forked from tektoncd/pipeline
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathwebhook.yaml
179 lines (178 loc) · 6.09 KB
/
webhook.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# Copyright 2020 The Tekton Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
# Note: the Deployment name must be the same as the Service name specified in
# config/400-webhook-service.yaml. If you change this name, you must also
# change the value of WEBHOOK_SERVICE_NAME below.
name: tekton-pipelines-webhook
namespace: tekton-pipelines
labels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: "devel"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "devel"
# labels below are related to istio and should not be used for resource lookup
version: "devel"
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
template:
metadata:
annotations:
cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
labels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: "devel"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "devel"
# labels below are related to istio and should not be used for resource lookup
app: tekton-pipelines-webhook
version: "devel"
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/os
operator: NotIn
values:
- windows
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines
topologyKey: kubernetes.io/hostname
weight: 100
serviceAccountName: tekton-pipelines-webhook
containers:
- name: webhook
# This is the Go import path for the binary that is containerized
# and substituted here.
image: ko://github.com/tektoncd/pipeline/cmd/webhook
# Resource request required for autoscaler to take any action for a metric
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 500m
memory: 500Mi
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# If you are changing these names, you will also need to update
# the webhook's Role in 200-role.yaml to include the new
# values in the "configmaps" "get" rule.
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability
- name: CONFIG_LEADERELECTION_NAME
value: config-leader-election
- name: WEBHOOK_SERVICE_NAME
value: tekton-pipelines-webhook
- name: WEBHOOK_SECRET_NAME
value: webhook-certs
- name: METRICS_DOMAIN
value: tekton.dev/pipeline
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
# User 65532 is the distroless nonroot user ID
runAsUser: 65532
runAsGroup: 65532
ports:
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
- name: https-webhook
containerPort: 8443
- name: probes
containerPort: 8080
livenessProbe:
httpGet:
path: /health
port: probes
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readiness
port: probes
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/version: "devel"
app.kubernetes.io/part-of: tekton-pipelines
# tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml
pipeline.tekton.dev/release: "devel"
# labels below are related to istio and should not be used for resource lookup
app: tekton-pipelines-webhook
version: "devel"
name: tekton-pipelines-webhook
namespace: tekton-pipelines
spec:
ports:
# Define metrics and profiling for them to be accessible within service meshes.
- name: http-metrics
port: 9090
targetPort: 9090
- name: http-profiling
port: 8008
targetPort: 8008
- name: https-webhook
port: 443
targetPort: 8443
- name: probes
port: 8080
selector:
app.kubernetes.io/name: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: default
app.kubernetes.io/part-of: tekton-pipelines