Google Git
Sign in
apache / yunikorn-release / 4a603530e3c8c692f6b12fa3d307a851b2b13152 / . / helm-charts / yunikorn / templates / admission-controller-deployment.yaml
blob: defc06d9ee3423b1fe33ce708b9393997ca1bb59 [file] [log] [blame]
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{ if .Values.embedAdmissionController }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: yunikorn-admission-controller
labels:
app: yunikorn
chart: {{ include "yunikorn.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
{{- if .Values.admissionController.hostNetwork }}
strategy:
type: Recreate
{{- end }}
replicas: {{ .Values.admissionController.replicaCount }}
selector:
matchLabels:
app: yunikorn
component: yunikorn-admission-controller
release: {{ .Release.Name }}
template:
metadata:
name: yunikorn-admission-controller
labels:
app: yunikorn
component: yunikorn-admission-controller
release: {{ .Release.Name }}
{{- with .Values.admissionController.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.admissionController.hostNetwork }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
serviceAccountName: {{ .Values.admissionController.serviceAccount }}
{{- with .Values.admissionController.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.admissionController.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.admissionController.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.admissionController.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: yunikorn-admission-controller
image: "{{ .Values.admissionController.image.repository }}:{{ .Values.admissionController.image.tag }}"
imagePullPolicy: {{ .Values.admissionController.image.pullPolicy }}
resources:
requests:
cpu: {{ .Values.admissionController.resources.requests.cpu }}
memory: {{ .Values.admissionController.resources.requests.memory }}
limits:
cpu: {{ .Values.admissionController.resources.limits.cpu }}
memory: {{ .Values.admissionController.resources.limits.memory }}
volumeMounts:
- name: admission-controller-secrets
mountPath: /run/secrets/webhook
readOnly: true
env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- containerPort: 9089
name: webhook-api
startupProbe:
httpGet:
scheme: HTTPS
path: /health
port: webhook-api
failureThreshold: 30
periodSeconds: 10
readinessProbe:
httpGet:
scheme: HTTPS
path: /health
port: webhook-api
periodSeconds: 5
failureThreshold: 3
volumes:
- name: admission-controller-secrets
secret:
secretName: admission-controller-secrets
{{ end }}