apiVersion: v1
kind: Pod
metadata:
  annotations:
    container.seccomp.security.alpha.kubernetes.io/manager: runtime/default
  creationTimestamp: "2022-05-02T14:05:05Z"
  generateName: gatekeeper-controller-manager-86c55bf59d-
  labels:
    control-plane: controller-manager
    gatekeeper.sh/operation: webhook
    gatekeeper.sh/system: "yes"
    pod-template-hash: 86c55bf59d
  name: gatekeeper-controller-manager-86c55bf59d-8p6jc
  namespace: gatekeeper-system
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: gatekeeper-controller-manager-86c55bf59d
    uid: 41fc51e3-a3d0-49dc-93ac-89be458ec27a
  resourceVersion: "867"
  uid: 86fff81c-53b1-4372-b0bc-9ae1212fe052
spec:
  affinity:
    podAntiAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
      - podAffinityTerm:
          labelSelector:
            matchExpressions:
            - key: gatekeeper.sh/operation
              operator: In
              values:
              - webhook
          topologyKey: kubernetes.io/hostname
        weight: 100
  automountServiceAccountToken: true
  containers:
  - args:
    - --port=8443
    - --logtostderr
    - --exempt-namespace=gatekeeper-system
    - --operation=webhook
    - --operation=mutation-webhook
    - --disable-opa-builtin={http.send}
    command:
    - /manager
    env:
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.namespace
    - name: POD_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.name
    image: openpolicyagent/gatekeeper:v3.8.0
    imagePullPolicy: Always
    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /healthz
        port: 9090
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    name: manager
    ports:
    - containerPort: 8443
      name: webhook-server
      protocol: TCP
    - containerPort: 8888
      name: metrics
      protocol: TCP
    - containerPort: 9090
      name: healthz
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /readyz
        port: 9090
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    resources:
      limits:
        cpu: "1"
        memory: 512Mi
      requests:
        cpu: 100m
        memory: 256Mi
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - all
      readOnlyRootFilesystem: true
      runAsGroup: 999
      runAsNonRoot: true
      runAsUser: 1000
      seccompProfile:
        type: RuntimeDefault
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /certs
      name: cert
      readOnly: true
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-mmtz4
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: kind-worker2
  nodeSelector:
    kubernetes.io/os: linux
  preemptionPolicy: PreemptLowerPriority
  priority: 2000000000
  priorityClassName: system-cluster-critical
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: gatekeeper-admin
  serviceAccountName: gatekeeper-admin
  terminationGracePeriodSeconds: 60
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: cert
    secret:
      defaultMode: 420
      secretName: gatekeeper-webhook-server-cert
  - name: kube-api-access-mmtz4
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2022-05-02T14:05:25Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2022-05-02T14:05:35Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2022-05-02T14:05:35Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2022-05-02T14:05:25Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: containerd://f69467be7562aac9bfe73f9b127d26935648e4b573a3e544e2f1a0015d827d93
    image: docker.io/openpolicyagent/gatekeeper:v3.8.0
    imageID: docker.io/openpolicyagent/gatekeeper@sha256:6b5597d1cd5cdfed3f8bd9c63ff2c63312bb640001295ac82bef211841f9d0c1
    lastState: {}
    name: manager
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2022-05-02T14:05:29Z"
  hostIP: 172.18.0.3
  phase: Running
  podIP: 10.244.1.4
  podIPs:
  - ip: 10.244.1.4
  qosClass: Burstable
  startTime: "2022-05-02T14:05:25Z"