Text file src/edge-infra.dev/config/pallets/sds/securedelivery/k8sadmissioncontroller/base/pod.yaml

Documentation: edge-infra.dev/config/pallets/sds/securedelivery/k8sadmissioncontroller/base

     1apiVersion: v1
     2kind: Pod
     3metadata:
     4  name: k8s-admission
     5  namespace: kube-system
     6  labels:
     7    run: k8s-admission
     8  annotations:
     9    prometheus.io/path: /metrics
    10    prometheus.io/port: http-metrics
    11    prometheus.io/scrape: "true"
    12spec:
    13  terminationGracePeriodSeconds: 30
    14  dnsPolicy: ClusterFirstWithHostNet
    15  hostNetwork: true
    16  hostname: k8s-admissions-controller
    17  initContainers:
    18  - name: init-admission-controller-tls-generate
    19    image: bzl://cmd/sds/admission/init:container_push
    20    command: ["/bin/sh", "/root/generate-tls.sh"]
    21    volumeMounts:
    22    - name: ca-cert
    23      mountPath: /etc/ca/ca.crt
    24    - name: ca-key
    25      mountPath: /etc/ca/ca.key
    26    - name: tls-certs
    27      mountPath: /var/certs
    28  containers:
    29  - name: k8s-admission
    30    image: bzl://cmd/sds/admission/controller:container_push
    31    args:
    32    - run
    33    ports:
    34    - protocol: TCP
    35      containerPort: 8543
    36    env:
    37    - name: KUBECONFIG
    38      value: /root/.kube/config
    39    - name: PULLSECRET_NAMESPACE
    40      value: external-secrets
    41    - name: PULLSECRET_NAME
    42      value: edge-docker-pull-secret
    43    - name: WEBHOOK_NAME
    44      value: admission
    45    - name: WEBHOOK_DOMAIN
    46      value: edge.ncr.com
    47    - name: OLD_WEBHOOK_NAME
    48      value: admission-old
    49    - name: COSIGN_PUB_KEY
    50      value: /data/admission/public-keys/us-east1-docker.pkg.dev/edge-production.crt
    51    resources:
    52      limits:
    53        cpu: "100m"
    54        memory: 150Mi
    55      requests:
    56        cpu: 10m
    57        memory: 15Mi
    58    volumeMounts:
    59    - name: ca-cert
    60      mountPath: /ca/ca.crt
    61    - name: tls-certs
    62      mountPath: /var/certs
    63    - name: cosign
    64      mountPath: /data/admission/public-keys
    65    - name: kubeconfig
    66      mountPath: /root/.kube/config
    67    - name: etcd-certs
    68      mountPath: /etc/kubernetes/pki/etcd/
    69    imagePullPolicy: IfNotPresent
    70  volumes:
    71  - name: ca-cert
    72    hostPath:
    73      type: File
    74      path: /etc/kubernetes/pki/ca.crt
    75  - name: ca-key
    76    hostPath:
    77      type: File
    78      path: /etc/kubernetes/pki/ca.key
    79  - name: cosign
    80    hostPath:
    81      type: DirectoryOrCreate
    82      path: /data/admission/public-keys
    83  - name: etcd-certs
    84    hostPath:
    85      type: Directory
    86      path: /etc/kubernetes/pki/etcd/
    87  - name: kubeconfig
    88    hostPath:
    89      type: File
    90      path: /etc/kubernetes/zylevel0.conf
    91  - name: tls-certs
    92    emptyDir: {}

View as plain text