apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-deployment namespace: {{ .Release.Namespace }} labels: app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} template: metadata: labels: app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} spec: serviceAccountName: {{ template "aws-sigv4-proxy-admission-controller.serviceAccountName" . }} containers: - name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - -tlsCertFile=/etc/webhook/certs/cert.pem - -tlsKeyFile=/etc/webhook/certs/key.pem ports: - containerPort: {{ .Values.webhookService.targetPort }} volumeMounts: - name: webhook-certs mountPath: /etc/webhook/certs readOnly: true env: - name: AWS-SIGV4-PROXY-IMAGE value: {{ .Values.env.awsSigV4ProxyImage }} volumes: - name: webhook-certs secret: secretName: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-certs