mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-04-27 11:31:05 +00:00
4c58478536
Move the f15be37d9bef58a0128bcba006f8abb3ea13e8da version of scripts required for openshift-ci from "kata-containers/tests/.ci/openshift-ci" into "kata-containers/kata-containers/ci/openshift-ci" and required webhook+libs into "kata-containers/kata-containers/tools/testing" as is to simplify verification, the different location handling will be added in following commit. Signed-off-by: Lukáš Doktor <ldoktor@redhat.com>
70 lines
1.7 KiB
YAML
70 lines
1.7 KiB
YAML
# Copyright (c) 2019 Intel Corporation
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: pod-annotate-webhook
|
|
labels:
|
|
app: pod-annotate-webhook
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: pod-annotate-webhook
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: pod-annotate-webhook
|
|
spec:
|
|
containers:
|
|
- name: pod-annotate-webhook
|
|
image: quay.io/kata-containers/kata-webhook-example:latest
|
|
imagePullPolicy: Always
|
|
env:
|
|
- name: RUNTIME_CLASS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: kata-webhook
|
|
key: runtime_class
|
|
optional: true
|
|
args:
|
|
- -tls-cert-file=/etc/webhook/certs/cert.pem
|
|
- -tls-key-file=/etc/webhook/certs/key.pem
|
|
- -exclude-namespaces=rook-ceph-system,rook-ceph
|
|
volumeMounts:
|
|
- name: webhook-certs
|
|
mountPath: /etc/webhook/certs
|
|
readOnly: true
|
|
resources:
|
|
requests:
|
|
cpu: "100m"
|
|
memory: "250Mi"
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
runAsNonRoot: true
|
|
runAsUser: 1000
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
volumes:
|
|
- name: webhook-certs
|
|
secret:
|
|
secretName: pod-annotate-webhook-certs
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: pod-annotate-webhook
|
|
labels:
|
|
app: pod-annotate-webhook
|
|
spec:
|
|
ports:
|
|
- port: 443
|
|
targetPort: 8080
|
|
selector:
|
|
app: pod-annotate-webhook
|