github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager-webhook-oci/templates/deployment.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager-webhook-oci/templates/deployment.yaml (about)

     1  # Portions of the code in this file are derived from https://github.com/cert-manager/webhook-example/blob/master/deploy/example-webhook/templates/deployment.yaml
     2  # Portions of the code in this file are derived from https://gitlab.com/dn13/cert-manager-webhook-oci/-/blob/1.1.0/deploy/cert-manager-webhook-oci/templates/deployment.yaml
     3  
     4  apiVersion: apps/v1
     5  kind: Deployment
     6  metadata:
     7    name: {{ include "cert-manager-webhook-oci.fullname" . }}
     8    labels:
     9      app: {{ include "cert-manager-webhook-oci.name" . }}
    10      chart: {{ include "cert-manager-webhook-oci.chart" . }}
    11      release: {{ .Release.Name }}
    12      heritage: {{ .Release.Service }}
    13  spec:
    14    strategy:
    15      type: RollingUpdate
    16      rollingUpdate:
    17        maxUnavailable: 0
    18        maxSurge: 1
    19    replicas: {{ .Values.replicaCount }}
    20    selector:
    21      matchLabels:
    22        app: {{ include "cert-manager-webhook-oci.name" . }}
    23        release: {{ .Release.Name }}
    24    template:
    25      metadata:
    26        labels:
    27          app: {{ include "cert-manager-webhook-oci.name" . }}
    28          release: {{ .Release.Name }}
    29          sidecar.istio.io/inject: "false"
    30      spec:
    31        securityContext:
    32          {{- toYaml .Values.podSecurityContext | nindent 8 }}
    33        serviceAccountName: {{ include "cert-manager-webhook-oci.fullname" . }}
    34        containers:
    35          - name: {{ .Chart.Name }}
    36            securityContext:
    37              {{- toYaml .Values.securityContext | nindent 12 }}
    38            image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
    39            imagePullPolicy: {{ .Values.image.pullPolicy }}
    40            args:
    41              - --tls-cert-file=/tls/tls.crt
    42              - --tls-private-key-file=/tls/tls.key
    43              - --secure-port={{ .Values.securePort }}
    44            env:
    45              - name: GROUP_NAME
    46                value: {{ .Values.groupName | quote }}
    47            ports:
    48              - name: https
    49                containerPort: {{ .Values.securePort }}
    50                protocol: TCP
    51            livenessProbe:
    52              httpGet:
    53                scheme: HTTPS
    54                path: /healthz
    55                port: https
    56            readinessProbe:
    57              httpGet:
    58                scheme: HTTPS
    59                path: /healthz
    60                port: https
    61            volumeMounts:
    62              - name: certs
    63                mountPath: /tls
    64                readOnly: true
    65            resources:
    66  {{ toYaml .Values.resources | indent 12 }}
    67        volumes:
    68          - name: certs
    69            secret:
    70              secretName: {{ include "cert-manager-webhook-oci.servingCertificate" . }}
    71      {{- with .Values.nodeSelector }}
    72        nodeSelector:
    73  {{ toYaml . | indent 8 }}
    74      {{- end }}
    75      {{- with .Values.affinity }}
    76        affinity:
    77  {{ toYaml . | indent 8 }}
    78      {{- end }}
    79      {{- with .Values.tolerations }}
    80        tolerations:
    81  {{ toYaml . | indent 8 }}
    82      {{- end }}
    83      {{- with .Values.imagePullSecrets }}
    84        imagePullSecrets:
    85  {{ toYaml . | indent 8 }}
    86      {{- end }}