github.com/oam-dev/kubevela@v1.9.11/charts/vela-core/templates/cluster-gateway/job-patch.yaml (about) 1 {{- if and .Values.multicluster.enabled .Values.multicluster.clusterGateway.secureTLS.enabled (not .Values.multicluster.clusterGateway.secureTLS.certManager.enabled) }} 2 apiVersion: rbac.authorization.k8s.io/v1 3 kind: Role 4 metadata: 5 name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission 6 namespace: {{ .Release.Namespace }} 7 annotations: 8 "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 9 "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 10 labels: 11 app: {{ template "kubevela.name" . }}-cluster-gateway-admission 12 {{- include "kubevela.labels" . | nindent 4 }} 13 rules: 14 - apiGroups: 15 - "" 16 resources: 17 - secrets 18 verbs: 19 - get 20 - create 21 --- 22 apiVersion: rbac.authorization.k8s.io/v1 23 kind: RoleBinding 24 metadata: 25 name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission 26 namespace: {{ .Release.Namespace }} 27 annotations: 28 "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 29 "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 30 labels: 31 app: {{ template "kubevela.name" . }}-cluster-gateway-admission 32 {{- include "kubevela.labels" . | nindent 4 }} 33 roleRef: 34 apiGroup: rbac.authorization.k8s.io 35 kind: Role 36 name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission 37 subjects: 38 - kind: ServiceAccount 39 name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission 40 namespace: {{ .Release.Namespace }} 41 --- 42 apiVersion: v1 43 kind: ServiceAccount 44 metadata: 45 name: {{ template "kubevela.fullname" . }}-cluster-gateway-admission 46 namespace: {{ .Release.Namespace }} 47 annotations: 48 "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade 49 "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 50 labels: 51 app: {{ template "kubevela.name" . }}-cluster-gateway-admission 52 {{- include "kubevela.labels" . | nindent 4 }} 53 --- 54 apiVersion: batch/v1 55 kind: Job 56 metadata: 57 name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create 58 namespace: {{ .Release.Namespace }} 59 annotations: 60 "helm.sh/hook": pre-install,pre-upgrade 61 "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 62 labels: 63 app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create 64 {{- include "kubevela.labels" . | nindent 4 }} 65 spec: 66 {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} 67 # Alpha feature since k8s 1.12 68 ttlSecondsAfterFinished: 0 69 {{- end }} 70 template: 71 metadata: 72 name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create 73 labels: 74 app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-create 75 {{- include "kubevela.labels" . | nindent 8 }} 76 spec: 77 {{- with .Values.imagePullSecrets }} 78 imagePullSecrets: 79 {{- toYaml . | nindent 8 }} 80 {{- end }} 81 containers: 82 - name: create 83 image: {{ .Values.imageRegistry }}{{ .Values.admissionWebhooks.patch.image.repository }}:{{ .Values.admissionWebhooks.patch.image.tag }} 84 imagePullPolicy: {{ .Values.admissionWebhooks.patch.image.pullPolicy }} 85 args: 86 - create 87 - --host={{ .Release.Name }}-cluster-gateway-service,{{ .Release.Name }}-cluster-gateway-service.{{ .Release.Namespace }}.svc 88 - --namespace={{ .Release.Namespace }} 89 - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2 90 - --cert-name=tls.crt 91 - --key-name=tls.key 92 restartPolicy: OnFailure 93 serviceAccountName: {{ template "kubevela.fullname" . }}-cluster-gateway-admission 94 securityContext: 95 runAsGroup: 2000 96 runAsNonRoot: true 97 runAsUser: 2000 98 --- 99 apiVersion: batch/v1 100 kind: Job 101 metadata: 102 name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch 103 namespace: {{ .Release.Namespace }} 104 annotations: 105 "helm.sh/hook": post-install,post-upgrade 106 "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded 107 labels: 108 app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch 109 {{- include "kubevela.labels" . | nindent 4 }} 110 spec: 111 {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} 112 # Alpha feature since k8s 1.12 113 ttlSecondsAfterFinished: 0 114 {{- end }} 115 template: 116 metadata: 117 name: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch 118 labels: 119 app: {{ template "kubevela.fullname" . }}-cluster-gateway-tls-secret-patch 120 {{- include "kubevela.labels" . | nindent 8 }} 121 spec: 122 {{- with .Values.imagePullSecrets }} 123 imagePullSecrets: 124 {{- toYaml . | nindent 8 }} 125 {{- end }} 126 containers: 127 - name: patch 128 image: {{ .Values.imageRegistry }}{{ .Values.multicluster.clusterGateway.image.repository }}:{{ .Values.multicluster.clusterGateway.image.tag }} 129 imagePullPolicy: {{ .Values.multicluster.clusterGateway.image.pullPolicy }} 130 command: 131 - /patch 132 args: 133 - --secret-namespace={{ .Release.Namespace }} 134 - --secret-name={{ template "kubevela.fullname" . }}-cluster-gateway-tls-v2 135 restartPolicy: OnFailure 136 serviceAccountName: {{ include "kubevela.serviceAccountName" . }} 137 securityContext: 138 runAsGroup: 2000 139 runAsNonRoot: true 140 runAsUser: 2000 141 {{ end }}