---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: snapshot-validation-deployment
  namespace: default # NOTE: change the namespace
  labels:
    app.kubernetes.io/name: snapshot-validation
spec:
  replicas: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: snapshot-validation
  template:
    metadata:
      labels:
        app.kubernetes.io/name: snapshot-validation
    spec:
      serviceAccountName: snapshot-webhook
      containers:
      - name: snapshot-validation
        image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.3.1 # change the image if you wish to use your own custom validation server image
        imagePullPolicy: IfNotPresent
        args:
        - '--tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt'
        - '--tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key'
        # uncomment the following line to enable webhook for VolumeGroupSnapshot, VolumeGroupSnapshotContent and VolumeGroupSnapshotClass.
        # - '--enable-volume-group-snapshot-webhook'
        ports:
        - containerPort: 443 # change the port as needed
        volumeMounts:
          - name: snapshot-validation-webhook-certs
            mountPath: /etc/snapshot-validation-webhook/certs
            readOnly: true
      volumes:
        - name: snapshot-validation-webhook-certs
          secret:
            secretName: snapshot-validation-secret
---
apiVersion: v1
kind: Service
metadata:
  name: snapshot-validation-service
  namespace: default # NOTE: change the namespace
spec:
  selector:
    app.kubernetes.io/name: snapshot-validation
  ports:
    - protocol: TCP
      port: 443 # Change if needed
      targetPort: 443 # Change if the webserver image expects a different port