apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "gcore-webhook.fullname" . }} labels: {{ include "gcore-webhook.labels" . | indent 4 }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app.kubernetes.io/name: {{ include "gcore-webhook.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "gcore-webhook.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} spec: serviceAccountName: {{ include "gcore-webhook.fullname" . }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - --tls-cert-file=/tls/tls.crt - --tls-private-key-file=/tls/tls.key - --secure-port={{ default 443 .Values.pod.securePort }} env: - name: GROUP_NAME value: {{ .Values.groupName | quote }} ports: - name: https containerPort: {{ default 443 .Values.pod.securePort }} protocol: TCP livenessProbe: httpGet: scheme: HTTPS path: /healthz port: https readinessProbe: httpGet: scheme: HTTPS path: /healthz port: https volumeMounts: - name: certs mountPath: /tls readOnly: true resources: {{- toYaml .Values.resources | nindent 12 }} volumes: - name: certs secret: secretName: {{ include "gcore-webhook.servingCertificate" . }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}