| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| {{ if .Values.embedAdmissionController }} |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: yunikorn-admission-controller |
| labels: |
| app: yunikorn |
| chart: {{ include "yunikorn.chart" . }} |
| release: {{ .Release.Name }} |
| heritage: {{ .Release.Service }} |
| spec: |
| {{- if .Values.admissionController.hostNetwork }} |
| strategy: |
| type: Recreate |
| {{- end }} |
| replicas: {{ .Values.admissionController.replicaCount }} |
| selector: |
| matchLabels: |
| app: yunikorn |
| component: yunikorn-admission-controller |
| release: {{ .Release.Name }} |
| template: |
| metadata: |
| name: yunikorn-admission-controller |
| labels: |
| app: yunikorn |
| component: yunikorn-admission-controller |
| release: {{ .Release.Name }} |
| {{- with .Values.admissionController.podLabels }} |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| spec: |
| {{- if .Values.admissionController.hostNetwork }} |
| hostNetwork: true |
| dnsPolicy: ClusterFirstWithHostNet |
| {{- end }} |
| {{- if .Values.imagePullSecrets }} |
| imagePullSecrets: |
| {{- range .Values.imagePullSecrets }} |
| - name: {{ . }} |
| {{- end }} |
| {{- end }} |
| serviceAccountName: {{ .Values.admissionController.serviceAccount }} |
| {{- with .Values.admissionController.nodeSelector }} |
| nodeSelector: |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| {{- with .Values.admissionController.affinity }} |
| affinity: |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| {{- with .Values.admissionController.priorityClassName }} |
| priorityClassName: {{ . }} |
| {{- end }} |
| {{- with .Values.admissionController.tolerations }} |
| tolerations: |
| {{- toYaml . | nindent 8 }} |
| {{- end }} |
| containers: |
| - name: yunikorn-admission-controller |
| image: "{{ .Values.admissionController.image.repository }}:{{ .Values.admissionController.image.tag }}" |
| imagePullPolicy: {{ .Values.admissionController.image.pullPolicy }} |
| resources: |
| requests: |
| cpu: {{ .Values.admissionController.resources.requests.cpu }} |
| memory: {{ .Values.admissionController.resources.requests.memory }} |
| limits: |
| cpu: {{ .Values.admissionController.resources.limits.cpu }} |
| memory: {{ .Values.admissionController.resources.limits.memory }} |
| volumeMounts: |
| - name: admission-controller-secrets |
| mountPath: /run/secrets/webhook |
| readOnly: true |
| env: |
| - name: NAMESPACE |
| valueFrom: |
| fieldRef: |
| fieldPath: metadata.namespace |
| ports: |
| - containerPort: 9089 |
| name: webhook-api |
| startupProbe: |
| httpGet: |
| scheme: HTTPS |
| path: /health |
| port: webhook-api |
| failureThreshold: 30 |
| periodSeconds: 10 |
| readinessProbe: |
| httpGet: |
| scheme: HTTPS |
| path: /health |
| port: webhook-api |
| periodSeconds: 5 |
| failureThreshold: 3 |
| volumes: |
| - name: admission-controller-secrets |
| secret: |
| secretName: admission-controller-secrets |
| {{ end }} |