apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager namespace: system spec: template: spec: containers: - name: manager args: - "--metrics-addr=127.0.0.1:8080" - "--webhook-port=9443" ports: - containerPort: 9443 name: webhook-server protocol: TCP volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true volumes: - name: cert secret: defaultMode: 420 secretName: $(SERVICE_NAME)-cert