This repository has been archived by the owner on May 6, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 381
/
Copy pathwebhook-deployment.yaml
112 lines (112 loc) · 3.44 KB
/
webhook-deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "fullname" . }}-webhook
labels:
app: {{ template "fullname" . }}-webhook
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
replicas: 1
strategy: {{ toYaml .Values.webhook.strategy | nindent 4 }}
minReadySeconds: {{ .Values.webhook.minReadySeconds }}
selector:
matchLabels:
app: {{ template "fullname" . }}-webhook
template:
metadata:
labels:
{{- if .Values.podLabels }}
{{- tpl (toYaml .Values.podLabels) $ | nindent 8 }}
{{- end }}
app: {{ template "fullname" . }}-webhook
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
releaseRevision: "{{ .Release.Revision }}"
heritage: "{{ .Release.Service }}"
{{- if .Values.webhook.annotations }}
annotations:
{{ toYaml .Values.webhook.annotations | indent 8 }}
{{- end }}
spec:
{{- with .Values.securityContext }}
securityContext:
{{ toYaml . | indent 8 }}
{{- end }}
serviceAccountName: "{{ .Values.webhook.serviceAccount }}"
{{- if .Values.priorityClassName }}
priorityClassName: "{{ .Values.priorityClassName }}"
{{- end }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 8 }}
containers:
- name: svr
image: {{ .Values.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
resources:
{{ toYaml .Values.webhook.resources | indent 10 }}
args:
- webhook
- --secure-port
- "8443"
- --healthz-server-bind-port
- "8081"
- -v
- "{{ .Values.webhook.verbosity }}"
- --feature-gates
- OriginatingIdentity={{.Values.originatingIdentityEnabled}}
- --feature-gates
- ServicePlanDefaults={{.Values.servicePlanDefaultsEnabled}}
{{- if .Values.namespacedServiceBrokerDisabled }}
- --feature-gates
- NamespacedServiceBroker=false
{{- end }}
ports:
- containerPort: 8443
volumeMounts:
- name: service-catalog-webhook-cert
mountPath: /var/run/service-catalog-webhook
readOnly: true
{{- if .Values.webhook.healthcheck.enabled }}
readinessProbe:
httpGet:
port: 8081
path: /healthz/ready
scheme: HTTP
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
livenessProbe:
httpGet:
port: 8081
path: /healthz
scheme: HTTP
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
{{- end }}
{{- with .Values.affinity }}
affinity: {{- tpl (toYaml .) $ | nindent 8 }}
{{- end }}
{{- if or .Values.webhook.nodeSelector .Values.nodeSelector }}
nodeSelector:
{{ toYaml (mustMerge .Values.webhook.nodeSelector .Values.nodeSelector) | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
volumes:
- name: service-catalog-webhook-cert
secret:
secretName: {{ template "fullname" . }}-webhook-cert
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key