fix: deploy registry

cmd/deploy.go

@@ -17,10 +17,6 @@ import (
 	"go.uber.org/zap"
 )
 
-func init() {
-	rootCmd.AddCommand(deoplyCmd)
-}
-
 //go:embed deploy.yaml
 var template string
 
@@ -54,7 +50,7 @@ var deoplyCmd = &cobra.Command{
 			Type:  "CERTIFICATE",
 			Bytes: cert,
 		})))
-		template = strings.ReplaceAll(template, "KEY", base64.StdEncoding.EncodeToString(pem.EncodeToMemory(&pem.Block{
+		template = strings.ReplaceAll(template, "KEY_PEM", base64.StdEncoding.EncodeToString(pem.EncodeToMemory(&pem.Block{
 			Type:  "RSA PRIVATE KEY",
 			Bytes: x509.MarshalPKCS1PrivateKey(key),
 		})))

cmd/deploy.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: APP
-          image: gitlab.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:latest
+          image: registry.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:latest
           imagePullPolicy: Always
           args:
             - --tls-cert-file-path=/etc/webhook/certs/cert.pem

deploy.yml

@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: default
+  namespace: default
+  labels:
+    app: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: default
+  template:
+    metadata:
+      labels:
+        app: default
+    spec:
+      containers:
+        - name: default
+          image: gitlab.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:latest
+          imagePullPolicy: Always
+          args:
+            - --tls-cert-file-path=/etc/webhook/certs/cert.pem
+            - --tls-key-file-path=/etc/webhook/certs/key.pem
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: default-certs
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: default
+  namespace: default
+  labels:
+    app: default
+spec:
+  ports:
+  - name: http
+    port: 443
+    targetPort: 8080
+  - name: metrics
+    port: 8081
+    targetPort: 8081
+  selector:
+    app: default
+---
+# File autogenerated by ./scripts/gen-certs.sh
+apiVersion: v1
+data:
+  cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhhZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFlTVJ3d0dnWURWUVFERXhOa1pXWmgKZFd4MExtUmxabUYxYkhRdWMzWmpNQjRYRFRJek1EY3lNakEzTWpBek4xb1hEVEkwTURjeU1UQTNNakF6TjFvdwpIakVjTUJvR0ExVUVBeE1UWkdWbVlYVnNkQzVrWldaaGRXeDBMbk4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCCkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1iT0RMQnVSdXhPMWRYQm5uVU9EcFFMTXUxd0lKejk5ZTFvOWR1UHVEYzAKSlR3c0MySFM4VWZ0RGZmL01WdEFiYldxVS9USE9mTjV5VjBTNnFBZVIva0k0KytXZjV6bWxIdXpFdzZCbU5WegpuV1BpNlEwN1REUDIvcGJ6R1lQY2VYR3BpSjB1WWlKbW0rRmxBeG5nLytNMzFUdEMwYkJ5VW5STnUyZnRFQ3gxClBDUkM5VTVpUGNKMTZDcUN5aittREVuMm1XREZyTzMrdU9NQVI1emZaYlN4OVp2ZzVNVCtFbmhkdTZlOGtNWGUKTk12UEorazNOMXR5SDlZVUswSVJLNWxZdEJIOVFNVlFsTU9nVEZvdEZVZFlaWm9JaDN3OEFjdVlkZ1pHdGVaWAp1REFNckdHYmdxTnFDRDJNcnVYbVdZM0Qxemh6a3dvaXlQOWc0WUYwR0U4Q0F3RUFBYU4zTUhVd0RnWURWUjBQCkFRSC9CQVFEQWdLRU1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKSFFZRFZSME9CQllFRkZvMnpweGdqK051Tng4WGxHdDJCcWU3TUhERU1CNEdBMVVkRVFRWE1CV0NFMlJsWm1GMQpiSFF1WkdWbVlYVnNkQzV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFY0NTWUR2QkxvTWZ0L1Z5Rk1zCmp0aWtJUmRPQlBuUFpFaFlsZU9iYjgwTmRIRUxSNEE2N1o0MzF0ZXBDQzZ1c1pDTE5zS3o4QnNrN2VtK0pCc2YKclZ2WWJGNkpjWnN5bjhMRXNKWWtLTHB4SHdzUGZNM3YrRUNFSXR3UjZEcVBqWHNIdnNlZk93cDN3ZkgrWjZrNQpmSHVNVitqaUpNa3BrQWdwMjlSUzhSdkpDbkpHay9BdWRNdzB6RWZqUlZOcU1FWUtBVXhFcVRVMWhvYWExV2xyCmxpMC9tQVVjbkdqK2JGcFl0S251REhFRGlwVjJSY1U4TmxtM1VydE1lMUJGTG5MRjEzbEtEZTUzYTF2aHZQcHcKS0dLczUyY3NPMWdFZlovUDlzbmJnZFMzNWpJZjVZMVFQSHp1Zkppd3U2VlpxTENPeVBXSkpnWXdxM0wwL203SgpYVG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+  key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeHM0TXNHNUc3RTdWMWNHZWRRNE9sQXN5N1hBZ25QMzE3V2oxMjQrNE56UWxQQ3dMCllkTHhSKzBOOS84eFcwQnR0YXBUOU1jNTgzbkpYUkxxb0I1SCtRamo3NVovbk9hVWU3TVREb0dZMVhPZFkrTHAKRFR0TU0vYitsdk1aZzl4NWNhbUluUzVpSW1hYjRXVURHZUQvNHpmVk8wTFJzSEpTZEUyN1orMFFMSFU4SkVMMQpUbUk5d25Yb0tvTEtQNllNU2ZhWllNV3M3ZjY0NHdCSG5OOWx0TEgxbStEa3hQNFNlRjI3cDd5UXhkNDB5ODhuCjZUYzNXM0lmMWhRclFoRXJtVmkwRWYxQXhWQ1V3NkJNV2kwVlIxaGxtZ2lIZkR3Qnk1aDJCa2ExNWxlNE1BeXMKWVp1Q28yb0lQWXl1NWVaWmpjUFhPSE9UQ2lMSS8yRGhnWFFZVHdJREFRQUJBb0lCQUV2SGZQUy9oRTlOR1p0YQpLMkZwRTB1QkhVOStYeUFZZWVhZURLRTlualdFcmZES3hTZnJ0VWI2YUVtd3Y0cU4rNE8wd2ozYXR3OUV5K21yCmJUM05iUmZUT0xjNXdiajM5MzlUV2g4OGJScG44SVdEbDl3UVQxSzdnbjNkZWt0Vi9nRENZNjJ1WVgvRlp3TzYKY2owcUU3L3pwMWJvZUc5dWxGbDZ5OFdvaW5LM0xLSHVMYWJmUEtoN0dPZDJNSXNMYXVac1MwcXd4Q2VSVUlybgpRRkp5N0VsK043UUxraWZyVTNGZUV3bU9yNVZYeWphanBWaXUvNjB4c3J4VC9SMkgrNzN4Tm1JcTF0dzh3VllLCjEwQzNVeHJuZVhMcEpiL21UY0VlWkhMUFA0UGZZdlVuNGxWSnY4UmtqZ3lVRFlzLzdRcnRrclp4ZDMvK2pSQysKRmNHT2xvRUNnWUVBOXJQaCtvUVhwNHRnNlNua0QzSGtvT2s4SVRBcVhwcXVkRW5iQXFaTmdjOUYrWmMwdFVOWAp3RmMwK1V2SGxKam9HMHp1RjN5dnFqd3h1N2dKV1ovK0tvSVZmenk5Zi9DSTUzZHNFWE1hOHJoSlErZVZaTE5qCjg5Ylhka2t1MkJ4RmNFc3hac0dyaVFrMHhMVUo0MVBBc3IyMkgwSWZhc0Y4Vi95MldFdy9yOEVDZ1lFQXprd1EKQnNKVWVIQWZxNXhGMGVFZE1GOXFLUlpjaWpNcFUwSzFKV0h1OXAxWURPeW1JeWNnUkFxOTg5NjdXWjFhOFQrSApYWXVneEhLcUtNTUxjeDluVnp3SzFIZ2F4MmpTejNkRGIwM1pxVWkrTzJKalRuaHJOTC8zVG5Nb2xtR3Evci84CmtvQjhjTjFieDl5UDduNEQvckJoc1ZKTkFVYW12TzdxeU5ScnpBOENnWUVBNG53R0xEejBrbVpNMUFJWFUyNlcKSEh2RExoelA2UVpNdm9uSFBNbDhRbjRObWJRTk9aUFhqY2NCNVJTQzU1THhFNDh1emZVME9DOEc0WFYxY0FpSQpDSEpnVmUxbmMzdFoxRlk0cWxSb0d3akFpa3lqUkUzRXAybEhhVnFLWFBDbmR3NHhEa3NpdGEzeitkclNkeGErCnc5bVN4Mk9uQUJVZG1KRnl2ZUZTWG9FQ2dZQThLZkN1bC9RY244Nk10T21qMlB3elJGQm9wUzNkM0NmY01XTTEKQU1lNVFwQVFUTi95OXBFeFp0U1pEOGNoem9OY1FrUFBJMDZDbkZKRnl3UkcwY3pJb3lraFo5bWZlRkdxMGNSbgo3Sk5qREdUMldxNU5qMDdzdG1PQWpKTTBzRTAzT0hTSG9WTXBjMVUyQjN3dWVLL2ZrajhiZ0w0V2RpMWdnbWtVCm91YkJQd0tCZ1FEdFFSN1Y4bUk1MGZJSTlPYnh1QmhLVlpvVFhQSDQ1blhjdGlnQTlkbWRmSS9HZnJTZTJRMWIKUlV1UmdxazE3M05IV3pjb1JObXRaY1RRakVxTkVySzEzNG5MYWVtODZEV2R3N1BjdUNPUGkxRjJpa1RRWmF5RgpPNm8wdWs3aE1PV2dXWkxCYmg3VlI2ZHdqSko5Z285R0t5bE14NWs2Y1c0NExOMVlnZUdYMnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=_PEM
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: default-certs
+  namespace: default
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: default
+  labels:
+    app: default
+    kind: mutator
+webhooks:
+  - name: mutator.default.io
+    admissionReviewVersions: ["v1"]
+    sideEffects: None
+    clientConfig:
+      service:
+        name: default
+        namespace: default
+        path: /
+      caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhhZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFlTVJ3d0dnWURWUVFERXhOa1pXWmgKZFd4MExtUmxabUYxYkhRdWMzWmpNQjRYRFRJek1EY3lNakEzTWpBek4xb1hEVEkwTURjeU1UQTNNakF6TjFvdwpIakVjTUJvR0ExVUVBeE1UWkdWbVlYVnNkQzVrWldaaGRXeDBMbk4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCCkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1iT0RMQnVSdXhPMWRYQm5uVU9EcFFMTXUxd0lKejk5ZTFvOWR1UHVEYzAKSlR3c0MySFM4VWZ0RGZmL01WdEFiYldxVS9USE9mTjV5VjBTNnFBZVIva0k0KytXZjV6bWxIdXpFdzZCbU5WegpuV1BpNlEwN1REUDIvcGJ6R1lQY2VYR3BpSjB1WWlKbW0rRmxBeG5nLytNMzFUdEMwYkJ5VW5STnUyZnRFQ3gxClBDUkM5VTVpUGNKMTZDcUN5aittREVuMm1XREZyTzMrdU9NQVI1emZaYlN4OVp2ZzVNVCtFbmhkdTZlOGtNWGUKTk12UEorazNOMXR5SDlZVUswSVJLNWxZdEJIOVFNVlFsTU9nVEZvdEZVZFlaWm9JaDN3OEFjdVlkZ1pHdGVaWAp1REFNckdHYmdxTnFDRDJNcnVYbVdZM0Qxemh6a3dvaXlQOWc0WUYwR0U4Q0F3RUFBYU4zTUhVd0RnWURWUjBQCkFRSC9CQVFEQWdLRU1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKSFFZRFZSME9CQllFRkZvMnpweGdqK051Tng4WGxHdDJCcWU3TUhERU1CNEdBMVVkRVFRWE1CV0NFMlJsWm1GMQpiSFF1WkdWbVlYVnNkQzV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFY0NTWUR2QkxvTWZ0L1Z5Rk1zCmp0aWtJUmRPQlBuUFpFaFlsZU9iYjgwTmRIRUxSNEE2N1o0MzF0ZXBDQzZ1c1pDTE5zS3o4QnNrN2VtK0pCc2YKclZ2WWJGNkpjWnN5bjhMRXNKWWtLTHB4SHdzUGZNM3YrRUNFSXR3UjZEcVBqWHNIdnNlZk93cDN3ZkgrWjZrNQpmSHVNVitqaUpNa3BrQWdwMjlSUzhSdkpDbkpHay9BdWRNdzB6RWZqUlZOcU1FWUtBVXhFcVRVMWhvYWExV2xyCmxpMC9tQVVjbkdqK2JGcFl0S251REhFRGlwVjJSY1U4TmxtM1VydE1lMUJGTG5MRjEzbEtEZTUzYTF2aHZQcHcKS0dLczUyY3NPMWdFZlovUDlzbmJnZFMzNWpJZjVZMVFQSHp1Zkppd3U2VlpxTENPeVBXSkpnWXdxM0wwL203SgpYVG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["*"]
+        apiVersions: ["*"]
+        resources: ["CiliumEnvoyConfig"]
+