{{- if .Values.createNamespaceMetadataJob}} apiVersion: batch/v1 kind: Job metadata: annotations: {{ include "partials.annotations.created-by" . }} "helm.sh/hook": post-install "helm.sh/hook-weight": "1" "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded labels: linkerd.io/extension: multicluster app.kubernetes.io/name: namespace-metadata app.kubernetes.io/part-of: Linkerd app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}} {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }} name: namespace-metadata namespace: {{.Release.Namespace}} spec: template: metadata: annotations: {{ include "partials.annotations.created-by" . }} linkerd.io/inject: disabled labels: linkerd.io/extension: multicluster app.kubernetes.io/name: namespace-metadata app.kubernetes.io/part-of: Linkerd app.kubernetes.io/version: {{default .Values.linkerdVersion .Values.cliVersion}} {{- with .Values.podLabels }}{{ toYaml . | trim | nindent 8 }}{{- end }} spec: {{- with .Values.namespaceMetadata.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} {{- with .Values.namespaceMetadata.tolerations }} tolerations: {{ toYaml . | nindent 6 }} {{- end }} restartPolicy: Never securityContext: seccompProfile: type: RuntimeDefault serviceAccountName: namespace-metadata containers: - name: namespace-metadata image: {{.Values.namespaceMetadata.image.registry}}/{{.Values.namespaceMetadata.image.name}}:{{.Values.namespaceMetadata.image.tag}} imagePullPolicy: {{.Values.namespaceMetadata.image.pullPolicy | default .Values.imagePullPolicy}} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: {{.Values.gateway.UID}} runAsGroup: {{.Values.gateway.GID}} seccompProfile: type: RuntimeDefault args: - --extension - multicluster - --namespace - {{.Release.Namespace}} - --linkerd-namespace - {{.Values.linkerdNamespace}} {{- end }}