github.com/verrazzano/verrazzano@v1.7.0/platform-operator/helm_config/charts/verrazzano-application-operator/templates/deployment.yaml (about) 1 # Copyright (c) 2020, 2023, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 --- 4 apiVersion: apps/v1 5 kind: Deployment 6 metadata: 7 name: {{ .Values.name }} 8 namespace: {{ .Values.namespace }} 9 labels: 10 app: {{ .Values.name }} 11 spec: 12 replicas: 1 13 selector: 14 matchLabels: 15 app: {{ .Values.name }} 16 template: 17 metadata: 18 labels: 19 app: {{ .Values.name }} 20 sidecar.istio.io/inject: "false" 21 spec: 22 initContainers: 23 - name: webhookswait 24 imagePullPolicy: {{ .Values.imagePullPolicy }} 25 image: {{ .Values.image }} 26 command: [ 'sh', '-c', "/usr/local/bin/wait4webhook.sh" ] 27 securityContext: 28 privileged: false 29 allowPrivilegeEscalation: false 30 capabilities: 31 drop: 32 - ALL 33 {{- if .Values.affinity }} 34 affinity: {{ toYaml .Values.affinity | nindent 8 }} 35 {{- end }} 36 containers: 37 - name: {{ .Values.name }} 38 image: {{ .Values.image }} 39 imagePullPolicy: {{ .Values.imagePullPolicy }} 40 ports: 41 - containerPort: 9443 42 name: https-webhook 43 protocol: TCP 44 - containerPort: 9100 45 name: http-metric 46 protocol: TCP 47 args: 48 - --zap-log-level={{ .Values.logLevel }} 49 resources: 50 requests: 51 memory: {{ .Values.requestMemory }} 52 volumeMounts: 53 - name: webhook-certs 54 mountPath: /etc/certs 55 env: 56 - name: DEFAULT_FLUENTD_IMAGE 57 value: {{ .Values.fluentdImage }} 58 - name: ISTIO_PROXY_IMAGE 59 value: {{ .Values.istioProxyImage }} 60 - name: WEBLOGIC_MONITORING_EXPORTER_IMAGE 61 value: {{ .Values.weblogicMonitoringExporterImage }} 62 securityContext: 63 privileged: false 64 allowPrivilegeEscalation: false 65 capabilities: 66 drop: 67 - ALL 68 volumes: 69 - name: webhook-certs 70 emptyDir: {} 71 serviceAccountName: {{ .Values.name }} 72 securityContext: 73 runAsUser: 1000 74 runAsGroup: 999 75 runAsNonRoot: true 76 seccompProfile: 77 type: RuntimeDefault 78 --- 79 apiVersion: apps/v1 80 kind: Deployment 81 metadata: 82 name: {{ .Values.name }}-webhook 83 namespace: {{ .Values.namespace }} 84 labels: 85 app: {{ .Values.name }}-webhook 86 spec: 87 replicas: {{ .Values.webhook.replicas }} 88 selector: 89 matchLabels: 90 app: {{ .Values.name }}-webhook 91 template: 92 metadata: 93 labels: 94 app: {{ .Values.name }}-webhook 95 sidecar.istio.io/inject: "false" 96 spec: 97 initContainers: 98 - name: initwebhooks 99 imagePullPolicy: {{ .Values.imagePullPolicy }} 100 image: {{ .Values.image }} 101 args: 102 - --zap-log-level=info 103 - --run-webhook-init 104 - --cert-dir=/etc/certs 105 resources: 106 requests: 107 memory: {{ .Values.requestMemory }} 108 volumeMounts: 109 - name: webhook-certs 110 mountPath: /etc/certs 111 securityContext: 112 privileged: false 113 allowPrivilegeEscalation: false 114 capabilities: 115 drop: 116 - ALL 117 containers: 118 - name: {{ .Values.name }}-webhook 119 image: {{ .Values.image }} 120 imagePullPolicy: {{ .Values.imagePullPolicy }} 121 ports: 122 - containerPort: 9443 123 name: https-webhook 124 protocol: TCP 125 - containerPort: 9100 126 name: http-metric 127 protocol: TCP 128 args: 129 - --zap-log-level={{ .Values.logLevel }} 130 - --run-webhooks 131 - --metrics-addr=:9100 132 resources: 133 requests: 134 memory: {{ .Values.requestMemory }} 135 volumeMounts: 136 - name: webhook-certs 137 mountPath: /etc/certs 138 env: 139 - name: DEFAULT_FLUENTD_IMAGE 140 value: {{ .Values.fluentdImage }} 141 - name: ISTIO_PROXY_IMAGE 142 value: {{ .Values.istioProxyImage }} 143 - name: WEBLOGIC_MONITORING_EXPORTER_IMAGE 144 value: {{ .Values.weblogicMonitoringExporterImage }} 145 securityContext: 146 privileged: false 147 allowPrivilegeEscalation: false 148 capabilities: 149 drop: 150 - ALL 151 volumes: 152 - name: webhook-certs 153 emptyDir: {} 154 serviceAccountName: {{ .Values.name }} 155 securityContext: 156 runAsUser: 1000 157 runAsGroup: 999 158 runAsNonRoot: true 159 seccompProfile: 160 type: RuntimeDefault 161