gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/test/kubernetes/gvisor-injection-admission-webhook.yaml.in

gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/test/kubernetes/gvisor-injection-admission-webhook.yaml.in (about)

     1  # Copyright 2020 The gVisor Authors.
     2  #
     3  # Licensed under the Apache License, Version 2.0 (the "License");
     4  # you may not use this file except in compliance with the License.
     5  # You may obtain a copy of the License at
     6  #
     7  #     http://www.apache.org/licenses/LICENSE-2.0
     8  #
     9  # Unless required by applicable law or agreed to in writing, software
    10  # distributed under the License is distributed on an "AS IS" BASIS,
    11  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  # See the License for the specific language governing permissions and
    13  # limitations under the License.
    14  
    15  ---
    16  apiVersion: v1
    17  kind: Namespace
    18  metadata:
    19    name: e2e
    20    labels:
    21      name: e2e
    22  ---
    23  apiVersion: v1
    24  kind: ServiceAccount
    25  metadata:
    26    name: gvisor-injection-admission-webhook
    27    namespace: e2e
    28  ---
    29  apiVersion: rbac.authorization.k8s.io/v1
    30  kind: ClusterRole
    31  metadata:
    32    name: gvisor-injection-admission-webhook
    33  rules:
    34  - apiGroups: [ admissionregistration.k8s.io ]
    35    resources: [ mutatingwebhookconfigurations ]
    36    verbs: [ create ]
    37  ---
    38  apiVersion: rbac.authorization.k8s.io/v1
    39  kind: ClusterRoleBinding
    40  metadata:
    41    name: gvisor-injection-admission-webhook
    42    namespace: e2e
    43  roleRef:
    44    apiGroup: rbac.authorization.k8s.io
    45    kind: ClusterRole
    46    name: gvisor-injection-admission-webhook
    47  subjects:
    48  - kind: ServiceAccount
    49    name: gvisor-injection-admission-webhook
    50    namespace: e2e
    51  ---
    52  apiVersion: apps/v1
    53  kind: Deployment
    54  metadata:
    55    name: gvisor-injection-admission-webhook
    56    namespace: e2e
    57    labels:
    58      app: gvisor-injection-admission-webhook
    59  spec:
    60    replicas: 1
    61    selector:
    62      matchLabels:
    63        app: gvisor-injection-admission-webhook
    64    template:
    65      metadata:
    66        labels:
    67          app: gvisor-injection-admission-webhook
    68      spec:
    69        volumes:
    70          - name: certs
    71            emptyDir: {}
    72        initContainers:
    73        - name: generate-certs
    74          image: %INIT%
    75          workingDir: /certs
    76          volumeMounts:
    77          - name: certs
    78            mountPath: /certs
    79        containers:
    80        - name: webhook
    81          image: %WEBHOOK%
    82          workingDir: /certs
    83          volumeMounts:
    84          - name: certs
    85            mountPath: /certs
    86          args:
    87          - --log-level=debug
    88          ports:
    89          - containerPort: 8443
    90        serviceAccountName: gvisor-injection-admission-webhook
    91  ---
    92  kind: Service
    93  apiVersion: v1
    94  metadata:
    95    name: gvisor-injection-admission-webhook
    96    namespace: e2e
    97  spec:
    98    selector:
    99      app: gvisor-injection-admission-webhook
   100    ports:
   101    - protocol: TCP
   102      port: 443
   103      targetPort: 8443