github.com/1aal/kubeblocks@v0.0.0-20231107070852-e1c03e598921/deploy/helm/templates/admission/webhookconfiguration.yaml (about) 1 {{- if .Values.admissionWebhooks.enabled }} 2 {{- $ca := genCA (printf "*.%s.svc" ( .Release.Namespace )) 36500 }} 3 {{- $svcName := (printf "%s.%s.svc" (include "kubeblocks.svcName" .) ( .Release.Namespace )) -}} 4 {{- $cert := genSignedCert $svcName nil (list $svcName (include "kubeblocks.svcName" .) (printf "%s.%s" (include "kubeblocks.svcName" .) ( .Release.Namespace ))) 36500 $ca -}} 5 {{- if .Values.admissionWebhooks.createSelfSignedCert }} 6 apiVersion: v1 7 kind: Secret 8 metadata: 9 name: {{ include "kubeblocks.fullname" . }}.{{ .Release.Namespace }}.svc.tls-ca 10 labels: 11 {{- include "kubeblocks.labels" . | nindent 4 }} 12 annotations: 13 self-signed-cert: "true" 14 type: kubernetes.io/tls 15 data: 16 tls.key: {{ $ca.Key | b64enc }} 17 tls.crt: {{ $ca.Cert | b64enc }} 18 --- 19 apiVersion: v1 20 kind: Secret 21 metadata: 22 name: {{ include "kubeblocks.fullname" . }}.{{ .Release.Namespace }}.svc.tls-pair 23 labels: {{ include "kubeblocks.labels" . | nindent 4 }} 24 annotations: 25 self-signed-cert: "true" 26 type: kubernetes.io/tls 27 data: 28 tls.key: {{ $cert.Key | b64enc }} 29 tls.crt: {{ $cert.Cert | b64enc }} 30 {{- end }} 31 --- 32 apiVersion: admissionregistration.k8s.io/v1 33 kind: MutatingWebhookConfiguration 34 metadata: 35 name: {{ include "kubeblocks.fullname" . }}-mutating-webhook-configuration 36 labels: 37 {{- include "kubeblocks.labels" . | nindent 4 }} 38 webhooks: 39 - admissionReviewVersions: 40 - v1 41 clientConfig: 42 service: 43 name: {{ include "kubeblocks.svcName" . }} 44 namespace: {{ .Release.Namespace }} 45 path: /mutate-apps-kubeblocks-io-v1alpha1-clusterdefinition 46 port: {{ .Values.service.port }} 47 {{- if .Values.admissionWebhooks.createSelfSignedCert }} 48 caBundle: {{ $ca.Cert | b64enc }} 49 {{- end }} 50 failurePolicy: Fail 51 name: mclusterdefinition.kb.io 52 rules: 53 - apiGroups: 54 - apps.kubeblocks.io 55 apiVersions: 56 - v1alpha1 57 operations: 58 - CREATE 59 - UPDATE 60 resources: 61 - clusterdefinitions 62 sideEffects: None 63 - admissionReviewVersions: 64 - v1 65 clientConfig: 66 service: 67 name: {{ include "kubeblocks.svcName" . }} 68 namespace: {{ .Release.Namespace }} 69 path: /mutate-workloads-kubeblocks-io-v1alpha1-replicatedstatemachine 70 port: {{ .Values.service.port }} 71 {{- if .Values.admissionWebhooks.createSelfSignedCert }} 72 caBundle: {{ $ca.Cert | b64enc }} 73 {{- end }} 74 failurePolicy: Fail 75 name: mreplicatedstatemachine.kb.io 76 rules: 77 - apiGroups: 78 - workloads.kubeblocks.io 79 apiVersions: 80 - v1alpha1 81 operations: 82 - CREATE 83 - UPDATE 84 resources: 85 - replicatedstatemachines 86 sideEffects: None 87 --- 88 apiVersion: admissionregistration.k8s.io/v1 89 kind: ValidatingWebhookConfiguration 90 metadata: 91 name: {{ include "kubeblocks.fullname" . }}-validating-webhook-configuration 92 labels: 93 {{- include "kubeblocks.labels" . | nindent 4 }} 94 webhooks: 95 - admissionReviewVersions: 96 - v1 97 clientConfig: 98 service: 99 name: {{ include "kubeblocks.svcName" . }} 100 namespace: {{ .Release.Namespace }} 101 path: /validate-apps-kubeblocks-io-v1alpha1-clusterversion 102 port: {{ .Values.service.port }} 103 {{- if .Values.admissionWebhooks.createSelfSignedCert }} 104 caBundle: {{ $ca.Cert | b64enc }} 105 {{- end }} 106 failurePolicy: Fail 107 name: vclusterversion.kb.io 108 rules: 109 - apiGroups: 110 - apps.kubeblocks.io 111 apiVersions: 112 - v1alpha1 113 operations: 114 - CREATE 115 - UPDATE 116 resources: 117 - clusterversions 118 sideEffects: None 119 - admissionReviewVersions: 120 - v1 121 clientConfig: 122 service: 123 name: {{ include "kubeblocks.svcName" . }} 124 namespace: {{ .Release.Namespace }} 125 path: /validate-apps-kubeblocks-io-v1alpha1-cluster 126 port: {{ .Values.service.port }} 127 {{- if .Values.admissionWebhooks.createSelfSignedCert }} 128 caBundle: {{ $ca.Cert | b64enc }} 129 {{- end }} 130 failurePolicy: Fail 131 name: vcluster.kb.io 132 rules: 133 - apiGroups: 134 - apps.kubeblocks.io 135 apiVersions: 136 - v1alpha1 137 operations: 138 - CREATE 139 - UPDATE 140 resources: 141 - clusters 142 sideEffects: None 143 - admissionReviewVersions: 144 - v1 145 clientConfig: 146 service: 147 name: {{ include "kubeblocks.svcName" . }} 148 namespace: {{ .Release.Namespace }} 149 path: /validate-apps-kubeblocks-io-v1alpha1-clusterdefinition 150 port: {{ .Values.service.port }} 151 {{- if .Values.admissionWebhooks.createSelfSignedCert }} 152 caBundle: {{ $ca.Cert | b64enc }} 153 {{- end }} 154 failurePolicy: Fail 155 name: vclusterdefinition.kb.io 156 rules: 157 - apiGroups: 158 - apps.kubeblocks.io 159 apiVersions: 160 - v1alpha1 161 operations: 162 - CREATE 163 - UPDATE 164 resources: 165 - clusterdefinitions 166 sideEffects: None 167 - admissionReviewVersions: 168 - v1 169 clientConfig: 170 service: 171 name: {{ include "kubeblocks.svcName" . }} 172 namespace: {{ .Release.Namespace }} 173 path: /validate-apps-kubeblocks-io-v1alpha1-opsrequest 174 port: {{ .Values.service.port }} 175 {{- if .Values.admissionWebhooks.createSelfSignedCert }} 176 caBundle: {{ $ca.Cert | b64enc }} 177 {{- end }} 178 failurePolicy: Fail 179 name: vopsrequest.kb.io 180 rules: 181 - apiGroups: 182 - apps.kubeblocks.io 183 apiVersions: 184 - v1alpha1 185 operations: 186 - CREATE 187 - UPDATE 188 resources: 189 - opsrequests 190 sideEffects: None 191 - admissionReviewVersions: 192 - v1 193 clientConfig: 194 service: 195 name: {{ include "kubeblocks.svcName" . }} 196 namespace: {{ .Release.Namespace }} 197 path: /validate-workloads-kubeblocks-io-v1alpha1-replicatedstatemachine 198 port: {{ .Values.service.port }} 199 {{- if .Values.admissionWebhooks.createSelfSignedCert }} 200 caBundle: {{ $ca.Cert | b64enc }} 201 {{- end }} 202 failurePolicy: Fail 203 name: vreplicatedstatemachine.kb.io 204 rules: 205 - apiGroups: 206 - workloads.kubeblocks.io 207 apiVersions: 208 - v1alpha1 209 operations: 210 - CREATE 211 - UPDATE 212 resources: 213 - replicatedstatemachines 214 sideEffects: None 215 {{- end }}