github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/test/kubernetes/gvisor-injection-admission-webhook.yaml

github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/test/kubernetes/gvisor-injection-admission-webhook.yaml (about)

     1  # Copyright 2020 The gVisor Authors.
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #     http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  ---
    16  apiVersion: v1
    17  kind: Namespace
    18  metadata:
    19    name: e2e
    20    labels:
    21      name: e2e
    22  ---
    23  apiVersion: v1
    24  kind: ServiceAccount
    25  metadata:
    26    name: gvisor-injection-admission-webhook
    27    namespace: e2e
    28  ---
    29  apiVersion: rbac.authorization.k8s.io/v1
    30  kind: ClusterRole
    31  metadata:
    32    name: gvisor-injection-admission-webhook
    33  rules:
    34  - apiGroups: [ admissionregistration.k8s.io ]
    35    resources: [ mutatingwebhookconfigurations ]
    36    verbs: [ create ]
    37  ---
    38  apiVersion: rbac.authorization.k8s.io/v1
    39  kind: ClusterRoleBinding
    40  metadata:
    41    name: gvisor-injection-admission-webhook
    42    namespace: e2e
    43  roleRef:
    44    apiGroup: rbac.authorization.k8s.io
    45    kind: ClusterRole
    46    name: gvisor-injection-admission-webhook
    47  subjects:
    48  - kind: ServiceAccount
    49    name: gvisor-injection-admission-webhook
    50    namespace: e2e
    51  ---
    52  apiVersion: apps/v1
    53  kind: Deployment
    54  metadata:
    55    name: gvisor-injection-admission-webhook
    56    namespace: e2e
    57    labels:
    58      app: gvisor-injection-admission-webhook
    59  spec:
    60    replicas: 1
    61    selector:
    62      matchLabels:
    63        app: gvisor-injection-admission-webhook
    64    template:
    65      metadata:
    66        labels:
    67          app: gvisor-injection-admission-webhook
    68      spec:
    69        containers:
    70        - name: webhook
    71          image: gcr.io/gke-gvisor/gvisor-injection-admission-webhook:54ce9bd
    72          args:
    73          - --log-level=debug
    74          ports:
    75          - containerPort: 8443
    76        serviceAccountName: gvisor-injection-admission-webhook
    77  ---
    78  kind: Service
    79  apiVersion: v1
    80  metadata:
    81    name: gvisor-injection-admission-webhook
    82    namespace: e2e
    83  spec:
    84    selector:
    85      app: gvisor-injection-admission-webhook
    86    ports:
    87    - protocol: TCP
    88      port: 443
    89      targetPort: 8443