apiVersion: apps/v1 kind: Deployment metadata: labels: {{- include "nexus-operator.labels" . | nindent 4 }} {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} name: {{ .Values.name }} spec: replicas: 1 selector: matchLabels: name: {{ .Values.name }} template: metadata: labels: name: {{ .Values.name }} spec: serviceAccountName: edp-{{ .Values.name }} securityContext: runAsNonRoot: true containers: - name: {{ .Values.name }} # Replace this with the built image name image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }} ports: - containerPort: 9443 name: webhook-server protocol: TCP volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true imagePullPolicy: "{{ .Values.imagePullPolicy }}" command: - /manager securityContext: allowPrivilegeEscalation: false env: - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: cert secret: defaultMode: 420 secretName: edp-nexus-operator-webhook-certs