88 lines
1.7 KiB
YAML
88 lines
1.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: APP
|
|
namespace: NAMESPACE
|
|
labels:
|
|
app: APP
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: APP
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: APP
|
|
spec:
|
|
containers:
|
|
- name: APP
|
|
image: registry.yoshino-s.xyz/yoshino-s/cilium-envoy-hook:dev
|
|
imagePullPolicy: Always
|
|
args:
|
|
- server
|
|
- --tls-cert-file-path=/etc/webhook/certs/cert.pem
|
|
- --tls-key-file-path=/etc/webhook/certs/key.pem
|
|
ports:
|
|
- name: http
|
|
containerPort: 8080
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- name: webhook-certs
|
|
mountPath: /etc/webhook/certs
|
|
readOnly: true
|
|
volumes:
|
|
- name: webhook-certs
|
|
secret:
|
|
secretName: APP-certs
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: APP
|
|
namespace: NAMESPACE
|
|
labels:
|
|
app: APP
|
|
spec:
|
|
ports:
|
|
- name: http
|
|
port: 443
|
|
targetPort: 8080
|
|
- name: metrics
|
|
port: 8081
|
|
targetPort: 8081
|
|
selector:
|
|
app: APP
|
|
---
|
|
apiVersion: v1
|
|
data:
|
|
cert.pem: CA_BUNDLE
|
|
key.pem: KEY_PEM
|
|
kind: Secret
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: APP-certs
|
|
namespace: NAMESPACE
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: MutatingWebhookConfiguration
|
|
metadata:
|
|
name: APP
|
|
labels:
|
|
app: APP
|
|
kind: mutator
|
|
webhooks:
|
|
- name: mutator.APP.io
|
|
admissionReviewVersions: ["v1"]
|
|
sideEffects: None
|
|
clientConfig:
|
|
service:
|
|
name: APP
|
|
namespace: NAMESPACE
|
|
path: /
|
|
caBundle: CA_BUNDLE
|
|
rules:
|
|
- operations: ["UPDATE", "CREATE"]
|
|
apiGroups: ["cilium.io"]
|
|
apiVersions: ["v2"]
|
|
resources: ["ciliumenvoyconfigs"] |