arcbox/hello_arc/charts/nginx-ingress/templates/admission-webhooks/job-patch/job-patchWebhook.yaml (62 lines of code) (raw):
{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission-patch
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ template "nginx-ingress.releaseLabel" . }}
spec:
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
ttlSecondsAfterFinished: 0
{{- end }}
template:
metadata:
name: {{ template "nginx-ingress.fullname" . }}-admission-patch
{{- with .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations:
{{ toYaml . | indent 8 }}
{{- end }}
labels:
app: {{ template "nginx-ingress.name" . }}
chart: {{ template "nginx-ingress.chart" . }}
component: "{{ .Values.controller.name }}"
heritage: {{ .Release.Service }}
release: {{ template "nginx-ingress.releaseLabel" . }}
spec:
{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
{{- end }}
containers:
- name: patch
{{- with .Values.controller.admissionWebhooks.patch.image }}
image: "{{.repository}}{{- if (.digest) -}} @{{.digest}} {{- else -}} :{{ .tag }} {{- end -}}"
{{- end }}
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.pullPolicy }}
args:
- patch
- --webhook-name={{ template "nginx-ingress.fullname" . }}-admission
- --namespace={{ .Release.Namespace }}
- --patch-mutating=false
- --secret-name={{ template "nginx-ingress.fullname". }}-admission
- --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
{{- with .Values.controller.admissionWebhooks.patch.resources }}
resources:
{{ toYaml . | indent 12 }}
{{- end }}
restartPolicy: OnFailure
serviceAccountName: {{ template "nginx-ingress.fullname" . }}-admission
{{- with .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
securityContext:
runAsNonRoot: true
runAsUser: 2000
{{- end }}