Blame - charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml - pcloud

blob: 1f58bdce7b78b28f7e78d9fd8e77dddc249446e2 [file] [log] [blame]

Giorgi Lekveishvili	725bb39	2023-05-05 18:24:27 +0400	[diff] [blame^]	1	{{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled -}}
				2	apiVersion: batch/v1
				3	kind: Job
				4	metadata:
				5	name: {{ include "ingress-nginx.fullname" . }}-admission-create
				6	namespace: {{ .Release.Namespace }}
				7	annotations:
				8	"helm.sh/hook": pre-install,pre-upgrade
				9	"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
				10	labels:
				11	{{- include "ingress-nginx.labels" . \| nindent 4 }}
				12	app.kubernetes.io/component: admission-webhook
				13	spec:
				14	{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
				15	# Alpha feature since k8s 1.12
				16	ttlSecondsAfterFinished: 0
				17	{{- end }}
				18	template:
				19	metadata:
				20	name: {{ include "ingress-nginx.fullname" . }}-admission-create
				21	{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
				22	annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations \| nindent 8 }}
				23	{{- end }}
				24	labels:
				25	{{- include "ingress-nginx.labels" . \| nindent 8 }}
				26	app.kubernetes.io/component: admission-webhook
				27	spec:
				28	{{- if .Values.controller.admissionWebhooks.patch.priorityClassName }}
				29	priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }}
				30	{{- end }}
				31	{{- if .Values.imagePullSecrets }}
				32	imagePullSecrets: {{ toYaml .Values.imagePullSecrets \| nindent 8 }}
				33	{{- end }}
				34	containers:
				35	- name: create
				36	{{- with .Values.controller.admissionWebhooks.patch.image }}
				37	image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}"
				38	{{- end }}
				39	imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
				40	args:
				41	- create
				42	- --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc
				43	- --namespace=$(POD_NAMESPACE)
				44	- --secret-name={{ include "ingress-nginx.fullname" . }}-admission
				45	env:
				46	- name: POD_NAMESPACE
				47	valueFrom:
				48	fieldRef:
				49	fieldPath: metadata.namespace
				50	{{- if .Values.controller.admissionWebhooks.createSecretJob.resources }}
				51	resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources \| nindent 12 }}
				52	{{- end }}
				53	restartPolicy: OnFailure
				54	serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
				55	{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
				56	nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector \| nindent 8 }}
				57	{{- end }}
				58	{{- if .Values.controller.admissionWebhooks.patch.tolerations }}
				59	tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations \| nindent 8 }}
				60	{{- end }}
				61	securityContext:
				62	runAsNonRoot: true
				63	runAsUser: {{ .Values.controller.admissionWebhooks.patch.runAsUser }}
				64	{{- end }}