volcano.sh/volcano@v1.9.0/installer/helm/chart/volcano/templates/webhooks.yaml (about) 1 {{- if .Values.custom.admission_enable }} 2 3 {{- if .Values.custom.enabled_admissions | regexMatch "/pods/mutate" }} 4 apiVersion: admissionregistration.k8s.io/v1 5 kind: MutatingWebhookConfiguration 6 metadata: 7 name: volcano-admission-service-pods-mutate 8 webhooks: 9 - admissionReviewVersions: 10 - v1 11 clientConfig: 12 service: 13 name: {{ .Release.Name }}-admission-service 14 namespace: {{ .Release.Namespace }} 15 path: /pods/mutate 16 port: 443 17 failurePolicy: Fail 18 matchPolicy: Equivalent 19 name: mutatepod.volcano.sh 20 namespaceSelector: 21 matchExpressions: 22 - key: kubernetes.io/metadata.name 23 operator: NotIn 24 values: 25 - {{ .Release.Namespace }} 26 - kube-system 27 {{- if .Values.custom.webhooks_namespace_selector_expressions }} 28 {{- toYaml .Values.custom.webhooks_namespace_selector_expressions | nindent 8 }} 29 {{- end }} 30 objectSelector: {} 31 reinvocationPolicy: Never 32 rules: 33 - apiGroups: 34 - "" 35 apiVersions: 36 - v1 37 operations: 38 - CREATE 39 resources: 40 - pods 41 scope: '*' 42 sideEffects: NoneOnDryRun 43 timeoutSeconds: 10 44 {{- end }} 45 46 {{- if .Values.custom.enabled_admissions | regexMatch "/queues/mutate" }} 47 --- 48 apiVersion: admissionregistration.k8s.io/v1 49 kind: MutatingWebhookConfiguration 50 metadata: 51 name: volcano-admission-service-queues-mutate 52 webhooks: 53 - admissionReviewVersions: 54 - v1 55 clientConfig: 56 service: 57 name: {{ .Release.Name }}-admission-service 58 namespace: {{ .Release.Namespace }} 59 path: /queues/mutate 60 port: 443 61 failurePolicy: Fail 62 matchPolicy: Equivalent 63 name: mutatequeue.volcano.sh 64 namespaceSelector: 65 matchExpressions: 66 - key: kubernetes.io/metadata.name 67 operator: NotIn 68 values: 69 - {{ .Release.Namespace }} 70 - kube-system 71 {{- if .Values.custom.webhooks_namespace_selector_expressions }} 72 {{- toYaml .Values.custom.webhooks_namespace_selector_expressions | nindent 8 }} 73 {{- end }} 74 objectSelector: {} 75 reinvocationPolicy: Never 76 rules: 77 - apiGroups: 78 - scheduling.volcano.sh 79 apiVersions: 80 - v1beta1 81 operations: 82 - CREATE 83 resources: 84 - queues 85 scope: '*' 86 sideEffects: NoneOnDryRun 87 timeoutSeconds: 10 88 {{- end }} 89 90 91 {{- if .Values.custom.enabled_admissions | regexMatch "/podgroups/mutate" }} 92 --- 93 apiVersion: admissionregistration.k8s.io/v1 94 kind: MutatingWebhookConfiguration 95 metadata: 96 name: volcano-admission-service-podgroups-mutate 97 webhooks: 98 - admissionReviewVersions: 99 - v1 100 clientConfig: 101 service: 102 name: {{ .Release.Name }}-admission-service 103 namespace: {{ .Release.Namespace }} 104 path: /podgroups/mutate 105 port: 443 106 failurePolicy: Fail 107 matchPolicy: Equivalent 108 name: mutatepodgroup.volcano.sh 109 namespaceSelector: 110 matchExpressions: 111 - key: kubernetes.io/metadata.name 112 operator: NotIn 113 values: 114 - {{ .Release.Namespace }} 115 - kube-system 116 {{- if .Values.custom.webhooks_namespace_selector_expressions }} 117 {{- toYaml .Values.custom.webhooks_namespace_selector_expressions | nindent 8 }} 118 {{- end }} 119 objectSelector: {} 120 reinvocationPolicy: Never 121 rules: 122 - apiGroups: 123 - scheduling.volcano.sh 124 apiVersions: 125 - v1beta1 126 operations: 127 - CREATE 128 resources: 129 - podgroups 130 scope: '*' 131 sideEffects: NoneOnDryRun 132 timeoutSeconds: 10 133 {{- end }} 134 135 136 {{- if .Values.custom.enabled_admissions | regexMatch "/jobs/mutate" }} 137 --- 138 apiVersion: admissionregistration.k8s.io/v1 139 kind: MutatingWebhookConfiguration 140 metadata: 141 name: volcano-admission-service-jobs-mutate 142 webhooks: 143 - admissionReviewVersions: 144 - v1 145 clientConfig: 146 service: 147 name: {{ .Release.Name }}-admission-service 148 namespace: {{ .Release.Namespace }} 149 path: /jobs/mutate 150 port: 443 151 failurePolicy: Fail 152 matchPolicy: Equivalent 153 name: mutatejob.volcano.sh 154 namespaceSelector: 155 matchExpressions: 156 - key: kubernetes.io/metadata.name 157 operator: NotIn 158 values: 159 - {{ .Release.Namespace }} 160 - kube-system 161 {{- if .Values.custom.webhooks_namespace_selector_expressions }} 162 {{- toYaml .Values.custom.webhooks_namespace_selector_expressions | nindent 8 }} 163 {{- end }} 164 objectSelector: {} 165 reinvocationPolicy: Never 166 rules: 167 - apiGroups: 168 - batch.volcano.sh 169 apiVersions: 170 - v1alpha1 171 operations: 172 - CREATE 173 resources: 174 - jobs 175 scope: '*' 176 sideEffects: NoneOnDryRun 177 timeoutSeconds: 10 178 {{- end }} 179 180 181 {{- if .Values.custom.enabled_admissions | regexMatch "/jobs/validate" }} 182 --- 183 apiVersion: admissionregistration.k8s.io/v1 184 kind: ValidatingWebhookConfiguration 185 metadata: 186 name: volcano-admission-service-jobs-validate 187 webhooks: 188 - admissionReviewVersions: 189 - v1 190 clientConfig: 191 service: 192 name: {{ .Release.Name }}-admission-service 193 namespace: {{ .Release.Namespace }} 194 path: /jobs/validate 195 port: 443 196 failurePolicy: Fail 197 matchPolicy: Equivalent 198 name: validatejob.volcano.sh 199 namespaceSelector: 200 matchExpressions: 201 - key: kubernetes.io/metadata.name 202 operator: NotIn 203 values: 204 - {{ .Release.Namespace }} 205 - kube-system 206 {{- if .Values.custom.webhooks_namespace_selector_expressions }} 207 {{- toYaml .Values.custom.webhooks_namespace_selector_expressions | nindent 8 }} 208 {{- end }} 209 objectSelector: {} 210 rules: 211 - apiGroups: 212 - batch.volcano.sh 213 apiVersions: 214 - v1alpha1 215 operations: 216 - CREATE 217 - UPDATE 218 resources: 219 - jobs 220 scope: '*' 221 sideEffects: NoneOnDryRun 222 timeoutSeconds: 10 223 {{- end }} 224 225 226 {{- if .Values.custom.enabled_admissions | regexMatch "/pods/validate" }} 227 --- 228 apiVersion: admissionregistration.k8s.io/v1 229 kind: ValidatingWebhookConfiguration 230 metadata: 231 name: volcano-admission-service-pods-validate 232 webhooks: 233 - admissionReviewVersions: 234 - v1 235 clientConfig: 236 service: 237 name: {{ .Release.Name }}-admission-service 238 namespace: {{ .Release.Namespace }} 239 path: /pods/validate 240 port: 443 241 failurePolicy: Fail 242 matchPolicy: Equivalent 243 name: validatepod.volcano.sh 244 namespaceSelector: 245 matchExpressions: 246 - key: kubernetes.io/metadata.name 247 operator: NotIn 248 values: 249 - {{ .Release.Namespace }} 250 - kube-system 251 {{- if .Values.custom.webhooks_namespace_selector_expressions }} 252 {{- toYaml .Values.custom.webhooks_namespace_selector_expressions | nindent 8 }} 253 {{- end }} 254 objectSelector: {} 255 rules: 256 - apiGroups: 257 - "" 258 apiVersions: 259 - v1 260 operations: 261 - CREATE 262 resources: 263 - pods 264 scope: '*' 265 sideEffects: NoneOnDryRun 266 timeoutSeconds: 10 267 {{- end }} 268 269 270 {{- if .Values.custom.enabled_admissions | regexMatch "/queues/validate" }} 271 --- 272 apiVersion: admissionregistration.k8s.io/v1 273 kind: ValidatingWebhookConfiguration 274 metadata: 275 name: volcano-admission-service-queues-validate 276 webhooks: 277 - admissionReviewVersions: 278 - v1 279 clientConfig: 280 service: 281 name: {{ .Release.Name }}-admission-service 282 namespace: {{ .Release.Namespace }} 283 path: /queues/validate 284 port: 443 285 failurePolicy: Fail 286 matchPolicy: Equivalent 287 name: validatequeue.volcano.sh 288 namespaceSelector: 289 matchExpressions: 290 - key: kubernetes.io/metadata.name 291 operator: NotIn 292 values: 293 - {{ .Release.Namespace }} 294 - kube-system 295 {{- if .Values.custom.webhooks_namespace_selector_expressions }} 296 {{- toYaml .Values.custom.webhooks_namespace_selector_expressions | nindent 8 }} 297 {{- end }} 298 objectSelector: {} 299 rules: 300 - apiGroups: 301 - scheduling.volcano.sh 302 apiVersions: 303 - v1beta1 304 operations: 305 - CREATE 306 - UPDATE 307 - DELETE 308 resources: 309 - queues 310 scope: '*' 311 sideEffects: NoneOnDryRun 312 timeoutSeconds: 10 313 {{- end }} 314 {{- end }}