jonny/charts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
36169cb685
charts/vault-secrets-webhook/templates/webhook-deployment.yaml

125 lines
4.3 KiB
YAML
Raw Blame History

apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "vault-secrets-webhook.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
helm.sh/chart: {{ template "vault-secrets-webhook.chart" . }}
app.kubernetes.io/name: {{ template "vault-secrets-webhook.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: mutating-webhook
{{- if .Values.labels }}
{{ toYaml .Values.labels | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "vault-secrets-webhook.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.deployment }}
{{- if .Values.deployment.strategy }}
strategy:
{{ toYaml .Values.deployment.strategy | indent 4 }}
{{- end }}
{{- end }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "vault-secrets-webhook.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
security.banzaicloud.io/mutate: skip
{{- if .Values.labels }}
{{ toYaml .Values.labels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/apiservice-webhook.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.hostNetwork}}
hostNetwork: {{ .Values.hostNetwork}}
{{- end }}
{{- with .Values.dnsPolicy }}
dnsPolicy: {{ . }}
{{- end }}
serviceAccountName: {{ template "vault-secrets-webhook.serviceAccountName" . }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
volumes:
- name: serving-cert
secret:
defaultMode: 420
secretName: {{ include "vault-secrets-webhook.servingCertificate" . }}
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }}
{{- end }}
{{- if .Values.image.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.image.imagePullSecrets | indent 8 }}
{{- end }}
{{- if .Values.initContainers }}
initContainers:
{{ toYaml .Values.initContainers | indent 8}}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ include "vault-secrets-webhook.bank-vaults.version" . }}"
env:
- name: TLS_CERT_FILE
value: /var/serving-cert/tls.crt
- name: TLS_PRIVATE_KEY_FILE
value: /var/serving-cert/tls.key
- name: LISTEN_ADDRESS
value: ":{{ .Values.service.internalPort }}"
{{- if .Values.debug }}
- name: LOG_LEVEL
value: "debug"
{{- end }}
- name: VAULT_ENV_IMAGE
value: "{{ .Values.vaultEnv.repository }}:{{ include "vault-secrets-webhook.vault-env.version" . }}"
{{- range $key, $value := .Values.env }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
readinessProbe:
httpGet:
scheme: HTTPS
path: /healthz
port: {{ .Values.service.internalPort }}
volumeMounts:
- mountPath: /var/serving-cert
name: serving-cert
{{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 12 }}
{{- end }}
securityContext: {{- toYaml .Values.securityContext | nindent 12 }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.podSecurityContext }}
securityContext:
{{ toYaml .Values.podSecurityContext | indent 8 }}
{{- end }}
{{- if .Values.topologySpreadConstraints }}
topologySpreadConstraints:
{{ toYaml .Values.topologySpreadConstraints | indent 8 }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink