yoshino-s/cilium-envoy-hook
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: deploy registry

Browse Source
This commit is contained in:
yoshino-s
2023-07-22 07:23:43 +00:00
parent 5df71af2fe
commit 3768d7f002
3 changed files with 91 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/deploy.go
View File

@@ -17,10 +17,6 @@ import (
"go.uber.org/zap"
)
func init() {
rootCmd.AddCommand(deoplyCmd)
}
//go:embed deploy.yaml
var template string
@@ -54,7 +50,7 @@ var deoplyCmd = &cobra.Command{
Type: "CERTIFICATE",
Bytes: cert,
})))
template = strings.ReplaceAll(template, "KEY", base64.StdEncoding.EncodeToString(pem.EncodeToMemory(&pem.Block{
template = strings.ReplaceAll(template, "KEY_PEM", base64.StdEncoding.EncodeToString(pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
})))

2
cmd/deploy.yaml
View File

@@ -17,7 +17,7 @@ spec:
spec:
containers:
- name: APP
image: gitlab.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:latest
image: registry.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:latest
imagePullPolicy: Always
args:
- --tls-cert-file-path=/etc/webhook/certs/cert.pem

89
deploy.yml Normal file
View File

@@ -0,0 +1,89 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: default
namespace: default
labels:
app: default
spec:
replicas: 1
selector:
matchLabels:
app: default
template:
metadata:
labels:
app: default
spec:
containers:
- name: default
image: gitlab.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:latest
imagePullPolicy: Always
args:
- --tls-cert-file-path=/etc/webhook/certs/cert.pem
- --tls-key-file-path=/etc/webhook/certs/key.pem
ports:
- name: http
containerPort: 8080
protocol: TCP
volumeMounts:
- name: webhook-certs
mountPath: /etc/webhook/certs
readOnly: true
volumes:
- name: webhook-certs
secret:
secretName: default-certs
---
apiVersion: v1
kind: Service
metadata:
name: default
namespace: default
labels:
app: default
spec:
ports:
- name: http
port: 443
targetPort: 8080
- name: metrics
port: 8081
targetPort: 8081
selector:
app: default
---
# File autogenerated by ./scripts/gen-certs.sh
apiVersion: v1
data:
cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhhZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFlTVJ3d0dnWURWUVFERXhOa1pXWmgKZFd4MExtUmxabUYxYkhRdWMzWmpNQjRYRFRJek1EY3lNakEzTWpBek4xb1hEVEkwTURjeU1UQTNNakF6TjFvdwpIakVjTUJvR0ExVUVBeE1UWkdWbVlYVnNkQzVrWldaaGRXeDBMbk4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCCkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1iT0RMQnVSdXhPMWRYQm5uVU9EcFFMTXUxd0lKejk5ZTFvOWR1UHVEYzAKSlR3c0MySFM4VWZ0RGZmL01WdEFiYldxVS9USE9mTjV5VjBTNnFBZVIva0k0KytXZjV6bWxIdXpFdzZCbU5WegpuV1BpNlEwN1REUDIvcGJ6R1lQY2VYR3BpSjB1WWlKbW0rRmxBeG5nLytNMzFUdEMwYkJ5VW5STnUyZnRFQ3gxClBDUkM5VTVpUGNKMTZDcUN5aittREVuMm1XREZyTzMrdU9NQVI1emZaYlN4OVp2ZzVNVCtFbmhkdTZlOGtNWGUKTk12UEorazNOMXR5SDlZVUswSVJLNWxZdEJIOVFNVlFsTU9nVEZvdEZVZFlaWm9JaDN3OEFjdVlkZ1pHdGVaWAp1REFNckdHYmdxTnFDRDJNcnVYbVdZM0Qxemh6a3dvaXlQOWc0WUYwR0U4Q0F3RUFBYU4zTUhVd0RnWURWUjBQCkFRSC9CQVFEQWdLRU1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKSFFZRFZSME9CQllFRkZvMnpweGdqK051Tng4WGxHdDJCcWU3TUhERU1CNEdBMVVkRVFRWE1CV0NFMlJsWm1GMQpiSFF1WkdWbVlYVnNkQzV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFY0NTWUR2QkxvTWZ0L1Z5Rk1zCmp0aWtJUmRPQlBuUFpFaFlsZU9iYjgwTmRIRUxSNEE2N1o0MzF0ZXBDQzZ1c1pDTE5zS3o4QnNrN2VtK0pCc2YKclZ2WWJGNkpjWnN5bjhMRXNKWWtLTHB4SHdzUGZNM3YrRUNFSXR3UjZEcVBqWHNIdnNlZk93cDN3ZkgrWjZrNQpmSHVNVitqaUpNa3BrQWdwMjlSUzhSdkpDbkpHay9BdWRNdzB6RWZqUlZOcU1FWUtBVXhFcVRVMWhvYWExV2xyCmxpMC9tQVVjbkdqK2JGcFl0S251REhFRGlwVjJSY1U4TmxtM1VydE1lMUJGTG5MRjEzbEtEZTUzYTF2aHZQcHcKS0dLczUyY3NPMWdFZlovUDlzbmJnZFMzNWpJZjVZMVFQSHp1Zkppd3U2VlpxTENPeVBXSkpnWXdxM0wwL203SgpYVG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeHM0TXNHNUc3RTdWMWNHZWRRNE9sQXN5N1hBZ25QMzE3V2oxMjQrNE56UWxQQ3dMCllkTHhSKzBOOS84eFcwQnR0YXBUOU1jNTgzbkpYUkxxb0I1SCtRamo3NVovbk9hVWU3TVREb0dZMVhPZFkrTHAKRFR0TU0vYitsdk1aZzl4NWNhbUluUzVpSW1hYjRXVURHZUQvNHpmVk8wTFJzSEpTZEUyN1orMFFMSFU4SkVMMQpUbUk5d25Yb0tvTEtQNllNU2ZhWllNV3M3ZjY0NHdCSG5OOWx0TEgxbStEa3hQNFNlRjI3cDd5UXhkNDB5ODhuCjZUYzNXM0lmMWhRclFoRXJtVmkwRWYxQXhWQ1V3NkJNV2kwVlIxaGxtZ2lIZkR3Qnk1aDJCa2ExNWxlNE1BeXMKWVp1Q28yb0lQWXl1NWVaWmpjUFhPSE9UQ2lMSS8yRGhnWFFZVHdJREFRQUJBb0lCQUV2SGZQUy9oRTlOR1p0YQpLMkZwRTB1QkhVOStYeUFZZWVhZURLRTlualdFcmZES3hTZnJ0VWI2YUVtd3Y0cU4rNE8wd2ozYXR3OUV5K21yCmJUM05iUmZUT0xjNXdiajM5MzlUV2g4OGJScG44SVdEbDl3UVQxSzdnbjNkZWt0Vi9nRENZNjJ1WVgvRlp3TzYKY2owcUU3L3pwMWJvZUc5dWxGbDZ5OFdvaW5LM0xLSHVMYWJmUEtoN0dPZDJNSXNMYXVac1MwcXd4Q2VSVUlybgpRRkp5N0VsK043UUxraWZyVTNGZUV3bU9yNVZYeWphanBWaXUvNjB4c3J4VC9SMkgrNzN4Tm1JcTF0dzh3VllLCjEwQzNVeHJuZVhMcEpiL21UY0VlWkhMUFA0UGZZdlVuNGxWSnY4UmtqZ3lVRFlzLzdRcnRrclp4ZDMvK2pSQysKRmNHT2xvRUNnWUVBOXJQaCtvUVhwNHRnNlNua0QzSGtvT2s4SVRBcVhwcXVkRW5iQXFaTmdjOUYrWmMwdFVOWAp3RmMwK1V2SGxKam9HMHp1RjN5dnFqd3h1N2dKV1ovK0tvSVZmenk5Zi9DSTUzZHNFWE1hOHJoSlErZVZaTE5qCjg5Ylhka2t1MkJ4RmNFc3hac0dyaVFrMHhMVUo0MVBBc3IyMkgwSWZhc0Y4Vi95MldFdy9yOEVDZ1lFQXprd1EKQnNKVWVIQWZxNXhGMGVFZE1GOXFLUlpjaWpNcFUwSzFKV0h1OXAxWURPeW1JeWNnUkFxOTg5NjdXWjFhOFQrSApYWXVneEhLcUtNTUxjeDluVnp3SzFIZ2F4MmpTejNkRGIwM1pxVWkrTzJKalRuaHJOTC8zVG5Nb2xtR3Evci84CmtvQjhjTjFieDl5UDduNEQvckJoc1ZKTkFVYW12TzdxeU5ScnpBOENnWUVBNG53R0xEejBrbVpNMUFJWFUyNlcKSEh2RExoelA2UVpNdm9uSFBNbDhRbjRObWJRTk9aUFhqY2NCNVJTQzU1THhFNDh1emZVME9DOEc0WFYxY0FpSQpDSEpnVmUxbmMzdFoxRlk0cWxSb0d3akFpa3lqUkUzRXAybEhhVnFLWFBDbmR3NHhEa3NpdGEzeitkclNkeGErCnc5bVN4Mk9uQUJVZG1KRnl2ZUZTWG9FQ2dZQThLZkN1bC9RY244Nk10T21qMlB3elJGQm9wUzNkM0NmY01XTTEKQU1lNVFwQVFUTi95OXBFeFp0U1pEOGNoem9OY1FrUFBJMDZDbkZKRnl3UkcwY3pJb3lraFo5bWZlRkdxMGNSbgo3Sk5qREdUMldxNU5qMDdzdG1PQWpKTTBzRTAzT0hTSG9WTXBjMVUyQjN3dWVLL2ZrajhiZ0w0V2RpMWdnbWtVCm91YkJQd0tCZ1FEdFFSN1Y4bUk1MGZJSTlPYnh1QmhLVlpvVFhQSDQ1blhjdGlnQTlkbWRmSS9HZnJTZTJRMWIKUlV1UmdxazE3M05IV3pjb1JObXRaY1RRakVxTkVySzEzNG5MYWVtODZEV2R3N1BjdUNPUGkxRjJpa1RRWmF5RgpPNm8wdWs3aE1PV2dXWkxCYmg3VlI2ZHdqSko5Z285R0t5bE14NWs2Y1c0NExOMVlnZUdYMnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=_PEM
kind: Secret
metadata:
creationTimestamp: null
name: default-certs
namespace: default
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: default
labels:
app: default
kind: mutator
webhooks:
- name: mutator.default.io
admissionReviewVersions: ["v1"]
sideEffects: None
clientConfig:
service:
name: default
namespace: default
path: /
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURMakNDQWhhZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFlTVJ3d0dnWURWUVFERXhOa1pXWmgKZFd4MExtUmxabUYxYkhRdWMzWmpNQjRYRFRJek1EY3lNakEzTWpBek4xb1hEVEkwTURjeU1UQTNNakF6TjFvdwpIakVjTUJvR0ExVUVBeE1UWkdWbVlYVnNkQzVrWldaaGRXeDBMbk4yWXpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCCkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1iT0RMQnVSdXhPMWRYQm5uVU9EcFFMTXUxd0lKejk5ZTFvOWR1UHVEYzAKSlR3c0MySFM4VWZ0RGZmL01WdEFiYldxVS9USE9mTjV5VjBTNnFBZVIva0k0KytXZjV6bWxIdXpFdzZCbU5WegpuV1BpNlEwN1REUDIvcGJ6R1lQY2VYR3BpSjB1WWlKbW0rRmxBeG5nLytNMzFUdEMwYkJ5VW5STnUyZnRFQ3gxClBDUkM5VTVpUGNKMTZDcUN5aittREVuMm1XREZyTzMrdU9NQVI1emZaYlN4OVp2ZzVNVCtFbmhkdTZlOGtNWGUKTk12UEorazNOMXR5SDlZVUswSVJLNWxZdEJIOVFNVlFsTU9nVEZvdEZVZFlaWm9JaDN3OEFjdVlkZ1pHdGVaWAp1REFNckdHYmdxTnFDRDJNcnVYbVdZM0Qxemh6a3dvaXlQOWc0WUYwR0U4Q0F3RUFBYU4zTUhVd0RnWURWUjBQCkFRSC9CQVFEQWdLRU1CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHcKSFFZRFZSME9CQllFRkZvMnpweGdqK051Tng4WGxHdDJCcWU3TUhERU1CNEdBMVVkRVFRWE1CV0NFMlJsWm1GMQpiSFF1WkdWbVlYVnNkQzV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFFY0NTWUR2QkxvTWZ0L1Z5Rk1zCmp0aWtJUmRPQlBuUFpFaFlsZU9iYjgwTmRIRUxSNEE2N1o0MzF0ZXBDQzZ1c1pDTE5zS3o4QnNrN2VtK0pCc2YKclZ2WWJGNkpjWnN5bjhMRXNKWWtLTHB4SHdzUGZNM3YrRUNFSXR3UjZEcVBqWHNIdnNlZk93cDN3ZkgrWjZrNQpmSHVNVitqaUpNa3BrQWdwMjlSUzhSdkpDbkpHay9BdWRNdzB6RWZqUlZOcU1FWUtBVXhFcVRVMWhvYWExV2xyCmxpMC9tQVVjbkdqK2JGcFl0S251REhFRGlwVjJSY1U4TmxtM1VydE1lMUJGTG5MRjEzbEtEZTUzYTF2aHZQcHcKS0dLczUyY3NPMWdFZlovUDlzbmJnZFMzNWpJZjVZMVFQSHp1Zkppd3U2VlpxTENPeVBXSkpnWXdxM0wwL203SgpYVG89Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["*"]
apiVersions: ["*"]
resources: ["CiliumEnvoyConfig"]