containers:
- args:
- --v=2
- --secure-port=10250
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
- --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: 6080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: cert-manager
ports:
- containerPort: 10250
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 6080
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
resources:
requests:
cpu: 50m
memory: 32Mi
securityContext:
allowPrivilegeEscalation: false
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-8sqc8
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: sed-infra-server-master-mcg58ax2-aa1e3892
nodeSelector:
kubernetes.io/os: linux
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
serviceAccount: cert-manager-webhook
serviceAccountName: cert-manager-webhook
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-8sqc8
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
cert-manager-webhook-6cb859d6d9-zj5n5
app: webhook
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.9.1
helm.sh/chart: cert-manager-v1.9.1
pod-template-hash: 6cb859d6d9
cni.projectcalico.org/podIP:
cni.projectcalico.org/podIPs:
Spec
Status
conditions:
- lastProbeTime: null
lastTransitionTime: '2024-04-28T13:45:15Z'
status: 'True'
type: Initialized
- lastProbeTime: null
lastTransitionTime: '2025-10-19T10:16:33Z'
status: 'True'
type: Ready
- lastProbeTime: null
lastTransitionTime: '2025-10-19T10:16:33Z'
status: 'True'
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: '2024-04-28T13:45:15Z'
status: 'True'
type: PodScheduled
containerStatuses:
- containerID: containerd://983bc99ccd64a71475d98faf6d631a2755beb50a5c6d6344a2d6f182e6a82a7b
image: quay.io/jetstack/cert-manager-webhook:v1.9.1
imageID: quay.io/jetstack/cert-manager-webhook@sha256:4ab2982a220e1c719473d52d8463508422ab26e92664732bfc4d96b538af6b8a
lastState:
terminated:
containerID: containerd://1276df6bdf559dc1879a085d7521d007d1f62e5b9eb03cb98ab3798a61c1d519
exitCode: 255
finishedAt: '2025-10-19T10:15:24Z'
reason: Unknown
startedAt: '2025-10-10T05:12:30Z'
name: cert-manager
ready: true
restartCount: 14
started: true
state:
running:
startedAt: '2025-10-19T10:15:41Z'
hostIP: 192.168.1.3
phase: Running
podIP: 172.18.117.237
podIPs:
- ip: 172.18.117.237
qosClass: Burstable
startTime: '2024-04-28T13:45:15Z'
Events
| Type | Reason | Age | From | Message |
|---|---|---|---|---|
| No events found. | ||||