-
Notifications
You must be signed in to change notification settings - Fork 1
/
deployment.yaml
62 lines (61 loc) · 2.09 KB
/
deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#@ load("@ytt:data", "data")
#@ load("config.lib.yaml", "deploymentName", "fullName", "selectorLabels", "labels", "serviceAccountName", "managerFullyQualifiedDockerImage")
apiVersion: apps/v1
kind: Deployment
metadata:
name: #@ deploymentName()
labels: #@ labels()
spec:
replicas: #@ data.values.replicaCount
selector:
matchLabels: #@ selectorLabels()
template:
metadata:
annotations: #@ data.values.podAnnotations
labels: #@ selectorLabels()
spec:
imagePullSecrets: #@ data.values.imagePullSecrets
serviceAccountName: #@ serviceAccountName()
#@ if data.values.manager.hostNetwork:
hostNetwork: true
#@ end
priorityClassName: #@ data.values.priorityClassName
nodeSelector: #@ data.values.nodeSelector
tolerations: #@ data.values.tolerations
affinity: #@ data.values.affinity
volumes:
- name: cert
secret:
defaultMode: 420
secretName: #@ fullName()+"-tls"
containers:
- name: manager
command:
- /manager
args:
- --enable-leader-election
- #@ "--zap-log-level=" + data.values.manager.options.logLevel if data.values.manager.options.logLevel else 4
- --configuration-name=default
image: #@ managerFullyQualifiedDockerImage()
imagePullPolicy: #@ data.values.manager.image.pullPolicy
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: webhook-server
containerPort: 9443
protocol: TCP
- name: metrics
containerPort: 8080
protocol: TCP
livenessProbe: #@ data.values.manager.livenessProbe
readinessProbe: #@ data.values.manager.readinessProbe
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
resources: #@ data.values.manager.resources
securityContext:
allowPrivilegeEscalation: false