rancher-partner-charts/charts/nutanix/nutanix-csi-snapshot/templates/validating-deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: csi-snapshot-webhook
  namespace: {{ .Release.Namespace }}
  labels:
    app: csi-snapshot-webhook
spec:
  replicas: {{ .Values.validationWebHook.replicas }}
  selector:
    matchLabels:
      app: csi-snapshot-webhook
  strategy:
    rollingUpdate:
      maxSurge: 0
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: csi-snapshot-webhook
    spec:
      serviceAccountName: csi-snapshot-webhook
      containers:
      - name: snapshot-validation
        image: {{ .Values.validationWebHook.image }}:{{ include "nutanix-csi-snapshot.release" . }}
        imagePullPolicy: {{ .Values.imagePullPolicy }}
        args:
          - --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt
          - --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key
          - --v=2
          - --port=8443
        ports:
        - containerPort: 8443
        resources:
          requests:
            cpu: 10m
            memory: 20Mi
        securityContext:
          capabilities:
            drop:
            - ALL
          readOnlyRootFilesystem: true
          runAsNonRoot: true
          runAsUser: 1000
        volumeMounts:
          - name: snapshot-validation-webhook-certs
            mountPath: /etc/snapshot-validation-webhook/certs
            readOnly: true
      volumes:
        - name: snapshot-validation-webhook-certs
          secret:
            secretName: {{ .Values.tls.secretName }}
      priorityClassName: system-cluster-critical
      securityContext:
        runAsNonRoot: true
      nodeSelector:
    {{- with (.Values.validationWebHook.nodeSelector | default .Values.nodeSelector ) }}
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with (.Values.validationWebHook.tolerations | default .Values.tolerations)}}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchLabels:
                    app: csi-snapshot-webhook
                topologyKey: kubernetes.io/hostname
---
apiVersion: v1
kind: Service
metadata:
  name: csi-snapshot-webhook
  namespace: {{ .Release.Namespace }}
spec:
  selector:
    app: csi-snapshot-webhook
  ports:
    - name: webhook
      protocol: TCP
      port: 443
      targetPort: 8443
make charts 2022-07-29 09:45:41 +00:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: csi-snapshot-webhook`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`app: csi-snapshot-webhook`
			`spec:`
			`replicas: {{ .Values.validationWebHook.replicas }}`
			`selector:`
			`matchLabels:`
			`app: csi-snapshot-webhook`
			`strategy:`
			`rollingUpdate:`
			`maxSurge: 0`
			`maxUnavailable: 1`
			`type: RollingUpdate`
			`template:`
			`metadata:`
			`labels:`
			`app: csi-snapshot-webhook`
			`spec:`
			`serviceAccountName: csi-snapshot-webhook`
			`containers:`
			`- name: snapshot-validation`
			`image: {{ .Values.validationWebHook.image }}:{{ include "nutanix-csi-snapshot.release" . }}`
			`imagePullPolicy: {{ .Values.imagePullPolicy }}`
			`args:`
			`- --tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt`
			`- --tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key`
			`- --v=2`
			`- --port=8443`
			`ports:`
			`- containerPort: 8443`
			`resources:`
			`requests:`
			`cpu: 10m`
			`memory: 20Mi`
			`securityContext:`
			`capabilities:`
			`drop:`
			`- ALL`
			`readOnlyRootFilesystem: true`
			`runAsNonRoot: true`
			`runAsUser: 1000`
			`volumeMounts:`
			`- name: snapshot-validation-webhook-certs`
			`mountPath: /etc/snapshot-validation-webhook/certs`
			`readOnly: true`
			`volumes:`
			`- name: snapshot-validation-webhook-certs`
			`secret:`
			`secretName: {{ .Values.tls.secretName }}`
			`priorityClassName: system-cluster-critical`
			`securityContext:`
			`runAsNonRoot: true`
			`nodeSelector:`
			`{{- with (.Values.validationWebHook.nodeSelector \| default .Values.nodeSelector ) }}`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- with (.Values.validationWebHook.tolerations \| default .Values.tolerations)}}`
			`tolerations:`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`affinity:`
			`podAntiAffinity:`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 100`
			`podAffinityTerm:`
			`labelSelector:`
			`matchLabels:`
			`app: csi-snapshot-webhook`
			`topologyKey: kubernetes.io/hostname`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: csi-snapshot-webhook`
			`namespace: {{ .Release.Namespace }}`
			`spec:`
			`selector:`
			`app: csi-snapshot-webhook`
			`ports:`
			`- name: webhook`
			`protocol: TCP`
			`port: 443`
			`targetPort: 8443`