1{{ if (eq .NodeRole "controlplane") -}}
2apiVersion: v1
3kind: Pod
4metadata:
5 name: k8s-admission
6 namespace: kube-system
7 labels:
8 platform.edge.ncr.com/component: k8s-admission
9 run: k8s-admission
10 annotations:
11 prometheus.io/path: /metrics
12 prometheus.io/port: http-metrics
13 prometheus.io/scrape: "true"
14spec:
15 hostNetwork: true
16 terminationGracePeriodSeconds: 30
17 dnsPolicy: ClusterFirstWithHostNet
18 hostname: k8s-admissions-controller
19 initContainers:
20 - name: init-admission-controller-tls-generate
21 image: {{ .AdmissionInitImage }}
22 command: ["/bin/sh", "/root/generate-tls.sh"]
23 volumeMounts:
24 - name: ca-cert
25 mountPath: /etc/ca/ca.crt
26 - name: ca-key
27 mountPath: /etc/ca/ca.key
28 - name: tls-certs
29 mountPath: /var/certs
30 containers:
31 - args:
32 - run
33 image: {{ .Image }}
34 name: k8s-admission
35 resources:
36 limits:
37 cpu: "100m"
38 memory: 150Mi
39 requests:
40 cpu: 10m
41 memory: 15Mi
42 volumeMounts:
43 - name: ca-cert
44 mountPath: /ca/ca.crt
45 - name: tls-certs
46 mountPath: /var/certs
47 - name: cosign
48 mountPath: /data/admission/public-keys
49 - name: kubeconfig
50 mountPath: /root/.kube/config
51 - name: etcd-certs
52 mountPath: /etc/kubernetes/pki/etcd/
53 imagePullPolicy: IfNotPresent
54 ports:
55 - containerPort: 8543
56 protocol: TCP
57 - name: metrics
58 protocol: TCP
59 containerPort: 9086
60 env:
61 - name: KUBECONFIG
62 value: /root/.kube/config
63 - name: PULLSECRET_NAMESPACE
64 value: external-secrets
65 - name: PULLSECRET_NAME
66 value: edge-docker-pull-secret
67 - name: WEBHOOK_NAME
68 value: admission
69 - name: WEBHOOK_DOMAIN
70 value: edge.ncr.com
71 - name: OLD_WEBHOOK_NAME
72 value: admission-old
73 - name: COSIGN_PUB_KEY
74 value: /data/admission/public-keys/us-east1-docker.pkg.dev/edge-production.crt
75 volumes:
76 - name: tls-certs
77 emptyDir: {}
78 - name: cosign
79 hostPath:
80 type: DirectoryOrCreate
81 path: /data/admission/public-keys
82 - name: kubeconfig
83 hostPath:
84 type: File
85 path: /etc/kubernetes/zylevel0.conf
86 - name: ca-cert
87 hostPath:
88 type: File
89 path: /etc/kubernetes/pki/ca.crt
90 - name: ca-key
91 hostPath:
92 type: File
93 path: /etc/kubernetes/pki/ca.key
94 - name: etcd-certs
95 hostPath:
96 type: Directory
97 path: /etc/kubernetes/pki/etcd/
98{{ end -}}
View as plain text