---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: cainjector
    app.kubernetes.io/component: cainjector
    app.kubernetes.io/instance: cert-manager
    app.kubernetes.io/name: cainjector
    app.kubernetes.io/version: v1.14.5
  name: cert-manager-cainjector
  namespace: cert-manager
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/component: cainjector
      app.kubernetes.io/instance: cert-manager
      app.kubernetes.io/name: cainjector
  template:
    metadata:
      labels:
        app: cainjector
        app.kubernetes.io/component: cainjector
        app.kubernetes.io/instance: cert-manager
        app.kubernetes.io/name: cainjector
        app.kubernetes.io/version: v1.14.5
    spec:
      containers:
        - args:
            - --v=2
            - --leader-election-namespace=kube-system
          env:
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          image: quay.io/jetstack/cert-manager-cainjector:v1.14.5
          imagePullPolicy: IfNotPresent
          name: cert-manager-cainjector
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            readOnlyRootFilesystem: true
      enableServiceLinks: false
      nodeSelector:
        kubernetes.io/os: linux
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      serviceAccountName: cert-manager-cainjector