nhyatt/mutating-webhook
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updates to k8s objects

Browse Source
This commit is contained in:
Hyatt 2023-03-26 11:00:55 -05:00
parent a205b07037
commit b7b88162ad
Signed by: nhyatt
GPG Key ID: C50D0BBB5BC40BEA
4 changed files with 36 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
k8s/configmap.yaml
View File

@ -1,4 +1,3 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
@ -16,3 +15,13 @@ data:
- goharbor/redis-photon
- goharbor/registry-photon
- goharbor/trivy-adapter-photon
kubernetes:
namespace: ingress-nginx
service-name: webhook
certificate-authority:
certificate: |
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
private-key: |
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

3
k8s/daemonset.yaml
View File

@ -1,8 +1,7 @@
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: mutating-webhool
name: mutating-webhook
labels:
app: mutating-webhook
spec:

1
k8s/service.yaml
View File

@ -1,4 +1,3 @@
---
apiVersion: v1
kind: Service
metadata:

38
k8s/webhook.yaml
View File

@ -1,18 +1,30 @@
---
apiVersion: admissionregistration.k8s.io/v1beta1
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: pod-mutation
webhooks:
- name: pod-mutation.default.svc
clientConfig:
service:
name: webhook
namespace: default
path: "/api/v1/mutate/pod"
rules:
- operations: ["CREATE", ]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
failurePolicy: Ignore
- name: pod-mutation.ingress-nginx.svc
clientConfig:
service:
name: webhook
namespace: ingress-nginx
path: "/api/v1/mutate/pod"
port: 443
caBundle: Base64 encoded Certificate Authority PEM file
rules:
- operations:
- "CREATE"
- "UPDATE"
apiVersions:
- "*"
apiGroups:
- "*"
resources:
- "pods/*"
scope: "Namespaced"
sideEffects: None
admissionReviewVersions:
- "v1"
failurePolicy: Ignore