79        - name: inject-config
    80          configMap:
    81            name: istio-sidecar-injector
    82            items:
    83            - key: config
    84              path: config
    85        affinity:
    86        {{- include "nodeaffinity" . | indent 6 }}