apiVersion: apps/v1
kind: Deployment
metadata:
  name: rancher-webhook
spec:
  selector:
    matchLabels:
      app: rancher-webhook
  template:
    metadata:
      labels:
        app: rancher-webhook
    spec:
      {{- if .Values.capi.enabled }}
      volumes:
      - name: tls
        secret:
          secretName: rancher-webhook-tls
      {{- end }}
      {{- if .Values.global.hostNetwork }}
      hostNetwork: true
      {{- end }}
      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
      {{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
      {{- end }}
      tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
      {{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 6 }}
      {{- end }}
      containers:
      - env:
        - name: STAMP
          value: "{{.Values.stamp}}"
        - name: ENABLE_CAPI
          value: "{{.Values.capi.enabled}}"
        - name: ENABLE_MCM
          value: "{{.Values.mcm.enabled}}"
        - name: NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
        name: rancher-webhook
        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
        ports:
        - name: https
          containerPort: 9443
        - name: capi-https
          containerPort: 8777
        {{- if .Values.capi.enabled }}
        volumeMounts:
        - name: tls
          mountPath: /tmp/k8s-webhook-server/serving-certs
        {{- end }}
      serviceAccountName: rancher-webhook
      {{- if .Values.priorityClassName }}
      priorityClassName: "{{.Values.priorityClassName}}"
      {{- end }}