新增learn-kubernetes(https://github.com/yyong-brs/learn-kubernetes)相关文件
This commit is contained in:
@@ -0,0 +1,48 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: admission-webhook
|
||||
labels:
|
||||
kiamol: ch16
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- port: 443
|
||||
targetPort: https
|
||||
selector:
|
||||
app: admission-webhook
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: admission-webhook
|
||||
labels:
|
||||
kiamol: ch16
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: admission-webhook
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: admission-webhook
|
||||
spec:
|
||||
containers:
|
||||
- name: admission-webhook
|
||||
image: kiamol/ch16-admission-webhook
|
||||
env:
|
||||
- name: USE_HTTPS
|
||||
value: "true"
|
||||
- name: PORT
|
||||
value: "8443"
|
||||
ports:
|
||||
- name: https
|
||||
containerPort: 8443
|
||||
volumeMounts:
|
||||
- name: certs
|
||||
mountPath: /run/secrets/tls
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: certs
|
||||
secret:
|
||||
secretName: admission-webhook-secret
|
||||
@@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
@@ -0,0 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: mutating-webhook
|
||||
description: Mutating webhook configuration
|
||||
type: application
|
||||
version: 1.0.0
|
||||
appVersion: 1.0.0
|
||||
@@ -0,0 +1,19 @@
|
||||
apiVersion: admissionregistration.k8s.io/v1beta1
|
||||
kind: MutatingWebhookConfiguration
|
||||
metadata:
|
||||
name: nonrootpolicy
|
||||
labels:
|
||||
kiamol: ch16
|
||||
webhooks:
|
||||
- name: nonrootpolicy.kiamol.net
|
||||
rules:
|
||||
- operations: [ "CREATE", "UPDATE" ]
|
||||
apiGroups: [""]
|
||||
apiVersions: ["v1"]
|
||||
resources: ["pods"]
|
||||
clientConfig:
|
||||
service:
|
||||
name: admission-webhook
|
||||
namespace: default
|
||||
path: "/mutate"
|
||||
caBundle: {{ .Values.caBundle }}
|
||||
@@ -0,0 +1,2 @@
|
||||
# base-64 encoded CA cert for the webhook server
|
||||
caBundle: TODO
|
||||
@@ -0,0 +1,23 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
@@ -0,0 +1,6 @@
|
||||
apiVersion: v2
|
||||
name: validating-webhook
|
||||
description: Validating webhook configuration
|
||||
type: application
|
||||
version: 1.0.0
|
||||
appVersion: 1.0.0
|
||||
@@ -0,0 +1,19 @@
|
||||
apiVersion: admissionregistration.k8s.io/v1beta1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: servicetokenpolicy
|
||||
labels:
|
||||
kiamol: ch16
|
||||
webhooks:
|
||||
- name: servicetokenpolicy.kiamol.net
|
||||
rules:
|
||||
- operations: [ "CREATE", "UPDATE" ]
|
||||
apiGroups: [""]
|
||||
apiVersions: ["v1"]
|
||||
resources: ["pods"]
|
||||
clientConfig:
|
||||
service:
|
||||
name: admission-webhook
|
||||
namespace: default
|
||||
path: "/validate"
|
||||
caBundle: {{ .Values.caBundle }}
|
||||
@@ -0,0 +1,2 @@
|
||||
# base-64 encoded CA cert for the webhook server
|
||||
caBundle: TODO
|
||||
Reference in New Issue
Block a user