# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. {{ if .Values.embedAdmissionController }} apiVersion: apps/v1 kind: Deployment metadata: name: yunikorn-admission-controller labels: app: yunikorn chart: {{ include "yunikorn.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: {{- if .Values.admissionController.hostNetwork }} strategy: type: Recreate {{- end }} replicas: {{ .Values.admissionController.replicaCount }} selector: matchLabels: app: yunikorn component: yunikorn-admission-controller release: {{ .Release.Name }} template: metadata: name: yunikorn-admission-controller labels: app: yunikorn component: yunikorn-admission-controller release: {{ .Release.Name }} {{- with .Values.admissionController.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: {{- with .Values.admissionController.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.admissionPodSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.admissionController.hostNetwork }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} - name: {{ . }} {{- end }} {{- end }} serviceAccountName: {{ .Values.admissionController.serviceAccount }} {{- with .Values.admissionController.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.admissionController.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.admissionController.priorityClassName }} priorityClassName: {{ . }} {{- end }} {{- with .Values.admissionController.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: yunikorn-admission-controller image: "{{ .Values.admissionController.image.repository }}:{{ .Values.admissionController.image.tag }}" imagePullPolicy: {{ .Values.admissionController.image.pullPolicy }} resources: requests: cpu: {{ .Values.admissionController.resources.requests.cpu }} memory: {{ .Values.admissionController.resources.requests.memory }} limits: cpu: {{ .Values.admissionController.resources.limits.cpu }} memory: {{ .Values.admissionController.resources.limits.memory }} {{- with .Values.admissionContainerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: admission-controller-secrets mountPath: /run/secrets/webhook readOnly: true env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: GOMEMLIMIT value: "{{ .Values.admissionController.goMemoryLimit }}" - name: GOGC value: "{{ .Values.admissionController.goGC }}" ports: - containerPort: 9089 name: webhook-api startupProbe: httpGet: scheme: HTTPS path: /health port: webhook-api failureThreshold: 30 periodSeconds: 10 readinessProbe: httpGet: scheme: HTTPS path: /health port: webhook-api periodSeconds: 5 failureThreshold: 3 volumes: - name: admission-controller-secrets secret: secretName: admission-controller-secrets {{ end }}