apiVersion: apps/v1
kind: Deployment
metadata:
  name: rancher-webhook
spec:
  selector:
    matchLabels:
      app: rancher-webhook
  template:
    metadata:
      labels:
        app: rancher-webhook
    spec:
      volumes:
      - name: tls
        secret:
          secretName: rancher-webhook-tls
      {{- if .Values.global.hostNetwork }}
      hostNetwork: true
      {{- end }}
      containers:
      - env:
        - name: STAMP
          value: "{{.Values.stamp}}"
        - name: ENABLE_CAPI
          value: "{{.Values.capi.enabled}}"
        - name: ENABLE_MCM
          value: "{{.Values.mcm.enabled}}"
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
        name: rancher-webhook
        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
        ports:
        - name: https
          containerPort: 9443
        - name: capi-https
          containerPort: 8777
        volumeMounts:
        - name: tls
          mountPath: /tmp/k8s-webhook-server/serving-certs
      serviceAccountName: rancher-webhook