CadolesKube/hydra-maester
7
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: format using Make (#111)

Browse Source
This commit is contained in:
Kevin Goslar
2022-09-22 07:52:52 -05:00
committed by GitHub
parent c5a66aa6eb
commit 5795340e0e
38 changed files with 593 additions and 424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/certmanager/certificate.yaml
View File

@ -11,13 +11,13 @@ spec:
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
namespace: system
spec:
# $(SERVICENAME) and $(NAMESPACE) will be substituted by kustomize
commonName: $(SERVICENAME).$(NAMESPACE).svc
dnsNames:
- $(SERVICENAME).$(NAMESPACE).svc.cluster.local
- $(SERVICENAME).$(NAMESPACE).svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer

40
config/certmanager/kustomization.yaml
View File

@ -1,26 +1,26 @@
resources:
- certificate.yaml
- certificate.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
- name: NAMESPACE # namespace of the service and the certificate CR
objref:
kind: Service
version: v1
name: webhook-service
fieldref:
fieldpath: metadata.namespace
- name: CERTIFICATENAME
objref:
kind: Certificate
group: certmanager.k8s.io
version: v1alpha1
name: serving-cert # this name should match the one in certificate.yaml
- name: SERVICENAME
objref:
kind: Service
version: v1
name: webhook-service
- name: NAMESPACE # namespace of the service and the certificate CR
objref:
kind: Service
version: v1
name: webhook-service
fieldref:
fieldpath: metadata.namespace
- name: CERTIFICATENAME
objref:
kind: Certificate
group: certmanager.k8s.io
version: v1alpha1
name: serving-cert # this name should match the one in certificate.yaml
- name: SERVICENAME
objref:
kind: Service
version: v1
name: webhook-service
configurations:
- kustomizeconfig.yaml
- kustomizeconfig.yaml

24
config/certmanager/kustomizeconfig.yaml
View File

@ -1,16 +1,16 @@
# This configuration is for teaching kustomize how to update name ref and var substitution
# This configuration is for teaching kustomize how to update name ref and var substitution
nameReference:
- kind: Issuer
group: certmanager.k8s.io
fieldSpecs:
- kind: Certificate
- kind: Issuer
group: certmanager.k8s.io
path: spec/issuerRef/name
fieldSpecs:
- kind: Certificate
group: certmanager.k8s.io
path: spec/issuerRef/name
varReference:
- kind: Certificate
group: certmanager.k8s.io
path: spec/commonName
- kind: Certificate
group: certmanager.k8s.io
path: spec/dnsNames
- kind: Certificate
group: certmanager.k8s.io
path: spec/commonName
- kind: Certificate
group: certmanager.k8s.io
path: spec/dnsNames

358
config/crd/bases/hydra.ory.sh_oauth2clients.yaml
View File

@ -1,4 +1,3 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@ -16,158 +15,217 @@ spec:
singular: oauth2client
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: OAuth2Client is the Schema for the oauth2clients API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: OAuth2ClientSpec defines the desired state of OAuth2Client
properties:
allowedCorsOrigins:
description: AllowedCorsOrigins is an array of allowed CORS origins
items:
description: RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
audience:
description: Audience is a whitelist defining the audiences this client is allowed to request tokens for
items:
type: string
type: array
clientName:
description: ClientName is the human-readable string name of the client to be presented to the end-user during authorization.
type: string
grantTypes:
description: GrantTypes is an array of grant types the client is allowed to use.
items:
description: GrantType represents an OAuth 2.0 grant type
enum:
- client_credentials
- authorization_code
- implicit
- refresh_token
type: string
maxItems: 4
minItems: 1
type: array
hydraAdmin:
description: HydraAdmin is the optional configuration to use for managing this client
properties:
endpoint:
description: Endpoint is the endpoint for the hydra instance on which to set up the client. This value will override the value provided to `--endpoint` (defaults to `"/clients"` in the application)
pattern: (^$|^/.*)
type: string
forwardedProto:
description: ForwardedProto overrides the `--forwarded-proto` flag. The value "off" will force this to be off even if `--forwarded-proto` is specified
pattern: (^$|https?|off)
type: string
port:
description: Port is the port for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-port`
maximum: 65535
type: integer
url:
description: URL is the URL for the hydra instance on which to set up the client. This value will override the value provided to `--hydra-url`
maxLength: 64
pattern: (^$|^https?://.*)
type: string
type: object
metadata:
description: Metadata is abritrary data
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
postLogoutRedirectUris:
description: PostLogoutRedirectURIs is an array of the post logout redirect URIs allowed for the application
items:
description: RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
redirectUris:
description: RedirectURIs is an array of the redirect URIs allowed for the application
items:
description: RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
responseTypes:
description: ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
items:
description: ResponseType represents an OAuth 2.0 response type strings
enum:
- id_token
- code
- token
- code token
- code id_token
- id_token token
- code id_token token
type: string
maxItems: 3
minItems: 1
type: array
scope:
description: Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
pattern: ([a-zA-Z0-9\.\*]+\s?)+
type: string
secretName:
description: SecretName points to the K8s secret that contains this client's ID and password
maxLength: 253
minLength: 1
pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
type: string
tokenEndpointAuthMethod:
allOf:
- enum:
- client_secret_basic
- client_secret_post
- private_key_jwt
- none
- enum:
- client_secret_basic
- client_secret_post
- private_key_jwt
- none
description: Indication which authentication method shoud be used for the token endpoint
type: string
required:
- grantTypes
- scope
- secretName
type: object
status:
description: OAuth2ClientStatus defines the observed state of OAuth2Client
properties:
observedGeneration:
description: ObservedGeneration represents the most recent generation observed by the daemon set controller.
format: int64
type: integer
reconciliationError:
description: ReconciliationError represents an error that occurred during the reconciliation process
properties:
- name: v1alpha1
schema:
openAPIV3Schema:
description: OAuth2Client is the Schema for the oauth2clients API
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the
latest internal value, and may reject unrecognized values. More
info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase.
More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
metadata:
type: object
spec:
description:
OAuth2ClientSpec defines the desired state of OAuth2Client
properties:
allowedCorsOrigins:
description:
description: Description is the description of the reconciliation error
AllowedCorsOrigins is an array of allowed CORS origins
items:
description:
RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
statusCode:
description: Code is the status code of the reconciliation error
type: array
audience:
description:
Audience is a whitelist defining the audiences this client
is allowed to request tokens for
items:
type: string
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
type: array
clientName:
description:
ClientName is the human-readable string name of the client
to be presented to the end-user during authorization.
type: string
grantTypes:
description:
GrantTypes is an array of grant types the client is allowed
to use.
items:
description: GrantType represents an OAuth 2.0 grant type
enum:
- client_credentials
- authorization_code
- implicit
- refresh_token
type: string
maxItems: 4
minItems: 1
type: array
hydraAdmin:
description:
HydraAdmin is the optional configuration to use for managing
this client
properties:
endpoint:
description:
Endpoint is the endpoint for the hydra instance on which
to set up the client. This value will override the value
provided to `--endpoint` (defaults to `"/clients"` in
the application)
pattern: (^$|^/.*)
type: string
forwardedProto:
description:
ForwardedProto overrides the `--forwarded-proto` flag.
The value "off" will force this to be off even if
`--forwarded-proto` is specified
pattern: (^$|https?|off)
type: string
port:
description:
Port is the port for the hydra instance on which to set
up the client. This value will override the value
provided to `--hydra-port`
maximum: 65535
type: integer
url:
description:
URL is the URL for the hydra instance on which to set up
the client. This value will override the value provided
to `--hydra-url`
maxLength: 64
pattern: (^$|^https?://.*)
type: string
type: object
metadata:
description: Metadata is abritrary data
nullable: true
type: object
x-kubernetes-preserve-unknown-fields: true
postLogoutRedirectUris:
description:
PostLogoutRedirectURIs is an array of the post logout
redirect URIs allowed for the application
items:
description:
RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
redirectUris:
description:
RedirectURIs is an array of the redirect URIs allowed for
the application
items:
description:
RedirectURI represents a redirect URI for the client
pattern: \w+:/?/?[^\s]+
type: string
type: array
responseTypes:
description:
ResponseTypes is an array of the OAuth 2.0 response type
strings that the client can use at the authorization
endpoint.
items:
description:
ResponseType represents an OAuth 2.0 response type strings
enum:
- id_token
- code
- token
- code token
- code id_token
- id_token token
- code id_token token
type: string
maxItems: 3
minItems: 1
type: array
scope:
description:
Scope is a string containing a space-separated list of scope
values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
that the client can use when requesting access tokens.
pattern: ([a-zA-Z0-9\.\*]+\s?)+
type: string
secretName:
description:
SecretName points to the K8s secret that contains this
client's ID and password
maxLength: 253
minLength: 1
pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*'
type: string
tokenEndpointAuthMethod:
allOf:
- enum:
- client_secret_basic
- client_secret_post
- private_key_jwt
- none
- enum:
- client_secret_basic
- client_secret_post
- private_key_jwt
- none
description:
Indication which authentication method shoud be used for the
token endpoint
type: string
required:
- grantTypes
- scope
- secretName
type: object
status:
description:
OAuth2ClientStatus defines the observed state of OAuth2Client
properties:
observedGeneration:
description:
ObservedGeneration represents the most recent generation
observed by the daemon set controller.
format: int64
type: integer
reconciliationError:
description:
ReconciliationError represents an error that occurred during
the reconciliation process
properties:
description:
description:
Description is the description of the reconciliation
error
type: string
statusCode:
description:
Code is the status code of the reconciliation error
type: string
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""

4
config/crd/kustomization.yaml
View File

@ -2,7 +2,7 @@
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/hydra.ory.sh_oauth2clients.yaml
- bases/hydra.ory.sh_oauth2clients.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patches:
@ -16,4 +16,4 @@ patches:
# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
- kustomizeconfig.yaml
- kustomizeconfig.yaml

22
config/crd/kustomizeconfig.yaml
View File

@ -1,17 +1,17 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/name
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/name
namespace:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/namespace
create: false
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhookClientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations
- path: metadata/annotations

26
config/default/kustomization.yaml
View File

@ -13,25 +13,25 @@ namePrefix: hydra-maester-
# someName: someValue
bases:
- ../crd
- ../rbac
- ../manager
- ../crd
- ../rbac
- ../manager
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml
#- ../webhook
# [CERTMANAGER] To enable cert-manager, uncomment next line. 'WEBHOOK' components are required.
#- ../certmanager
patches:
- manager_image_patch.yaml
# Protect the /metrics endpoint by putting it behind auth.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
- manager_auth_proxy_patch.yaml
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, uncomment the following line and
# comment manager_auth_proxy_patch.yaml.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
- manager_image_patch.yaml
# Protect the /metrics endpoint by putting it behind auth.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
- manager_auth_proxy_patch.yaml
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, uncomment the following line and
# comment manager_auth_proxy_patch.yaml.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
#- manager_prometheus_metrics_patch.yaml
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml

26
config/default/manager_auth_proxy_patch.yaml
View File

@ -9,16 +9,16 @@ spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"

8
config/default/manager_image_patch.yaml
View File

@ -7,7 +7,7 @@ spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: controller:latest
name: manager
imagePullPolicy: IfNotPresent
# Change the value of image field below to your controller image URL
- image: controller:latest
name: manager
imagePullPolicy: IfNotPresent

14
config/default/manager_prometheus_metrics_patch.yaml
View File

@ -8,12 +8,12 @@ spec:
template:
metadata:
annotations:
prometheus.io/scrape: 'true'
prometheus.io/scrape: "true"
spec:
containers:
# Expose the prometheus metrics on default port
- name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP
# Expose the prometheus metrics on default port
- name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP

26
config/default/manager_webhook_patch.yaml
View File

@ -7,17 +7,17 @@ spec:
template:
spec:
containers:
- name: manager
ports:
- containerPort: 443
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
- name: manager
ports:
- containerPort: 443
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert

2
config/default/webhookcainjection_patch.yaml
View File

@ -1,5 +1,5 @@
# This patch add annotation to admission webhook config and
# the variables $(NAMESPACE) and $(CERTIFICATENAME) will be substituted by kustomize.
# the variables $(NAMESPACE) and $(CERTIFICATENAME) will be substituted by kustomize.
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:

2
config/manager/kustomization.yaml
View File

@ -1,2 +1,2 @@
resources:
- manager.yaml
- manager.yaml

28
config/manager/manager.yaml
View File

@ -23,18 +23,18 @@ spec:
control-plane: controller-manager
spec:
containers:
- command:
- /manager
args:
- --enable-leader-election
- --hydra-url=http://use.actual.hydra.fqdn #change it to your ORY Hydra address
image: controller:latest
name: manager
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
- command:
- /manager
args:
- --enable-leader-election
- --hydra-url=http://use.actual.hydra.fqdn #change it to your ORY Hydra address
image: controller:latest
name: manager
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
terminationGracePeriodSeconds: 10

16
config/rbac/auth_proxy_role.yaml
View File

@ -3,11 +3,11 @@ kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]

6
config/rbac/auth_proxy_role_binding.yaml
View File

@ -7,6 +7,6 @@ roleRef:
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: system
- kind: ServiceAccount
name: default
namespace: system

6
config/rbac/auth_proxy_service.yaml
View File

@ -11,8 +11,8 @@ metadata:
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager

20
config/rbac/kustomization.yaml
View File

@ -1,11 +1,11 @@
resources:
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
# Comment the following 3 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
# Comment the following 3 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml

40
config/rbac/leader_election_role.yaml
View File

@ -4,23 +4,23 @@ kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch

6
config/rbac/leader_election_role_binding.yaml
View File

@ -7,6 +7,6 @@ roleRef:
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: system
- kind: ServiceAccount
name: default
namespace: system

65
config/rbac/role.yaml
View File

@ -1,4 +1,3 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@ -6,35 +5,35 @@ metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- hydra.ory.sh
resources:
- oauth2clients
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- hydra.ory.sh
resources:
- oauth2clients/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- hydra.ory.sh
resources:
- oauth2clients
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- hydra.ory.sh
resources:
- oauth2clients/status
verbs:
- get
- patch
- update

6
config/rbac/role_binding.yaml
View File

@ -7,6 +7,6 @@ roleRef:
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: system
- kind: ServiceAccount
name: default
namespace: system

1
config/samples/hydra_v1alpha1_oauth2client.yaml
View File

@ -36,4 +36,3 @@ spec:
endpoint: /clients
forwardedProto: https
tokenEndpointAuthMethod: client_secret_basic

6
config/webhook/kustomization.yaml
View File

@ -1,6 +1,6 @@
resources:
- manifests.yaml
- service.yaml
- manifests.yaml
- service.yaml
configurations:
- kustomizeconfig.yaml
- kustomizeconfig.yaml

36
config/webhook/kustomizeconfig.yaml
View File

@ -1,25 +1,25 @@
# the following config is for teaching kustomize where to look at when substituting vars.
# It requires kustomize v2.1.0 or newer to work properly.
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
- kind: Service
version: v1
fieldSpecs:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
namespace:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
varReference:
- path: metadata/annotations
- path: metadata/annotations

1
config/webhook/service.yaml
View File

@ -1,4 +1,3 @@
apiVersion: v1
kind: Service
metadata: