apiVersion: apps/v1beta1 kind: Deployment metadata: name: {{ include "webhook.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: app: {{ include "webhook.name" . }} chart: {{ include "webhook.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app: {{ include "webhook.name" . }} release: {{ .Release.Name }} {{- with .Values.strategy }} strategy: {{- . | toYaml | nindent 4 }} {{- end }} template: metadata: labels: app: {{ include "webhook.name" . }} release: {{ .Release.Name }} annotations: {{- if .Values.podAnnotations }} {{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} spec: serviceAccountName: {{ include "webhook.fullname" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - --v=12 - --secure-port=6443 - --tls-cert-file=/certs/tls.crt - --tls-private-key-file=/certs/tls.key - --disable-admission-plugins=NamespaceLifecycle,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,Initializers {{- if .Values.extraArgs }} {{ toYaml .Values.extraArgs | indent 10 }} {{- end }} env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace resources: {{ toYaml .Values.resources | indent 12 }} volumeMounts: - name: certs mountPath: /certs volumes: - name: certs secret: secretName: {{ include "webhook.servingCertificate" . }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }}