apiVersion: v1 kind: Pod metadata: name: k8s-admission namespace: secure-delivery labels: run: k8s-admission app.kubernetes.io/component: k8s-admission-controller app.kubernetes.io/managed-by: nodeagent app.kubernetes.io/name: k8s-admission-controller app.kubernetes.io/part-of: secure-delivery platform.edge.ncr.com/component: k8s-admission-controller annotations: prometheus.io/path: /metrics prometheus.io/port: http-metrics prometheus.io/scrape: "true" pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z" pallet.edge.ncr.com/name: k8s-admission-controller pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-minions' pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a spec: terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirstWithHostNet hostNetwork: true hostname: k8s-admissions-controller initContainers: - name: init-admission-controller-tls-generate image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/admission_tls_generate@sha256:25f705c1603fb72ef291517afc636fa1a4d4a0a358790c6dc644bcc2ad739207 command: ["/bin/sh", "/root/generate-tls.sh"] volumeMounts: - name: ca-cert mountPath: /etc/ca/ca.crt - name: ca-key mountPath: /etc/ca/ca.key - name: tls-certs mountPath: /var/certs containers: - name: k8s-admission image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/admission@sha256:bd5a3e3081e4bf2391c5371af7fa2a86546fe6b6380164c8ae054e1fe064db5d args: - run ports: - protocol: TCP containerPort: 8543 env: - name: KUBECONFIG value: /root/.kube/config - name: PULLSECRET_NAMESPACE value: external-secrets - name: PULLSECRET_NAME value: edge-docker-pull-secret - name: WEBHOOK_NAME value: admission - name: WEBHOOK_DOMAIN value: edge.ncr.com - name: OLD_WEBHOOK_NAME value: admission-old - name: COSIGN_PUB_KEY value: /data/admission/public-keys/us-east1-docker.pkg.dev/edge-production.crt resources: limits: cpu: "100m" memory: 150Mi requests: cpu: 10m memory: 15Mi volumeMounts: - name: ca-cert mountPath: /ca/ca.crt - name: tls-certs mountPath: /var/certs - name: cosign mountPath: /data/admission/public-keys - name: kubeconfig mountPath: /root/.kube/config - name: etcd-certs mountPath: /etc/kubernetes/pki/etcd/ imagePullPolicy: IfNotPresent volumes: - name: ca-cert hostPath: type: File path: /etc/kubernetes/pki/ca.crt - name: ca-key hostPath: type: File path: /etc/kubernetes/pki/ca.key - name: cosign hostPath: type: DirectoryOrCreate path: /data/admission/public-keys - name: etcd-certs hostPath: type: Directory path: /etc/kubernetes/pki/etcd/ - name: kubeconfig hostPath: type: File path: /etc/kubernetes/zylevel0.conf - name: tls-certs emptyDir: {}