1apiVersion: v1
2kind: Pod
3metadata:
4 name: k8s-admission
5 namespace: secure-delivery
6 labels:
7 run: k8s-admission
8 app.kubernetes.io/component: k8s-admission-controller
9 app.kubernetes.io/managed-by: nodeagent
10 app.kubernetes.io/name: k8s-admission-controller
11 app.kubernetes.io/part-of: secure-delivery
12 platform.edge.ncr.com/component: k8s-admission-controller
13 annotations:
14 prometheus.io/path: /metrics
15 prometheus.io/port: http-metrics
16 prometheus.io/scrape: "true"
17 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
18 pallet.edge.ncr.com/name: k8s-admission-controller
19 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
20 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
21 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-minions'
22 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
23spec:
24 terminationGracePeriodSeconds: 30
25 dnsPolicy: ClusterFirstWithHostNet
26 hostNetwork: true
27 hostname: k8s-admissions-controller
28 initContainers:
29 - name: init-admission-controller-tls-generate
30 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/admission_tls_generate@sha256:25f705c1603fb72ef291517afc636fa1a4d4a0a358790c6dc644bcc2ad739207
31 command: ["/bin/sh", "/root/generate-tls.sh"]
32 volumeMounts:
33 - name: ca-cert
34 mountPath: /etc/ca/ca.crt
35 - name: ca-key
36 mountPath: /etc/ca/ca.key
37 - name: tls-certs
38 mountPath: /var/certs
39 containers:
40 - name: k8s-admission
41 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/admission@sha256:bd5a3e3081e4bf2391c5371af7fa2a86546fe6b6380164c8ae054e1fe064db5d
42 args:
43 - run
44 ports:
45 - protocol: TCP
46 containerPort: 8543
47 env:
48 - name: KUBECONFIG
49 value: /root/.kube/config
50 - name: PULLSECRET_NAMESPACE
51 value: external-secrets
52 - name: PULLSECRET_NAME
53 value: edge-docker-pull-secret
54 - name: WEBHOOK_NAME
55 value: admission
56 - name: WEBHOOK_DOMAIN
57 value: edge.ncr.com
58 - name: OLD_WEBHOOK_NAME
59 value: admission-old
60 - name: COSIGN_PUB_KEY
61 value: /data/admission/public-keys/us-east1-docker.pkg.dev/edge-production.crt
62 resources:
63 limits:
64 cpu: "100m"
65 memory: 150Mi
66 requests:
67 cpu: 10m
68 memory: 15Mi
69 volumeMounts:
70 - name: ca-cert
71 mountPath: /ca/ca.crt
72 - name: tls-certs
73 mountPath: /var/certs
74 - name: cosign
75 mountPath: /data/admission/public-keys
76 - name: kubeconfig
77 mountPath: /root/.kube/config
78 - name: etcd-certs
79 mountPath: /etc/kubernetes/pki/etcd/
80 imagePullPolicy: IfNotPresent
81 volumes:
82 - name: ca-cert
83 hostPath:
84 type: File
85 path: /etc/kubernetes/pki/ca.crt
86 - name: ca-key
87 hostPath:
88 type: File
89 path: /etc/kubernetes/pki/ca.key
90 - name: cosign
91 hostPath:
92 type: DirectoryOrCreate
93 path: /data/admission/public-keys
94 - name: etcd-certs
95 hostPath:
96 type: Directory
97 path: /etc/kubernetes/pki/etcd/
98 - name: kubeconfig
99 hostPath:
100 type: File
101 path: /etc/kubernetes/zylevel0.conf
102 - name: tls-certs
103 emptyDir: {}
View as plain text