mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-05-18 23:29:40 +00:00
59 lines
1.4 KiB
YAML
59 lines
1.4 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: work-webhook
|
|
labels:
|
|
app: work-webhook
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: work-webhook
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: work-webhook
|
|
spec:
|
|
serviceAccountName: work-webhook-sa
|
|
containers:
|
|
- name: work-webhook
|
|
image: quay.io/open-cluster-management/work:latest
|
|
imagePullPolicy: IfNotPresent
|
|
args:
|
|
- "/work"
|
|
- "webhook-server"
|
|
- "port=9443"
|
|
# enable NilExecutorValidating for e2e
|
|
- "--feature-gates=NilExecutorValidating=true"
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
runAsNonRoot: true
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
scheme: HTTP
|
|
port: 8000
|
|
initialDelaySeconds: 2
|
|
periodSeconds: 10
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
scheme: HTTP
|
|
port: 8000
|
|
initialDelaySeconds: 2
|
|
ports:
|
|
- containerPort: 9443
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
|
name: webhook-secret
|
|
readOnly: true
|
|
volumes:
|
|
- name: webhook-secret
|
|
secret:
|
|
secretName: work-webhook-serving-cert
|