smartxworks/kopilot

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kopilot-webhook
  namespace: kopilot-system
spec:
  selector:
    matchLabels:
      name: kopilot-webhook
  template:
    metadata:
      labels:
        name: kopilot-webhook
    spec:
      serviceAccountName: kopilot-webhook
      containers:
        - name: kopilot-webhook
          image: kopilot-webhook
          ports:
            - containerPort: 9443
          volumeMounts:
            - name: cert
              mountPath: /tmp/k8s-webhook-server/serving-certs
              readOnly: true
      volumes:
        - name: cert
          secret:
            secretName: kopilot-webhook-cert
            defaultMode: 420
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kopilot-webhook
  namespace: kopilot-system
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: kopilot-webhook-cert
  namespace: kopilot-system
spec:
  issuerRef:
    kind: Issuer
    name: kopilot-cert-issuer
  dnsNames:
    - kopilot-webhook.kopilot-system.svc
    - kopilot-webhook.kopilot-system.svc.cluster.local
  secretName: kopilot-webhook-cert
---
apiVersion: v1
kind: Service
metadata:
  name: kopilot-webhook
  namespace: kopilot-system
spec:
  selector:
    name: kopilot-webhook
  ports:
    - port: 443
      targetPort: 9443