github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/templates/webhook-deployment.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 name: {{ include "webhook.fullname" . }} 5 namespace: {{ include "cert-manager.namespace" . }} 6 labels: 7 app: {{ include "webhook.name" . }} 8 app.kubernetes.io/name: {{ include "webhook.name" . }} 9 app.kubernetes.io/instance: {{ .Release.Name }} 10 app.kubernetes.io/component: "webhook" 11 {{- include "labels" . | nindent 4 }} 12 {{- with .Values.webhook.deploymentAnnotations }} 13 annotations: 14 {{- toYaml . | nindent 4 }} 15 {{- end }} 16 spec: 17 replicas: {{ .Values.webhook.replicaCount }} 18 selector: 19 matchLabels: 20 app.kubernetes.io/name: {{ include "webhook.name" . }} 21 app.kubernetes.io/instance: {{ .Release.Name }} 22 app.kubernetes.io/component: "webhook" 23 {{- with .Values.webhook.strategy }} 24 strategy: 25 {{- toYaml . | nindent 4 }} 26 {{- end }} 27 template: 28 metadata: 29 labels: 30 app: {{ include "webhook.name" . }} 31 app.kubernetes.io/name: {{ include "webhook.name" . }} 32 app.kubernetes.io/instance: {{ .Release.Name }} 33 app.kubernetes.io/component: "webhook" 34 {{- include "labels" . | nindent 8 }} 35 {{- with .Values.webhook.podLabels }} 36 {{- toYaml . | nindent 8 }} 37 {{- end }} 38 {{- with .Values.webhook.podAnnotations }} 39 annotations: 40 {{- toYaml . | nindent 8 }} 41 {{- end }} 42 spec: 43 serviceAccountName: {{ template "webhook.serviceAccountName" . }} 44 {{- if hasKey .Values.webhook "automountServiceAccountToken" }} 45 automountServiceAccountToken: {{ .Values.webhook.automountServiceAccountToken }} 46 {{- end }} 47 {{- with .Values.global.priorityClassName }} 48 priorityClassName: {{ . | quote }} 49 {{- end }} 50 {{- with .Values.webhook.securityContext }} 51 securityContext: 52 {{- toYaml . | nindent 8 }} 53 {{- end }} 54 {{- if .Values.webhook.hostNetwork }} 55 hostNetwork: true 56 {{- end }} 57 containers: 58 - name: {{ .Chart.Name }} 59 {{- with .Values.webhook.image }} 60 image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" 61 {{- end }} 62 imagePullPolicy: {{ .Values.webhook.image.pullPolicy }} 63 args: 64 {{- if .Values.global.logLevel }} 65 - --v={{ .Values.global.logLevel }} 66 {{- end }} 67 {{- if .Values.webhook.config }} 68 - --config=/var/cert-manager/config/config.yaml 69 {{- end }} 70 {{- $config := default .Values.webhook.config "" }} 71 {{ if not $config.securePort -}} 72 - --secure-port={{ .Values.webhook.securePort }} 73 {{- end }} 74 {{- $tlsConfig := default $config.tlsConfig "" }} 75 {{ if or (not $config.tlsConfig) (and (not $tlsConfig.dynamic) (not $tlsConfig.filesystem) ) -}} 76 - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) 77 - --dynamic-serving-ca-secret-name={{ template "webhook.fullname" . }}-ca 78 - --dynamic-serving-dns-names={{ template "webhook.fullname" . }},{{ template "webhook.fullname" . }}.{{ template "cert-manager.namespace" . }},{{ template "webhook.fullname" . }}.{{ template "cert-manager.namespace" . }}.svc{{ if .Values.webhook.url.host }},{{ .Values.webhook.url.host }}{{ end }} 79 {{- end }} 80 {{- with .Values.webhook.extraArgs }} 81 {{- toYaml . | nindent 10 }} 82 {{- end }} 83 ports: 84 - name: https 85 protocol: TCP 86 {{- if $config.securePort }} 87 containerPort: {{ $config.securePort }} 88 {{- else if .Values.webhook.securePort }} 89 containerPort: {{ .Values.webhook.securePort }} 90 {{- else }} 91 containerPort: 6443 92 {{- end }} 93 livenessProbe: 94 httpGet: 95 path: /livez 96 {{- if $config.healthzPort }} 97 port: {{ $config.healthzPort }} 98 {{- else }} 99 port: 6080 100 {{- end }} 101 scheme: HTTP 102 initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }} 103 periodSeconds: {{ .Values.webhook.livenessProbe.periodSeconds }} 104 timeoutSeconds: {{ .Values.webhook.livenessProbe.timeoutSeconds }} 105 successThreshold: {{ .Values.webhook.livenessProbe.successThreshold }} 106 failureThreshold: {{ .Values.webhook.livenessProbe.failureThreshold }} 107 readinessProbe: 108 httpGet: 109 path: /healthz 110 {{- if $config.healthzPort }} 111 port: {{ $config.healthzPort }} 112 {{- else }} 113 port: 6080 114 {{- end }} 115 scheme: HTTP 116 initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }} 117 periodSeconds: {{ .Values.webhook.readinessProbe.periodSeconds }} 118 timeoutSeconds: {{ .Values.webhook.readinessProbe.timeoutSeconds }} 119 successThreshold: {{ .Values.webhook.readinessProbe.successThreshold }} 120 failureThreshold: {{ .Values.webhook.readinessProbe.failureThreshold }} 121 {{- with .Values.webhook.containerSecurityContext }} 122 securityContext: 123 {{- toYaml . | nindent 12 }} 124 {{- end }} 125 env: 126 - name: POD_NAMESPACE 127 valueFrom: 128 fieldRef: 129 fieldPath: metadata.namespace 130 {{- with .Values.webhook.resources }} 131 resources: 132 {{- toYaml . | nindent 12 }} 133 {{- end }} 134 {{- if .Values.webhook.config }} 135 volumeMounts: 136 - name: config 137 mountPath: /var/cert-manager/config 138 {{- end }} 139 {{- with .Values.webhook.nodeSelector }} 140 nodeSelector: 141 {{- toYaml . | nindent 8 }} 142 {{- end }} 143 {{- with .Values.webhook.affinity }} 144 affinity: 145 {{- toYaml . | nindent 8 }} 146 {{- end }} 147 {{- with .Values.webhook.tolerations }} 148 tolerations: 149 {{- toYaml . | nindent 8 }} 150 {{- end }} 151 {{- if .Values.webhook.config }} 152 volumes: 153 - name: config 154 configMap: 155 name: {{ include "webhook.fullname" . }} 156 {{- end }}