2021-02-26 21:25:43 +00:00
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
2020-12-18 00:46:15 +00:00
apiVersion : batch/v1
kind : Job
metadata :
name : {{ template "kube-prometheus-stack.fullname" . }}-admission-create
namespace : {{ template "kube-prometheus-stack.namespace" . }}
annotations :
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
labels :
app : {{ template "kube-prometheus-stack.name" $ }}-admission-create
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
spec :
{{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }}
# Alpha feature since k8s 1.12
ttlSecondsAfterFinished : 0
{{- end }}
template :
metadata :
name : {{ template "kube-prometheus-stack.fullname" . }}-admission-create
{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }}
annotations :
{{ toYaml . | indent 8 }}
{{- end }}
labels :
app : {{ template "kube-prometheus-stack.name" $ }}-admission-create
{{- include "kube-prometheus-stack.labels" $ | indent 8 }}
spec :
{{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
priorityClassName : {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }}
{{- end }}
containers :
- name : create
{{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
image : {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }}
{{- else }}
image : {{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}
{{- end }}
imagePullPolicy : {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }}
args :
- create
- --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc
- --namespace={{ template "kube-prometheus-stack.namespace" . }}
- --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission
resources :
{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }}
restartPolicy : OnFailure
serviceAccountName : {{ template "kube-prometheus-stack.fullname" . }}-admission
{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }}
nodeSelector :
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }}
affinity :
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }}
tolerations :
{{ toYaml . | indent 8 }}
{{- end }}
securityContext :
runAsGroup : 2000
runAsNonRoot : true
runAsUser : 2000
{{- end }}