73 lines
1.6 KiB
YAML
73 lines
1.6 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: inject-ds-webhook
|
|
namespace: gps-system
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: inject-ds-webhook
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: inject-ds-webhook
|
|
spec:
|
|
serviceAccountName: inject-ds-webhook
|
|
containers:
|
|
- name: webhook
|
|
image: REPO_PLACEHOLDER/webhook:latest
|
|
args:
|
|
- --target-namespace=gps-system
|
|
- --target-daemonsets=test-daemonset
|
|
ports:
|
|
- containerPort: 9443
|
|
name: webhook-api
|
|
volumeMounts:
|
|
- name: webhook-certs
|
|
mountPath: /tmp/k8s-webhook-server/serving-certs
|
|
readOnly: true
|
|
volumes:
|
|
- name: webhook-certs
|
|
secret:
|
|
secretName: inject-ds-webhook-certs
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: inject-ds-webhook
|
|
namespace: gps-system
|
|
spec:
|
|
ports:
|
|
- port: 443
|
|
targetPort: 9443
|
|
selector:
|
|
app: inject-ds-webhook
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: MutatingWebhookConfiguration
|
|
metadata:
|
|
name: inject-ds-webhook
|
|
webhooks:
|
|
- name: inject-ds.example.com
|
|
clientConfig:
|
|
service:
|
|
name: inject-ds-webhook
|
|
namespace: gps-system
|
|
path: "/mutate-pod"
|
|
caBundle: Cg==
|
|
rules:
|
|
- operations: ["CREATE"]
|
|
apiGroups: [""]
|
|
apiVersions: ["v1"]
|
|
resources: ["pods"]
|
|
admissionReviewVersions: ["v1"]
|
|
sideEffects: None
|
|
namespaceSelector:
|
|
matchLabels:
|
|
kubernetes.io/metadata.name: gps-system
|
|
objectSelector:
|
|
matchExpressions:
|
|
- key: app
|
|
operator: NotIn
|
|
values: ["inject-ds-webhook"] |