apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" meta.helm.sh/release-name: cert-manager meta.helm.sh/release-namespace: cert-manager creationTimestamp: "2026-04-07T12:52:32Z" generation: 1 labels: app: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook app.kubernetes.io/version: v1.11.5 helm.sh/chart: cert-manager-v1.11.5 name: cert-manager-webhook namespace: cert-manager resourceVersion: "1141" uid: f29f538b-4d15-41b4-adc1-da788c6a57e2 spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/name: webhook strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: creationTimestamp: null labels: app: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook app.kubernetes.io/version: v1.11.5 helm.sh/chart: cert-manager-v1.11.5 spec: containers: - args: - --v=2 - --secure-port=10250 - --feature-gates=AdditionalCertificateOutputFormats=true - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - --dynamic-serving-dns-names=cert-manager-webhook - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE) - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc - --feature-gates=AdditionalCertificateOutputFormats=true env: - name: POD_NAMESPACE valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.namespace image: harbor.atmosphere.dev/quay.io/jetstack/cert-manager-webhook:v1.12.17 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 httpGet: path: /livez port: 6080 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 name: cert-manager-webhook ports: - containerPort: 10250 name: https protocol: TCP - containerPort: 6080 name: healthcheck protocol: TCP readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 6080 scheme: HTTP initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 1 resources: {} securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst nodeSelector: kubernetes.io/os: linux openstack-control-plane: enabled restartPolicy: Always schedulerName: default-scheduler securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault serviceAccount: cert-manager-webhook serviceAccountName: cert-manager-webhook terminationGracePeriodSeconds: 30 status: availableReplicas: 1 conditions: - lastTransitionTime: "2026-04-07T12:52:43Z" lastUpdateTime: "2026-04-07T12:52:43Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available - lastTransitionTime: "2026-04-07T12:52:32Z" lastUpdateTime: "2026-04-07T12:52:43Z" message: ReplicaSet "cert-manager-webhook-548949fc64" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing observedGeneration: 1 readyReplicas: 1 replicas: 1 updatedReplicas: 1