apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "webhook.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: app: {{ include "webhook.name" . }} app.kubernetes.io/name: {{ include "webhook.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/component: "webhook" helm.sh/chart: {{ include "webhook.chart" . }} {{- if .Values.webhook.deploymentAnnotations }} annotations: {{ toYaml .Values.webhook.deploymentAnnotations | indent 4 }} {{- end }} spec: replicas: {{ .Values.webhook.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "webhook.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "webhook" {{- with .Values.webhook.strategy }} strategy: {{- . | toYaml | nindent 4 }} {{- end }} template: metadata: labels: app: {{ include "webhook.name" . }} app.kubernetes.io/name: {{ include "webhook.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/component: "webhook" helm.sh/chart: {{ include "webhook.chart" . }} {{- if .Values.webhook.podLabels }} {{ toYaml .Values.webhook.podLabels | indent 8 }} {{- end }} {{- if .Values.webhook.podAnnotations }} annotations: {{ toYaml .Values.webhook.podAnnotations | indent 8 }} {{- end }} spec: serviceAccountName: {{ template "webhook.serviceAccountName" . }} {{- if .Values.global.priorityClassName }} priorityClassName: {{ .Values.global.priorityClassName | quote }} {{- end }} {{- if .Values.webhook.securityContext}} securityContext: {{ toYaml .Values.webhook.securityContext | indent 8 }} {{- end }} {{- if .Values.webhook.hostNetwork }} hostNetwork: true {{- end }} containers: - name: {{ .Chart.Name }} {{- with .Values.webhook.image }} image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{.digest}}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" {{- end }} imagePullPolicy: {{ .Values.webhook.image.pullPolicy }} args: {{- if .Values.global.logLevel }} - --v={{ .Values.global.logLevel }} {{- end }} - --secure-port={{ .Values.webhook.securePort }} - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - --dynamic-serving-ca-secret-name={{ template "webhook.fullname" . }}-ca - --dynamic-serving-dns-names={{ template "webhook.fullname" . }},{{ template "webhook.fullname" . }}.{{ .Release.Namespace }},{{ template "webhook.fullname" . }}.{{ .Release.Namespace }}.svc {{- if .Values.webhook.extraArgs }} {{ toYaml .Values.webhook.extraArgs | indent 10 }} {{- end }} ports: - name: https containerPort: {{ .Values.webhook.securePort }} livenessProbe: httpGet: path: /livez port: 6080 scheme: HTTP initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.webhook.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.webhook.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.webhook.livenessProbe.successThreshold }} failureThreshold: {{ .Values.webhook.livenessProbe.failureThreshold }} readinessProbe: httpGet: path: /healthz port: 6080 scheme: HTTP initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.webhook.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.webhook.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.webhook.readinessProbe.successThreshold }} failureThreshold: {{ .Values.webhook.readinessProbe.failureThreshold }} {{- if .Values.webhook.containerSecurityContext }} securityContext: {{- toYaml .Values.webhook.containerSecurityContext | nindent 12 }} {{- end }} env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace resources: {{ toYaml .Values.webhook.resources | indent 12 }} {{- with .Values.webhook.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.webhook.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.webhook.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }}