mirror of
https://gerrit.hackerspace.pl/hscloud
synced 2025-01-15 18:23:52 +00:00
cluster/kube: deploy admitomatic webhook
This has been (succesfully) tested on prod and then rolled back. Change-Id: I22657f66b4aeaa8a0ae452035ba18a79f4549b14
This commit is contained in:
parent
3c5d836c56
commit
41bbf1436a
3 changed files with 42 additions and 0 deletions
7
cluster/kube/k0-admitomatic.jsonnet
Normal file
7
cluster/kube/k0-admitomatic.jsonnet
Normal file
|
@ -0,0 +1,7 @@
|
|||
// Only the admitomatic instance in k0.
|
||||
|
||||
local k0 = (import "k0.libsonnet").k0;
|
||||
|
||||
{
|
||||
admitomatic: k0.admitomatic,
|
||||
}
|
|
@ -90,5 +90,35 @@ local prototext = import "../../../kube/prototext.libsonnet";
|
|||
svc: ns.Contain(kube.Service("admitomatic")) {
|
||||
target_pod:: env.daemonset.spec.template,
|
||||
},
|
||||
|
||||
webhook: kube.ValidatingWebhookConfiguration("admitomatic") {
|
||||
webhooks_: {
|
||||
"admitomatic.hswaw.net": {
|
||||
rules: [
|
||||
{
|
||||
apiGroups: ["networking.k8s.io"],
|
||||
apiVersions: ["v1", "v1beta1"],
|
||||
operations: ["CREATE", "UPDATE"],
|
||||
resources: ["ingresses"],
|
||||
scope: "Namespaced",
|
||||
}
|
||||
],
|
||||
clientConfig: {
|
||||
service: {
|
||||
namespace: env.svc.metadata.namespace,
|
||||
name: env.svc.metadata.name,
|
||||
port: 8443,
|
||||
path: "/webhook",
|
||||
},
|
||||
caBundle: std.base64(importstr "../../certs/ca-admitomatic.crt"),
|
||||
},
|
||||
failurePolicy: "Ignore",
|
||||
matchPolicy: "Equivalent",
|
||||
admissionReviewVersions: ["v1", "v1beta1"],
|
||||
sideEffects: "None",
|
||||
timeoutSeconds: 5,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
|
|
@ -17,6 +17,11 @@ kube {
|
|||
secret: { secretName: certificate.spec.secretName },
|
||||
},
|
||||
|
||||
ValidatingWebhookConfiguration(name): kube._Object("admissionregistration.k8s.io/v1", "ValidatingWebhookConfiguration", name) {
|
||||
webhooks_:: error "webhooks_ must be defined",
|
||||
webhooks: kube.mapToNamedList(self.webhooks_),
|
||||
},
|
||||
|
||||
# Add .Contain method to Namespaces, allowing for easy marking of particular
|
||||
# kube objects as contained in that namespace.
|
||||
Namespace(name): kube.Namespace(name) {
|
||||
|
|
Loading…
Reference in a new issue