kubernetes-handbook/manifests/charts/oam-core-resources/templates/oam-local-webhooks.yaml

{{- if .Values.useWebhook -}}
---
apiVersion: v1
kind: Service
metadata:
  name: {{ include "oam-core-resources.fullname" . }}
  labels:
    {{- include "oam-core-resources.labels" . | nindent 4 }}
spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: 9443
      protocol: TCP
      name: http
  selector:
    {{- include "oam-core-resources.selectorLabels" . | nindent 4 }}

---
# The following manifests contain a self-signed issuer CR and a certificate CR.
# More document can be found at https://docs.cert-manager.io
# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for breaking changes
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: {{ .Values.certificate.issuerName | quote  }}
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: {{ .Values.certificate.certificateName }}
spec:
  dnsNames:
  - {{ include "oam-core-resources.fullname" . }}.{{ .Release.Namespace }}.svc
  - {{ include "oam-core-resources.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
  issuerRef:
    kind: Issuer
    name: {{ .Values.certificate.issuerName  | default "selfsigned-issuer" | quote  }}
  secretName: {{ .Values.certificate.secretName | quote }}


---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
  creationTimestamp: null
  name: validating-webhook-configuration
  annotations:
    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.certificate.certificateName }}
webhooks:
- clientConfig:
    caBundle: Cg==
    service:
      name: {{ include "oam-core-resources.fullname" . }}
      namespace: {{ .Release.Namespace }}
      path: /validate-core-oam-dev-v1alpha2-manualscalertrait
      port: {{ .Values.service.port }}
  name: manualscalertrait.validate.core.oam.dev
  rules:
  - apiGroups:
    - core.oam.dev
    apiVersions:
    - v1alpha2
    operations:
    - CREATE
    - UPDATE
    resources:
    - manualscalertraits
  failurePolicy: Fail
  sideEffects: None
  admissionReviewVersions: ["v1", "v1beta1"]
  timeoutSeconds: 5

---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
  creationTimestamp: null
  name: mutating-webhook-configuration
  annotations:
    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.certificate.certificateName }}
webhooks:
- clientConfig:
    caBundle: Cg==
    service:
      name: {{ include "oam-core-resources.fullname" . }}
      namespace: {{ .Release.Namespace }}
      path: /mutate-core-oam-dev-v1alpha2-manualscalertrait
      port: {{ .Values.service.port }}
  name: manualscalertrait.mutate.core.oam.dev
  rules:
    - apiGroups:
        - core.oam.dev
      apiVersions:
        - v1alpha2
      operations:
        - CREATE
        - UPDATE
      resources:
        - manualscalertraits
  failurePolicy: Fail
  sideEffects: None
  admissionReviewVersions: ["v1", "v1beta1"]
  timeoutSeconds: 5
{{- end -}}
add crossplane 2020-06-23 21:21:19 +08:00			`{{- if .Values.useWebhook -}}`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: {{ include "oam-core-resources.fullname" . }}`
			`labels:`
			`{{- include "oam-core-resources.labels" . \| nindent 4 }}`
			`spec:`
			`type: {{ .Values.service.type }}`
			`ports:`
			`- port: {{ .Values.service.port }}`
			`targetPort: 9443`
			`protocol: TCP`
			`name: http`
			`selector:`
			`{{- include "oam-core-resources.selectorLabels" . \| nindent 4 }}`

			`---`
			`# The following manifests contain a self-signed issuer CR and a certificate CR.`
			`# More document can be found at https://docs.cert-manager.io`
			`# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for breaking changes`
			`apiVersion: cert-manager.io/v1alpha2`
			`kind: Issuer`
			`metadata:`
			`name: {{ .Values.certificate.issuerName \| quote }}`
			`spec:`
			`selfSigned: {}`
			`---`
			`apiVersion: cert-manager.io/v1alpha2`
			`kind: Certificate`
			`metadata:`
			`name: {{ .Values.certificate.certificateName }}`
			`spec:`
			`dnsNames:`
			`- {{ include "oam-core-resources.fullname" . }}.{{ .Release.Namespace }}.svc`
			`- {{ include "oam-core-resources.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local`
			`issuerRef:`
			`kind: Issuer`
			`name: {{ .Values.certificate.issuerName \| default "selfsigned-issuer" \| quote }}`
			`secretName: {{ .Values.certificate.secretName \| quote }}`


			`---`
			`apiVersion: admissionregistration.k8s.io/v1beta1`
			`kind: ValidatingWebhookConfiguration`
			`metadata:`
			`creationTimestamp: null`
			`name: validating-webhook-configuration`
			`annotations:`
			`cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.certificate.certificateName }}`
			`webhooks:`
			`- clientConfig:`
			`caBundle: Cg==`
			`service:`
			`name: {{ include "oam-core-resources.fullname" . }}`
			`namespace: {{ .Release.Namespace }}`
			`path: /validate-core-oam-dev-v1alpha2-manualscalertrait`
			`port: {{ .Values.service.port }}`
			`name: manualscalertrait.validate.core.oam.dev`
			`rules:`
			`- apiGroups:`
			`- core.oam.dev`
			`apiVersions:`
			`- v1alpha2`
			`operations:`
			`- CREATE`
			`- UPDATE`
			`resources:`
			`- manualscalertraits`
			`failurePolicy: Fail`
			`sideEffects: None`
			`admissionReviewVersions: ["v1", "v1beta1"]`
			`timeoutSeconds: 5`

			`---`
			`apiVersion: admissionregistration.k8s.io/v1beta1`
			`kind: MutatingWebhookConfiguration`
			`metadata:`
			`creationTimestamp: null`
			`name: mutating-webhook-configuration`
			`annotations:`
			`cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.certificate.certificateName }}`
			`webhooks:`
			`- clientConfig:`
			`caBundle: Cg==`
			`service:`
			`name: {{ include "oam-core-resources.fullname" . }}`
			`namespace: {{ .Release.Namespace }}`
			`path: /mutate-core-oam-dev-v1alpha2-manualscalertrait`
			`port: {{ .Values.service.port }}`
			`name: manualscalertrait.mutate.core.oam.dev`
			`rules:`
			`- apiGroups:`
			`- core.oam.dev`
			`apiVersions:`
			`- v1alpha2`
			`operations:`
			`- CREATE`
			`- UPDATE`
			`resources:`
			`- manualscalertraits`
			`failurePolicy: Fail`
			`sideEffects: None`
			`admissionReviewVersions: ["v1", "v1beta1"]`
			`timeoutSeconds: 5`
			`{{- end -}}`