sigs.k8s.io/gateway-api@v1.0.0/config/webhook/admission_webhook.yaml

sigs.k8s.io/gateway-api@v1.0.0/config/webhook/admission_webhook.yaml (about)

     1  apiVersion: admissionregistration.k8s.io/v1
     2  kind: ValidatingWebhookConfiguration
     3  metadata:
     4    name: gateway-api-admission
     5  webhooks:
     6  - name: validate.gateway.networking.k8s.io
     7    matchPolicy: Equivalent
     8    rules:
     9    - operations: [ "CREATE" , "UPDATE" ]
    10      apiGroups: [ "gateway.networking.k8s.io" ]
    11      apiVersions: [ "v1alpha2", "v1beta1" ]
    12      resources: [ "gateways", "gatewayclasses", "httproutes" ]
    13    failurePolicy: Fail
    14    sideEffects: None
    15    admissionReviewVersions:
    16    - v1
    17    clientConfig:
    18      service:
    19        name: gateway-api-admission-server
    20        namespace: gateway-system
    21        path: "/validate"
    22  ---
    23  apiVersion: v1
    24  kind: Service
    25  metadata:
    26    labels:
    27      name: gateway-api-webhook-server
    28    name: gateway-api-admission-server
    29    namespace: gateway-system
    30  spec:
    31    type: ClusterIP
    32    ports:
    33    - name: https-webhook
    34      port: 443
    35      targetPort: 8443
    36    selector:
    37      name: gateway-api-admission-server
    38  ---
    39  apiVersion: apps/v1
    40  kind: Deployment
    41  metadata:
    42    name: gateway-api-admission-server
    43    namespace: gateway-system
    44    labels:
    45      name: gateway-api-admission-server
    46  spec:
    47    replicas: 1
    48    selector:
    49      matchLabels:
    50        name: gateway-api-admission-server
    51    template:
    52      metadata:
    53        name: gateway-api-admission-server
    54        labels:
    55          name: gateway-api-admission-server
    56      spec:
    57        containers:
    58        - name: webhook
    59          image: registry.k8s.io/gateway-api/admission-server:v1.0.0-rc1
    60          imagePullPolicy: IfNotPresent
    61          args:
    62          - -logtostderr
    63          - --tlsCertFile=/etc/certs/cert
    64          - --tlsKeyFile=/etc/certs/key
    65          - -v=10
    66          - 2>&1
    67          ports:
    68          - containerPort: 8443
    69            name: webhook
    70          resources:
    71            limits:
    72              memory: 50Mi
    73              cpu: 100m
    74            requests:
    75              memory: 50Mi
    76              cpu: 100m
    77          volumeMounts:
    78          - name: webhook-certs
    79            mountPath: /etc/certs
    80            readOnly: true
    81          securityContext:
    82            allowPrivilegeEscalation: false
    83            readOnlyRootFilesystem: true
    84            runAsNonRoot: true
    85            runAsUser: 65532
    86            runAsGroup: 65532
    87            capabilities:
    88              drop:
    89              - "ALL"
    90            seccompProfile:
    91              type: RuntimeDefault
    92        volumes:
    93        - name: webhook-certs
    94          secret:
    95            secretName: gateway-api-admission