-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathwebhook.yaml
62 lines (62 loc) · 1.56 KB
/
webhook.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
---
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: webhook
name: system
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: webhook
namespace: system
labels:
control-plane: webhook
annotations:
seccomp.security.alpha.kubernetes.io/pod: runtime/default
spec:
selector:
matchLabels:
control-plane: webhook
replicas: 1
template:
metadata:
labels:
control-plane: webhook
spec:
containers:
- command:
- /webhook
# uncomment the following section to update the respective parameters.
#args:
#- --allowed-external-ip-cidrs=10.0.0.0/8,11.0.0.0/8
#- --allowed-usernames=system:admin,system:serviceaccount:kube-system:default
#- --allowed-groups=system:masters,system:authenticated
#- --webhook-port=9443
#- --metrics-addr=0.0.0.0:8443
image: webhook:latest
name: webhook
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
#- containerPort: 8443
# name: webhook-metrics
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert
terminationGracePeriodSeconds: 10