mirror of https://git.rancher.io/charts
69 lines
2.2 KiB
YAML
69 lines
2.2 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
annotations:
|
|
seccomp.security.alpha.kubernetes.io/pod: runtime/default
|
|
name: {{ .Release.Name }}
|
|
namespace: {{ .Release.Namespace }}
|
|
labels: {{ include "gmsa.chartref" . | nindent 4 }}
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: {{ .Release.Name }}
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: {{ .Release.Name }}
|
|
spec:
|
|
{{- if .Values.podSecurityContext }}
|
|
securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
|
|
{{- end }}
|
|
serviceAccountName: {{ .Release.Name }}
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: kubernetes.io/os
|
|
operator: In
|
|
values:
|
|
- linux
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ .Release.Name }}
|
|
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
|
|
imagePullPolicy: {{ .Values.image.imagePullPolicy }}
|
|
readinessProbe:
|
|
httpGet:
|
|
scheme: HTTPS
|
|
path: /health
|
|
port: 443
|
|
ports:
|
|
- containerPort: 443
|
|
{{- if .Values.securityContext }}
|
|
securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
|
|
{{- end }}
|
|
volumeMounts:
|
|
- name: tls
|
|
mountPath: "/etc/ssl/rancher-windows-gmsa-webhook"
|
|
readOnly: true
|
|
env:
|
|
- name: TLS_KEY
|
|
value: /etc/ssl/rancher-windows-gmsa-webhook/tls.key
|
|
- name: TLS_CRT
|
|
value: /etc/ssl/rancher-windows-gmsa-webhook/tls.crt
|
|
volumes:
|
|
- name: tls
|
|
secret:
|
|
secretName: {{ .Values.certificates.secretName }}
|
|
items:
|
|
- key: tls.key
|
|
path: tls.key
|
|
- key: tls.crt
|
|
path: tls.crt
|
|
|