191 lines
4.6 KiB
YAML
191 lines
4.6 KiB
YAML
{{- $cacrt := "" -}}
|
|
{{- $crt := "" -}}
|
|
{{- $key := "" -}}
|
|
{{- $s := (lookup "v1" "Secret" .Release.Namespace "speedscale-webhook-certs") -}}
|
|
{{- if $s -}}
|
|
{{- $cacrt = index $s.data "ca.crt" | default (index $s.data "tls.crt") | b64dec -}}
|
|
{{- $crt = index $s.data "tls.crt" | b64dec -}}
|
|
{{- $key = index $s.data "tls.key" | b64dec -}}
|
|
{{ else }}
|
|
{{- $altNames := list ( printf "speedscale-operator.%s" .Release.Namespace ) ( printf "speedscale-operator.%s.svc" .Release.Namespace ) -}}
|
|
{{- $ca := genCA "speedscale-operator" 3650 -}}
|
|
{{- $cert := genSignedCert "speedscale-operator" nil $altNames 3650 $ca -}}
|
|
{{- $cacrt = $ca.Cert -}}
|
|
{{- $crt = $cert.Cert -}}
|
|
{{- $key = $cert.Key -}}
|
|
{{- end -}}
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: MutatingWebhookConfiguration
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: speedscale-operator
|
|
annotations:
|
|
argocd.argoproj.io/hook: PreSync
|
|
{{- if .Values.globalAnnotations }}
|
|
{{ toYaml .Values.globalAnnotations | indent 4}}
|
|
{{- end }}
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
caBundle: {{ $cacrt | b64enc }}
|
|
service:
|
|
name: speedscale-operator
|
|
namespace: {{ .Release.Namespace }}
|
|
path: /mutate
|
|
failurePolicy: Ignore
|
|
name: sidecar.speedscale.com
|
|
{{- if .Values.namespaceSelector }}
|
|
namespaceSelector:
|
|
matchExpressions:
|
|
- key: kubernetes.io/metadata.name
|
|
operator: "In"
|
|
values:
|
|
{{- range .Values.namespaceSelector }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
{{- else }}
|
|
namespaceSelector: {}
|
|
{{- end }}
|
|
reinvocationPolicy: IfNeeded
|
|
rules:
|
|
- apiGroups:
|
|
- apps
|
|
- batch
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- deployments
|
|
- statefulsets
|
|
- daemonsets
|
|
- jobs
|
|
- replicasets
|
|
- apiGroups:
|
|
- ""
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- pods
|
|
sideEffects: None
|
|
timeoutSeconds: 10
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: MutatingWebhookConfiguration
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: speedscale-operator-replay
|
|
annotations:
|
|
argocd.argoproj.io/hook: PreSync
|
|
{{- if .Values.globalAnnotations }}
|
|
{{ toYaml .Values.globalAnnotations | indent 4}}
|
|
{{- end }}
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
caBundle: {{ $cacrt | b64enc }}
|
|
service:
|
|
name: speedscale-operator
|
|
namespace: {{ .Release.Namespace }}
|
|
path: /mutate-speedscale-com-v1-trafficreplay
|
|
failurePolicy: Fail
|
|
name: replay.speedscale.com
|
|
{{- if .Values.namespaceSelector }}
|
|
namespaceSelector:
|
|
matchExpressions:
|
|
- key: kubernetes.io/metadata.name
|
|
operator: "In"
|
|
values:
|
|
{{- range .Values.namespaceSelector }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
{{- else }}
|
|
namespaceSelector: {}
|
|
{{- end }}
|
|
rules:
|
|
- apiGroups:
|
|
- speedscale.com
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- trafficreplays
|
|
sideEffects: None
|
|
timeoutSeconds: 10
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingWebhookConfiguration
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: speedscale-operator-replay
|
|
annotations:
|
|
argocd.argoproj.io/hook: PreSync
|
|
{{- if .Values.globalAnnotations }}
|
|
{{ toYaml .Values.globalAnnotations | indent 4}}
|
|
{{- end }}
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
caBundle: {{ $cacrt | b64enc }}
|
|
service:
|
|
name: speedscale-operator
|
|
namespace: {{ .Release.Namespace }}
|
|
path: /validate-speedscale-com-v1-trafficreplay
|
|
failurePolicy: Fail
|
|
name: replay.speedscale.com
|
|
{{- if .Values.namespaceSelector }}
|
|
namespaceSelector:
|
|
matchExpressions:
|
|
- key: kubernetes.io/metadata.name
|
|
operator: "In"
|
|
values:
|
|
{{- range .Values.namespaceSelector }}
|
|
- {{ . | quote }}
|
|
{{- end }}
|
|
{{- else }}
|
|
namespaceSelector: {}
|
|
{{- end }}
|
|
rules:
|
|
- apiGroups:
|
|
- speedscale.com
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- trafficreplays
|
|
sideEffects: None
|
|
timeoutSeconds: 10
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
annotations:
|
|
helm.sh/hook: pre-install
|
|
helm.sh/hook-delete-policy: before-hook-creation
|
|
{{- if .Values.globalAnnotations }}
|
|
{{ toYaml .Values.globalAnnotations | indent 4}}
|
|
{{- end }}
|
|
creationTimestamp: null
|
|
name: speedscale-webhook-certs
|
|
namespace: {{ .Release.Namespace }}
|
|
type: kubernetes.io/tls
|
|
data:
|
|
ca.crt: {{ $cacrt | b64enc }}
|
|
tls.crt: {{ $crt | b64enc }}
|
|
tls.key: {{ $key | b64enc }}
|