| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| {{ if .Values.embedAdmissionController }} |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: yunikorn-admission-controller |
| labels: |
| app: yunikorn |
| chart: {{ include "yunikorn.chart" . }} |
| release: {{ .Release.Name }} |
| heritage: {{ .Release.Service }} |
| spec: |
| replicas: {{ .Values.admissionController.replicaCount }} |
| selector: |
| matchLabels: |
| app: yunikorn |
| component: yunikorn-admission-controller |
| release: {{ .Release.Name }} |
| template: |
| metadata: |
| name: yunikorn-admission-controller |
| labels: |
| app: yunikorn |
| component: yunikorn-admission-controller |
| release: {{ .Release.Name }} |
| spec: |
| serviceAccountName: {{ .Values.admissionController.serviceAccount }} |
| {{- with .Values.admissionController.nodeSelector }} |
| nodeSelector: |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| {{- with .Values.admissionController.affinity }} |
| affinity: |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| {{- with .Values.admissionController.tolerations }} |
| tolerations: |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| containers: |
| - name: yunikorn-admission-controller |
| image: "{{ .Values.admissionController.image.repository }}:{{ .Values.admissionController.image.tag }}" |
| imagePullPolicy: {{ .Values.admissionController.image.pullPolicy }} |
| resources: |
| requests: |
| cpu: {{ .Values.admissionController.resources.requests.cpu }} |
| memory: {{ .Values.admissionController.resources.requests.memory }} |
| limits: |
| cpu: {{ .Values.admissionController.resources.limits.cpu }} |
| memory: {{ .Values.admissionController.resources.limits.memory }} |
| volumeMounts: |
| - name: admission-controller-secrets |
| mountPath: /run/secrets/webhook |
| readOnly: true |
| env: |
| - name: POLICY_GROUP |
| value: queues |
| - name: ADMISSION_CONTROLLER_SERVICE |
| value: yunikorn-admission-controller-service |
| - name: ADMISSION_CONTROLLER_NAMESPACE_BLACKLIST |
| value: "{{ .Values.admissionController.namespaceBlacklist }}" |
| - name: SCHEDULER_SERVICE_ADDRESS |
| value: "yunikorn-service:9080" |
| - name: ENABLE_CONFIG_HOT_REFRESH |
| value: "true" |
| - name: ADMISSION_CONTROLLER_NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| ports: |
| - containerPort: 9089 |
| name: webhook-api |
| startupProbe: |
| httpGet: |
| scheme: HTTPS |
| path: /health |
| port: webhook-api |
| failureThreshold: 30 |
| periodSeconds: 10 |
| readinessProbe: |
| httpGet: |
| scheme: HTTPS |
| path: /health |
| port: webhook-api |
| periodSeconds: 5 |
| failureThreshold: 3 |
| volumes: |
| - name: admission-controller-secrets |
| secret: |
| secretName: admission-controller-secrets |
| {{ end }} |