helm-charts/yunikorn/templates/admission-controller-deployment.yaml

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

{{ if .Values.embedAdmissionController }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: yunikorn-admission-controller
  labels:
    app: yunikorn
    chart: {{ include "yunikorn.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
spec:
  replicas: {{ .Values.admissionController.replicaCount }}
  selector:
    matchLabels:
      app: yunikorn
      component: yunikorn-admission-controller
      release: {{ .Release.Name }}
  template:
    metadata:
      name: yunikorn-admission-controller
      labels:
        app: yunikorn
        component: yunikorn-admission-controller
        release: {{ .Release.Name }}
    spec:
      serviceAccountName: {{ .Values.admissionController.serviceAccount }}
      {{- with .Values.admissionController.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.admissionController.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.admissionController.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      containers:
        - name: yunikorn-admission-controller
          image: "{{ .Values.admissionController.image.repository }}:{{ .Values.admissionController.image.tag }}"
          imagePullPolicy: {{ .Values.admissionController.image.pullPolicy }}
          resources:
            requests:
              cpu: {{ .Values.admissionController.resources.requests.cpu }}
              memory: {{ .Values.admissionController.resources.requests.memory }}
            limits:
              cpu: {{ .Values.admissionController.resources.limits.cpu }}
              memory: {{ .Values.admissionController.resources.limits.memory }}
          volumeMounts:
            - name: admission-controller-secrets
              mountPath: /run/secrets/webhook
              readOnly: true
          env:
          - name: POLICY_GROUP
            value: queues
          - name: ADMISSION_CONTROLLER_SERVICE
            value: yunikorn-admission-controller-service
          - name: ADMISSION_CONTROLLER_NAMESPACE_BLACKLIST
            value: "{{ .Values.admissionController.namespaceBlacklist }}"
          - name: SCHEDULER_SERVICE_ADDRESS
            value: "yunikorn-service:9080"
          - name: ENABLE_CONFIG_HOT_REFRESH
            value: "true"
          - name: ADMISSION_CONTROLLER_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          ports:
            - containerPort: 9089
              name: webhook-api
          startupProbe:
            httpGet:
              scheme: HTTPS
              path: /health
              port: webhook-api
            failureThreshold: 30
            periodSeconds: 10
          readinessProbe:
            httpGet:
              scheme: HTTPS
              path: /health
              port: webhook-api
            periodSeconds: 5
            failureThreshold: 3
      volumes:
      - name: admission-controller-secrets
        secret:
          secretName: admission-controller-secrets
{{ end }}