1# Copyright 2022 Google LLC
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: v1
16kind: ServiceAccount
17metadata:
18 name: webhook-manager
19---
20apiVersion: apps/v1
21kind: Deployment
22metadata:
23 name: webhook-manager
24 labels:
25 cnrm.cloud.google.com/component: cnrm-webhook-manager
26spec:
27 revisionHistoryLimit: 1
28 selector:
29 matchLabels:
30 cnrm.cloud.google.com/component: cnrm-webhook-manager
31 template:
32 metadata:
33 labels:
34 cnrm.cloud.google.com/component: cnrm-webhook-manager
35 spec:
36 serviceAccountName: webhook-manager
37 containers:
38 - command:
39 - /configconnector/webhook
40 image: webhook:latest
41 imagePullPolicy: Always
42 env:
43 - name: NAMESPACE
44 valueFrom:
45 fieldRef:
46 fieldPath: metadata.namespace
47 name: webhook
48 ports:
49 # Port used for readiness probe
50 - containerPort: 23232
51 resources:
52 requests:
53 # This value was tuned to run on a GKE cluster with
54 # default node settings. Increasing this value may
55 # result in a backwards-incompatible change that breaks
56 # add-on updates by not allowing new versions to schedule themselves.
57 cpu: 250m
58 memory: 128Mi
59 limits:
60 memory: 128Mi
61 securityContext:
62 privileged: false
63 runAsUser: 1000
64 runAsNonRoot: true
65 allowPrivilegeEscalation: false
66 readinessProbe:
67 httpGet:
68 path: /ready
69 port: 23232
70 initialDelaySeconds: 7
71 periodSeconds: 3
72 enableServiceLinks: false
73 terminationGracePeriodSeconds: 10
View as plain text