Blame - charts/cert-manager/templates/webhook-deployment.yaml - pcloud

blob: 043c4b15071b9fafb95670f115a52a24dcf83b4a [file] [log] [blame]

Giorgi Lekveishvili	d1234c1	2023-06-19 10:37:06 +0400	[diff] [blame]	1	apiVersion: apps/v1
				2	kind: Deployment
				3	metadata:
				4	name: {{ include "webhook.fullname" . }}
				5	namespace: {{ include "cert-manager.namespace" . }}
				6	labels:
				7	app: {{ include "webhook.name" . }}
				8	app.kubernetes.io/name: {{ include "webhook.name" . }}
				9	app.kubernetes.io/instance: {{ .Release.Name }}
				10	app.kubernetes.io/component: "webhook"
				11	{{- include "labels" . \| nindent 4 }}
				12	{{- with .Values.webhook.deploymentAnnotations }}
				13	annotations:
				14	{{- toYaml . \| nindent 4 }}
				15	{{- end }}
				16	spec:
				17	replicas: {{ .Values.webhook.replicaCount }}
				18	selector:
				19	matchLabels:
				20	app.kubernetes.io/name: {{ include "webhook.name" . }}
				21	app.kubernetes.io/instance: {{ .Release.Name }}
				22	app.kubernetes.io/component: "webhook"
				23	{{- with .Values.webhook.strategy }}
				24	strategy:
				25	{{- toYaml . \| nindent 4 }}
				26	{{- end }}
				27	template:
				28	metadata:
				29	labels:
				30	app: {{ include "webhook.name" . }}
				31	app.kubernetes.io/name: {{ include "webhook.name" . }}
				32	app.kubernetes.io/instance: {{ .Release.Name }}
				33	app.kubernetes.io/component: "webhook"
				34	{{- include "labels" . \| nindent 8 }}
				35	{{- with .Values.webhook.podLabels }}
				36	{{- toYaml . \| nindent 8 }}
				37	{{- end }}
				38	{{- with .Values.webhook.podAnnotations }}
				39	annotations:
				40	{{- toYaml . \| nindent 8 }}
				41	{{- end }}
				42	spec:
				43	serviceAccountName: {{ template "webhook.serviceAccountName" . }}
				44	{{- if hasKey .Values.webhook "automountServiceAccountToken" }}
				45	automountServiceAccountToken: {{ .Values.webhook.automountServiceAccountToken }}
				46	{{- end }}
				47	{{- with .Values.global.priorityClassName }}
				48	priorityClassName: {{ . \| quote }}
				49	{{- end }}
				50	{{- with .Values.webhook.securityContext }}
				51	securityContext:
				52	{{- toYaml . \| nindent 8 }}
				53	{{- end }}
				54	{{- if .Values.webhook.hostNetwork }}
				55	hostNetwork: true
				56	{{- end }}
				57	containers:
				58	- name: {{ .Chart.Name }}-webhook
				59	{{- with .Values.webhook.image }}
				60	image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}"
				61	{{- end }}
				62	imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
				63	args:
				64	{{- if .Values.global.logLevel }}
				65	- --v={{ .Values.global.logLevel }}
				66	{{- end }}
				67	{{- if .Values.webhook.config }}
				68	- --config=/var/cert-manager/config/config.yaml
				69	{{- end }}
				70	{{- $config := default .Values.webhook.config "" }}
				71	{{ if not $config.securePort -}}
				72	- --secure-port={{ .Values.webhook.securePort }}
				73	{{- end }}
				74	{{- if .Values.featureGates }}
				75	- --feature-gates={{ .Values.featureGates }}
				76	{{- end }}
				77	{{- $tlsConfig := default $config.tlsConfig "" }}
				78	{{ if or (not $config.tlsConfig) (and (not $tlsConfig.dynamic) (not $tlsConfig.filesystem) ) -}}
				79	- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
				80	- --dynamic-serving-ca-secret-name={{ template "webhook.fullname" . }}-ca
				81	- --dynamic-serving-dns-names={{ template "webhook.fullname" . }}
				82	- --dynamic-serving-dns-names={{ template "webhook.fullname" . }}.$(POD_NAMESPACE)
				83	- --dynamic-serving-dns-names={{ template "webhook.fullname" . }}.$(POD_NAMESPACE).svc
				84	{{ if .Values.webhook.url.host }}
				85	- --dynamic-serving-dns-names={{ .Values.webhook.url.host }}
				86	{{- end }}
				87	{{- end }}
				88	{{- with .Values.webhook.extraArgs }}
				89	{{- toYaml . \| nindent 10 }}
				90	{{- end }}
				91	ports:
				92	- name: https
				93	protocol: TCP
				94	{{- if $config.securePort }}
				95	containerPort: {{ $config.securePort }}
				96	{{- else if .Values.webhook.securePort }}
				97	containerPort: {{ .Values.webhook.securePort }}
				98	{{- else }}
				99	containerPort: 6443
				100	{{- end }}
				101	- name: healthcheck
				102	protocol: TCP
				103	{{- if $config.healthzPort }}
				104	containerPort: {{ $config.healthzPort }}
				105	{{- else }}
				106	containerPort: 6080
				107	{{- end }}
				108	livenessProbe:
				109	httpGet:
				110	path: /livez
				111	{{- if $config.healthzPort }}
				112	port: {{ $config.healthzPort }}
				113	{{- else }}
				114	port: 6080
				115	{{- end }}
				116	scheme: HTTP
				117	initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }}
				118	periodSeconds: {{ .Values.webhook.livenessProbe.periodSeconds }}
				119	timeoutSeconds: {{ .Values.webhook.livenessProbe.timeoutSeconds }}
				120	successThreshold: {{ .Values.webhook.livenessProbe.successThreshold }}
				121	failureThreshold: {{ .Values.webhook.livenessProbe.failureThreshold }}
				122	readinessProbe:
				123	httpGet:
				124	path: /healthz
				125	{{- if $config.healthzPort }}
				126	port: {{ $config.healthzPort }}
				127	{{- else }}
				128	port: 6080
				129	{{- end }}
				130	scheme: HTTP
				131	initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }}
				132	periodSeconds: {{ .Values.webhook.readinessProbe.periodSeconds }}
				133	timeoutSeconds: {{ .Values.webhook.readinessProbe.timeoutSeconds }}
				134	successThreshold: {{ .Values.webhook.readinessProbe.successThreshold }}
				135	failureThreshold: {{ .Values.webhook.readinessProbe.failureThreshold }}
				136	{{- with .Values.webhook.containerSecurityContext }}
				137	securityContext:
				138	{{- toYaml . \| nindent 12 }}
				139	{{- end }}
				140	env:
				141	- name: POD_NAMESPACE
				142	valueFrom:
				143	fieldRef:
				144	fieldPath: metadata.namespace
				145	{{- with .Values.webhook.resources }}
				146	resources:
				147	{{- toYaml . \| nindent 12 }}
				148	{{- end }}
Giorgi Lekveishvili	0048a78	2023-06-20 18:32:21 +0400	[diff] [blame]	149	{{- if or .Values.webhook.config .Values.webhook.volumeMounts }}
Giorgi Lekveishvili	d1234c1	2023-06-19 10:37:06 +0400	[diff] [blame]	150	volumeMounts:
Giorgi Lekveishvili	0048a78	2023-06-20 18:32:21 +0400	[diff] [blame]	151	{{- if .Values.webhook.config }}
Giorgi Lekveishvili	d1234c1	2023-06-19 10:37:06 +0400	[diff] [blame]	152	- name: config
				153	mountPath: /var/cert-manager/config
Giorgi Lekveishvili	0048a78	2023-06-20 18:32:21 +0400	[diff] [blame]	154	{{- end }}
				155	{{- if .Values.webhook.volumeMounts }}
				156	{{- toYaml .Values.webhook.volumeMounts \| nindent 12 }}
				157	{{- end }}
Giorgi Lekveishvili	d1234c1	2023-06-19 10:37:06 +0400	[diff] [blame]	158	{{- end }}
				159	{{- with .Values.webhook.nodeSelector }}
				160	nodeSelector:
				161	{{- toYaml . \| nindent 8 }}
				162	{{- end }}
				163	{{- with .Values.webhook.affinity }}
				164	affinity:
				165	{{- toYaml . \| nindent 8 }}
				166	{{- end }}
				167	{{- with .Values.webhook.tolerations }}
				168	tolerations:
				169	{{- toYaml . \| nindent 8 }}
				170	{{- end }}
				171	{{- with .Values.webhook.topologySpreadConstraints }}
				172	topologySpreadConstraints:
				173	{{- toYaml . \| nindent 8 }}
				174	{{- end }}
Giorgi Lekveishvili	0048a78	2023-06-20 18:32:21 +0400	[diff] [blame]	175	{{- if or .Values.webhook.config .Values.webhook.volumes }}
Giorgi Lekveishvili	d1234c1	2023-06-19 10:37:06 +0400	[diff] [blame]	176	volumes:
Giorgi Lekveishvili	0048a78	2023-06-20 18:32:21 +0400	[diff] [blame]	177	{{- if .Values.webhook.config }}
Giorgi Lekveishvili	d1234c1	2023-06-19 10:37:06 +0400	[diff] [blame]	178	- name: config
				179	configMap:
				180	name: {{ include "webhook.fullname" . }}
Giorgi Lekveishvili	0048a78	2023-06-20 18:32:21 +0400	[diff] [blame]	181	{{- end }}
				182	{{- if .Values.webhook.volumes }}
				183	{{- toYaml .Values.webhook.volumes \| nindent 8 }}
				184	{{- end }}
Giorgi Lekveishvili	d1234c1	2023-06-19 10:37:06 +0400	[diff] [blame]	185	{{- end }}