vynil/addons
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
unstable
addons/workflow/tekton-pipelines/apps_v1_Deployment_tekton-pipelines-webhook.yaml
Sébastien Huss 451fdb09fc Initial release
2024-03-20 06:56:44 +01:00

164 lines
6.7 KiB
YAML
Raw Permalink Blame History

# Copyright 2020 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
# Note: the Deployment name must be the same as the Service name specified in
# config/400-webhook-service.yaml. If you change this name, you must also
# change the value of WEBHOOK_SERVICE_NAME below.
name: tekton-pipelines-webhook
namespace: tekton-pipelines
labels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: "v0.57.0"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "v0.57.0"
# labels below are related to istio and should not be used for resource lookup
version: "v0.57.0"
spec:
selector:
matchLabels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
template:
metadata:
labels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: "v0.57.0"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "v0.57.0"
# labels below are related to istio and should not be used for resource lookup
app: tekton-pipelines-webhook
version: "v0.57.0"
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: NotIn
values:
- windows
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: tekton-pipelines-webhook
containers:
- name: webhook
# This is the Go import path for the binary that is containerized
# and substituted here.
image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.57.0@sha256:23cbd3301ff967151230f4fc2540110338ecf062583e6456d9dc905db9f08350
# Resource request required for autoscaler to take any action for a metric
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 500Mi
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# If you are changing these names, you will also need to update
# the webhook's Role in 200-role.yaml to include the new
# values in the "configmaps" "get" rule.
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability
- name: CONFIG_LEADERELECTION_NAME
value: config-leader-election-webhook
- name: CONFIG_FEATURE_FLAGS_NAME
value: feature-flags
# If you change PROBES_PORT, you will also need to change the
# containerPort "probes" to the same value.
- name: PROBES_PORT
value: "8080"
# If you change WEBHOOK_PORT, you will also need to change the
# containerPort "https-webhook" to the same value.
- name: WEBHOOK_PORT
value: "8443"
# if you change WEBHOOK_ADMISSION_CONTROLLER_NAME, you will also need to update
# the webhooks.name in 500-webhooks.yaml to include the new names of admission webhooks.
# Additionally, you will also need to change the resource names (metadata.name) of
# "MutatingWebhookConfiguration" and "ValidatingWebhookConfiguration" in 500-webhooks.yaml
# to reflect the change in the name of the admission webhook.
# Followed by changing the webhook's Role in 200-clusterrole.yaml to update the "resourceNames" of
# "mutatingwebhookconfigurations" and "validatingwebhookconfigurations" resources.
- name: WEBHOOK_ADMISSION_CONTROLLER_NAME
value: webhook.pipeline.tekton.dev
- name: WEBHOOK_SERVICE_NAME
value: tekton-pipelines-webhook
- name: WEBHOOK_SECRET_NAME
value: webhook-certs
- name: METRICS_DOMAIN
value: tekton.dev/pipeline
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
# User 65532 is the distroless nonroot user ID
runAsUser: 65532
runAsGroup: 65532
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
ports:
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
# This must match the value of the environment variable WEBHOOK_PORT.
- name: https-webhook
containerPort: 8443
# This must match the value of the environment variable PROBES_PORT.
- name: probes
containerPort: 8080
livenessProbe:
httpGet:
path: /health
port: probes
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readiness
port: probes
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
Reference in New Issue View Git Blame Copy Permalink