apiVersion: batch/v1 kind: Job metadata: labels: component: admission-webhook app: ingress-nginx name: ingress-nginx-admission-create namespace: ingress-nginx spec: template: metadata: labels: component: admission-webhook app: ingress-nginx name: ingress-nginx-admission-create spec: containers: - args: - create - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - --namespace=$(POD_NAMESPACE) - --secret-name=ingress-nginx-admission env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: registry.cn-hangzhou.aliyuncs.com/zhengyu1992/kube-webhook-certgen:v1.4.3 #image: harbor.uenpay.com/base/kube-webhook-certgen:v1.4.3 imagePullPolicy: IfNotPresent name: create securityContext: allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure securityContext: fsGroup: 2000 runAsNonRoot: true runAsUser: 2000 serviceAccountName: ingress-nginx-admission --- apiVersion: batch/v1 kind: Job metadata: labels: component: admission-webhook app: ingress-nginx name: ingress-nginx-admission-patch namespace: ingress-nginx spec: template: metadata: labels: component: admission-webhook app: ingress-nginx name: ingress-nginx-admission-patch spec: containers: - args: - patch - --webhook-name=ingress-nginx-admission - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - --secret-name=ingress-nginx-admission - --patch-failure-policy=Fail env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: registry.cn-hangzhou.aliyuncs.com/zhengyu1992/kube-webhook-certgen:v1.4.3 #image: harbor.uenpay.com/base/kube-webhook-certgen:v1.4.3 imagePullPolicy: IfNotPresent name: patch securityContext: allowPrivilegeEscalation: false nodeSelector: kubernetes.io/os: linux restartPolicy: OnFailure securityContext: fsGroup: 2000 runAsNonRoot: true runAsUser: 2000 serviceAccountName: ingress-nginx-admission