diff --git a/k8s/configmap.yaml b/k8s/configmap.yaml index 9f0aa41..9a1f7ca 100644 --- a/k8s/configmap.yaml +++ b/k8s/configmap.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: ConfigMap metadata: @@ -16,3 +15,13 @@ data: - goharbor/redis-photon - goharbor/registry-photon - goharbor/trivy-adapter-photon + kubernetes: + namespace: ingress-nginx + service-name: webhook + certificate-authority: + certificate: | + -----BEGIN CERTIFICATE----- + -----END CERTIFICATE----- + private-key: | + -----BEGIN RSA PRIVATE KEY----- + -----END RSA PRIVATE KEY----- diff --git a/k8s/daemonset.yaml b/k8s/daemonset.yaml index 0dbf692..c233bce 100644 --- a/k8s/daemonset.yaml +++ b/k8s/daemonset.yaml @@ -1,8 +1,7 @@ ---- apiVersion: apps/v1 kind: DaemonSet metadata: - name: mutating-webhool + name: mutating-webhook labels: app: mutating-webhook spec: diff --git a/k8s/service.yaml b/k8s/service.yaml index f5b054c..f251123 100644 --- a/k8s/service.yaml +++ b/k8s/service.yaml @@ -1,4 +1,3 @@ ---- apiVersion: v1 kind: Service metadata: diff --git a/k8s/webhook.yaml b/k8s/webhook.yaml index 946fed2..e3f0627 100644 --- a/k8s/webhook.yaml +++ b/k8s/webhook.yaml @@ -1,18 +1,30 @@ --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: pod-mutation webhooks: - - name: pod-mutation.default.svc - clientConfig: - service: - name: webhook - namespace: default - path: "/api/v1/mutate/pod" - rules: - - operations: ["CREATE", ] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Ignore \ No newline at end of file +- name: pod-mutation.ingress-nginx.svc + clientConfig: + service: + name: webhook + namespace: ingress-nginx + path: "/api/v1/mutate/pod" + port: 443 + caBundle: Base64 encoded Certificate Authority PEM file + rules: + - operations: + - "CREATE" + - "UPDATE" + apiVersions: + - "*" + apiGroups: + - "*" + resources: + - "pods/*" + scope: "Namespaced" + sideEffects: None + admissionReviewVersions: + - "v1" + failurePolicy: Ignore +