k8s-and-chill/rendered/envs/production/cert-manager/job-cert-manager-startupapicheck.yaml

apiVersion: batch/v1
kind: Job
metadata:
  annotations:
    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
    helm.sh/hook: post-install
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    helm.sh/hook-weight: "1"
  labels:
    app: startupapicheck
    app.kubernetes.io/component: startupapicheck
    app.kubernetes.io/instance: cert-manager
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: startupapicheck
    app.kubernetes.io/version: v1.17.2
    helm.sh/chart: cert-manager-v1.17.2
  name: cert-manager-startupapicheck
  namespace: cert-manager
spec:
  backoffLimit: 4
  template:
    metadata:
      labels:
        app: startupapicheck
        app.kubernetes.io/component: startupapicheck
        app.kubernetes.io/instance: cert-manager
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: startupapicheck
        app.kubernetes.io/version: v1.17.2
        helm.sh/chart: cert-manager-v1.17.2
    spec:
      containers:
        - args:
            - check
            - api
            - --wait=1m
            - -v
          env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          image: quay.io/jetstack/cert-manager-startupapicheck:v1.17.2
          imagePullPolicy: IfNotPresent
          name: cert-manager-startupapicheck
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
      enableServiceLinks: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      serviceAccountName: cert-manager-startupapicheck