Merge "Add CAPD config v0.3.11"
This commit is contained in:
commit
14ae7e5129
24
manifests/function/capd/v0.3.11/certmanager/certificate.yaml
Normal file
24
manifests/function/capd/v0.3.11/certmanager/certificate.yaml
Normal file
@ -0,0 +1,24 @@
|
||||
# The following manifests contain a self-signed issuer CR and a certificate CR.
|
||||
# More document can be found at https://docs.cert-manager.io
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: selfsigned-issuer
|
||||
namespace: system
|
||||
spec:
|
||||
selfSigned: {}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1alpha2
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
|
||||
namespace: system
|
||||
spec:
|
||||
# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
|
||||
dnsNames:
|
||||
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
|
||||
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
|
||||
issuerRef:
|
||||
kind: Issuer
|
||||
name: selfsigned-issuer
|
||||
secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize
|
@ -0,0 +1,8 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- certificate.yaml
|
||||
|
||||
configurations:
|
||||
- kustomizeconfig.yaml
|
@ -0,0 +1,19 @@
|
||||
# This configuration is for teaching kustomize how to update name ref and var substitution
|
||||
nameReference:
|
||||
- kind: Issuer
|
||||
group: cert-manager.io
|
||||
fieldSpecs:
|
||||
- kind: Certificate
|
||||
group: cert-manager.io
|
||||
path: spec/issuerRef/name
|
||||
|
||||
varReference:
|
||||
- kind: Certificate
|
||||
group: cert-manager.io
|
||||
path: spec/commonName
|
||||
- kind: Certificate
|
||||
group: cert-manager.io
|
||||
path: spec/dnsNames
|
||||
- kind: Certificate
|
||||
group: cert-manager.io
|
||||
path: spec/secretName
|
@ -0,0 +1,165 @@
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1-0.20201002000720-57250aac17f6
|
||||
creationTimestamp: null
|
||||
name: dockermachinepools.exp.infrastructure.cluster.x-k8s.io
|
||||
spec:
|
||||
group: exp.infrastructure.cluster.x-k8s.io
|
||||
names:
|
||||
categories:
|
||||
- cluster-api
|
||||
kind: DockerMachinePool
|
||||
listKind: DockerMachinePoolList
|
||||
plural: dockermachinepools
|
||||
singular: dockermachinepool
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha3
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: DockerMachinePool is the Schema for the dockermachinepools API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: DockerMachinePoolSpec defines the desired state of DockerMachinePool
|
||||
properties:
|
||||
providerID:
|
||||
description: ProviderID is the identification ID of the Machine Pool
|
||||
type: string
|
||||
providerIDList:
|
||||
description: ProviderIDList is the list of identification IDs of machine instances managed by this Machine Pool
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
template:
|
||||
description: Template contains the details used to build a replica machine within the Machine Pool
|
||||
properties:
|
||||
customImage:
|
||||
description: CustomImage allows customizing the container image that is used for running the machine
|
||||
type: string
|
||||
extraMounts:
|
||||
description: ExtraMounts describes additional mount points for the node container These may be used to bind a hostPath
|
||||
items:
|
||||
description: Mount specifies a host volume to mount into a container. This is a simplified version of kind v1alpha4.Mount types
|
||||
properties:
|
||||
containerPath:
|
||||
description: Path of the mount within the container.
|
||||
type: string
|
||||
hostPath:
|
||||
description: Path of the mount on the host. If the hostPath doesn't exist, then runtimes should report error. If the hostpath is a symbolic link, runtimes should follow the symlink and mount the real destination to container.
|
||||
type: string
|
||||
readOnly:
|
||||
description: If set, the mount is read-only.
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
preLoadImages:
|
||||
description: PreLoadImages allows to pre-load images in a newly created machine. This can be used to speed up tests by avoiding e.g. to download CNI images on all the containers.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
type: object
|
||||
status:
|
||||
description: DockerMachinePoolStatus defines the observed state of DockerMachinePool
|
||||
properties:
|
||||
conditions:
|
||||
description: Conditions defines current service state of the DockerMachinePool.
|
||||
items:
|
||||
description: Condition defines an observation of a Cluster API resource operational state.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A human readable message indicating details about the transition. This field may be empty.
|
||||
type: string
|
||||
reason:
|
||||
description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
|
||||
type: string
|
||||
severity:
|
||||
description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of True, False, Unknown.
|
||||
type: string
|
||||
type:
|
||||
description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
instances:
|
||||
description: Instances contains the status for each instance in the pool
|
||||
items:
|
||||
properties:
|
||||
addresses:
|
||||
description: Addresses contains the associated addresses for the docker machine.
|
||||
items:
|
||||
description: MachineAddress contains information for the node's address.
|
||||
properties:
|
||||
address:
|
||||
description: The machine address.
|
||||
type: string
|
||||
type:
|
||||
description: Machine address type, one of Hostname, ExternalIP or InternalIP.
|
||||
type: string
|
||||
required:
|
||||
- address
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
bootstrapped:
|
||||
description: Bootstrapped is true when the kubeadm bootstrapping has been run against this machine
|
||||
type: boolean
|
||||
instanceName:
|
||||
description: InstanceName is the identification of the Machine Instance within the Machine Pool
|
||||
type: string
|
||||
providerID:
|
||||
description: ProviderID is the provider identification of the Machine Pool Instance
|
||||
type: string
|
||||
ready:
|
||||
description: Ready denotes that the machine (docker container) is ready
|
||||
type: boolean
|
||||
version:
|
||||
description: Version defines the Kubernetes version for the Machine Instance
|
||||
type: string
|
||||
type: object
|
||||
type: array
|
||||
observedGeneration:
|
||||
description: The generation observed by the deployment controller.
|
||||
format: int64
|
||||
type: integer
|
||||
ready:
|
||||
description: Ready denotes that the machine pool is ready
|
||||
type: boolean
|
||||
replicas:
|
||||
description: Replicas is the most recently observed number of replicas.
|
||||
format: int32
|
||||
type: integer
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,129 @@
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1-0.20201002000720-57250aac17f6
|
||||
creationTimestamp: null
|
||||
name: dockerclusters.infrastructure.cluster.x-k8s.io
|
||||
spec:
|
||||
group: infrastructure.cluster.x-k8s.io
|
||||
names:
|
||||
categories:
|
||||
- cluster-api
|
||||
kind: DockerCluster
|
||||
listKind: DockerClusterList
|
||||
plural: dockerclusters
|
||||
singular: dockercluster
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha3
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: DockerCluster is the Schema for the dockerclusters API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: DockerClusterSpec defines the desired state of DockerCluster.
|
||||
properties:
|
||||
controlPlaneEndpoint:
|
||||
description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.
|
||||
properties:
|
||||
host:
|
||||
description: Host is the hostname on which the API server is serving.
|
||||
type: string
|
||||
port:
|
||||
description: Port is the port on which the API server is serving.
|
||||
type: integer
|
||||
required:
|
||||
- host
|
||||
- port
|
||||
type: object
|
||||
failureDomains:
|
||||
additionalProperties:
|
||||
description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.
|
||||
properties:
|
||||
attributes:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Attributes is a free form map of attributes an infrastructure provider might use or require.
|
||||
type: object
|
||||
controlPlane:
|
||||
description: ControlPlane determines if this failure domain is suitable for use by control plane machines.
|
||||
type: boolean
|
||||
type: object
|
||||
description: FailureDomains are not usulaly defined on the spec. The docker provider is special since failure domains don't mean anything in a local docker environment. Instead, the docker cluster controller will simply copy these into the Status and allow the Cluster API controllers to do what they will with the defined failure domains.
|
||||
type: object
|
||||
type: object
|
||||
status:
|
||||
description: DockerClusterStatus defines the observed state of DockerCluster.
|
||||
properties:
|
||||
conditions:
|
||||
description: Conditions defines current service state of the DockerCluster.
|
||||
items:
|
||||
description: Condition defines an observation of a Cluster API resource operational state.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A human readable message indicating details about the transition. This field may be empty.
|
||||
type: string
|
||||
reason:
|
||||
description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
|
||||
type: string
|
||||
severity:
|
||||
description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of True, False, Unknown.
|
||||
type: string
|
||||
type:
|
||||
description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
failureDomains:
|
||||
additionalProperties:
|
||||
description: FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across.
|
||||
properties:
|
||||
attributes:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Attributes is a free form map of attributes an infrastructure provider might use or require.
|
||||
type: object
|
||||
controlPlane:
|
||||
description: ControlPlane determines if this failure domain is suitable for use by control plane machines.
|
||||
type: boolean
|
||||
type: object
|
||||
description: FailureDomains don't mean much in CAPD since it's all local, but we can see how the rest of cluster API will use this if we populate it.
|
||||
type: object
|
||||
ready:
|
||||
description: Ready denotes that the docker cluster (infrastructure) is ready.
|
||||
type: boolean
|
||||
required:
|
||||
- ready
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,133 @@
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1-0.20201002000720-57250aac17f6
|
||||
creationTimestamp: null
|
||||
name: dockermachines.infrastructure.cluster.x-k8s.io
|
||||
spec:
|
||||
group: infrastructure.cluster.x-k8s.io
|
||||
names:
|
||||
categories:
|
||||
- cluster-api
|
||||
kind: DockerMachine
|
||||
listKind: DockerMachineList
|
||||
plural: dockermachines
|
||||
singular: dockermachine
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha3
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: DockerMachine is the Schema for the dockermachines API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: DockerMachineSpec defines the desired state of DockerMachine
|
||||
properties:
|
||||
bootstrapped:
|
||||
description: Bootstrapped is true when the kubeadm bootstrapping has been run against this machine
|
||||
type: boolean
|
||||
customImage:
|
||||
description: CustomImage allows customizing the container image that is used for running the machine
|
||||
type: string
|
||||
extraMounts:
|
||||
description: ExtraMounts describes additional mount points for the node container These may be used to bind a hostPath
|
||||
items:
|
||||
description: Mount specifies a host volume to mount into a container. This is a simplified version of kind v1alpha4.Mount types
|
||||
properties:
|
||||
containerPath:
|
||||
description: Path of the mount within the container.
|
||||
type: string
|
||||
hostPath:
|
||||
description: Path of the mount on the host. If the hostPath doesn't exist, then runtimes should report error. If the hostpath is a symbolic link, runtimes should follow the symlink and mount the real destination to container.
|
||||
type: string
|
||||
readOnly:
|
||||
description: If set, the mount is read-only.
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
preLoadImages:
|
||||
description: PreLoadImages allows to pre-load images in a newly created machine. This can be used to speed up tests by avoiding e.g. to download CNI images on all the containers.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
providerID:
|
||||
description: ProviderID will be the container name in ProviderID format (docker:////<containername>)
|
||||
type: string
|
||||
type: object
|
||||
status:
|
||||
description: DockerMachineStatus defines the observed state of DockerMachine
|
||||
properties:
|
||||
addresses:
|
||||
description: Addresses contains the associated addresses for the docker machine.
|
||||
items:
|
||||
description: MachineAddress contains information for the node's address.
|
||||
properties:
|
||||
address:
|
||||
description: The machine address.
|
||||
type: string
|
||||
type:
|
||||
description: Machine address type, one of Hostname, ExternalIP or InternalIP.
|
||||
type: string
|
||||
required:
|
||||
- address
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
conditions:
|
||||
description: Conditions defines current service state of the DockerMachine.
|
||||
items:
|
||||
description: Condition defines an observation of a Cluster API resource operational state.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: A human readable message indicating details about the transition. This field may be empty.
|
||||
type: string
|
||||
reason:
|
||||
description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.
|
||||
type: string
|
||||
severity:
|
||||
description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of True, False, Unknown.
|
||||
type: string
|
||||
type:
|
||||
description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
loadBalancerConfigured:
|
||||
description: LoadBalancerConfigured denotes that the machine has been added to the load balancer
|
||||
type: boolean
|
||||
ready:
|
||||
description: Ready denotes that the machine (docker container) is ready
|
||||
type: boolean
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,88 @@
|
||||
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.4.1-0.20201002000720-57250aac17f6
|
||||
creationTimestamp: null
|
||||
name: dockermachinetemplates.infrastructure.cluster.x-k8s.io
|
||||
spec:
|
||||
group: infrastructure.cluster.x-k8s.io
|
||||
names:
|
||||
categories:
|
||||
- cluster-api
|
||||
kind: DockerMachineTemplate
|
||||
listKind: DockerMachineTemplateList
|
||||
plural: dockermachinetemplates
|
||||
singular: dockermachinetemplate
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha3
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: DockerMachineTemplate is the Schema for the dockermachinetemplates API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: DockerMachineTemplateSpec defines the desired state of DockerMachineTemplate
|
||||
properties:
|
||||
template:
|
||||
description: DockerMachineTemplateResource describes the data needed to create a DockerMachine from a template
|
||||
properties:
|
||||
spec:
|
||||
description: Spec is the specification of the desired behavior of the machine.
|
||||
properties:
|
||||
bootstrapped:
|
||||
description: Bootstrapped is true when the kubeadm bootstrapping has been run against this machine
|
||||
type: boolean
|
||||
customImage:
|
||||
description: CustomImage allows customizing the container image that is used for running the machine
|
||||
type: string
|
||||
extraMounts:
|
||||
description: ExtraMounts describes additional mount points for the node container These may be used to bind a hostPath
|
||||
items:
|
||||
description: Mount specifies a host volume to mount into a container. This is a simplified version of kind v1alpha4.Mount types
|
||||
properties:
|
||||
containerPath:
|
||||
description: Path of the mount within the container.
|
||||
type: string
|
||||
hostPath:
|
||||
description: Path of the mount on the host. If the hostPath doesn't exist, then runtimes should report error. If the hostpath is a symbolic link, runtimes should follow the symlink and mount the real destination to container.
|
||||
type: string
|
||||
readOnly:
|
||||
description: If set, the mount is read-only.
|
||||
type: boolean
|
||||
type: object
|
||||
type: array
|
||||
preLoadImages:
|
||||
description: PreLoadImages allows to pre-load images in a newly created machine. This can be used to speed up tests by avoiding e.g. to download CNI images on all the containers.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
providerID:
|
||||
description: ProviderID will be the container name in ProviderID format (docker:////<containername>)
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
required:
|
||||
- template
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
31
manifests/function/capd/v0.3.11/crd/kustomization.yaml
Normal file
31
manifests/function/capd/v0.3.11/crd/kustomization.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
commonLabels:
|
||||
cluster.x-k8s.io/v1alpha3: v1alpha3
|
||||
|
||||
# This kustomization.yaml is not intended to be run by itself,
|
||||
# since it depends on service name and namespace that are out of this kustomize package.
|
||||
# It should be run by config/
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- bases/infrastructure.cluster.x-k8s.io_dockermachines.yaml
|
||||
- bases/infrastructure.cluster.x-k8s.io_dockerclusters.yaml
|
||||
- bases/infrastructure.cluster.x-k8s.io_dockermachinetemplates.yaml
|
||||
- bases/exp.infrastructure.cluster.x-k8s.io_dockermachinepools.yaml
|
||||
# +kubebuilder:scaffold:crdkustomizeresource
|
||||
|
||||
patchesStrategicMerge: []
|
||||
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
|
||||
# patches here are for enabling the conversion webhook for each CRD
|
||||
#- patches/webhook_in_dockermachines.yaml
|
||||
#- patches/webhook_in_dockerclusters.yaml
|
||||
# +kubebuilder:scaffold:crdkustomizewebhookpatch
|
||||
|
||||
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
|
||||
# patches here are for enabling the CA injection for each CRD
|
||||
#- patches/cainjection_in_dockermachines.yaml
|
||||
#- patches/cainjection_in_dockerclusters.yaml
|
||||
# +kubebuilder:scaffold:crdkustomizecainjectionpatch
|
||||
|
||||
# the following config is for teaching kustomize how to do kustomization for CRDs.
|
||||
configurations:
|
||||
- kustomizeconfig.yaml
|
17
manifests/function/capd/v0.3.11/crd/kustomizeconfig.yaml
Normal file
17
manifests/function/capd/v0.3.11/crd/kustomizeconfig.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
|
||||
nameReference:
|
||||
- kind: Service
|
||||
version: v1
|
||||
fieldSpecs:
|
||||
- kind: CustomResourceDefinition
|
||||
group: apiextensions.k8s.io
|
||||
path: spec/conversion/webhook/clientConfig/service/name
|
||||
|
||||
namespace:
|
||||
- kind: CustomResourceDefinition
|
||||
group: apiextensions.k8s.io
|
||||
path: spec/conversion/webhook/clientConfig/service/namespace
|
||||
create: false
|
||||
|
||||
varReference:
|
||||
- path: metadata/annotations
|
@ -0,0 +1,8 @@
|
||||
# The following patch adds a directive for certmanager to inject CA into the CRD
|
||||
# CRD conversion requires k8s 1.13 or later.
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
|
||||
name: dockerclusters.infrastructure.cluster.x-k8s.io
|
@ -0,0 +1,8 @@
|
||||
# The following patch adds a directive for certmanager to inject CA into the CRD
|
||||
# CRD conversion requires k8s 1.13 or later.
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
|
||||
name: dockermachinepools.exp.infrastructure.cluster.x-k8s.io
|
@ -0,0 +1,8 @@
|
||||
# The following patch adds a directive for certmanager to inject CA into the CRD
|
||||
# CRD conversion requires k8s 1.13 or later.
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
|
||||
name: dockermachines.infrastructure.cluster.x-k8s.io
|
@ -0,0 +1,19 @@
|
||||
# The following patch enables conversion webhook for CRD
|
||||
# CRD conversion requires k8s 1.13 or later.
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: dockerclusters.infrastructure.cluster.x-k8s.io
|
||||
spec:
|
||||
conversion:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
conversionReviewVersions: ["v1", "v1beta1"]
|
||||
clientConfig:
|
||||
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
|
||||
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
|
||||
caBundle: Cg==
|
||||
service:
|
||||
namespace: system
|
||||
name: webhook-service
|
||||
path: /convert
|
@ -0,0 +1,19 @@
|
||||
# The following patch enables conversion webhook for CRD
|
||||
# CRD conversion requires k8s 1.13 or later.
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: dockermachinepools.exp.infrastructure.cluster.x-k8s.io
|
||||
spec:
|
||||
conversion:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
conversionReviewVersions: ["v1", "v1beta1"]
|
||||
clientConfig:
|
||||
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
|
||||
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
|
||||
caBundle: Cg==
|
||||
service:
|
||||
namespace: system
|
||||
name: webhook-service
|
||||
path: /convert
|
@ -0,0 +1,19 @@
|
||||
# The following patch enables conversion webhook for CRD
|
||||
# CRD conversion requires k8s 1.13 or later.
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: dockermachines.infrastructure.cluster.x-k8s.io
|
||||
spec:
|
||||
conversion:
|
||||
strategy: Webhook
|
||||
webhook:
|
||||
conversionReviewVersions: ["v1", "v1beta1"]
|
||||
clientConfig:
|
||||
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
|
||||
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
|
||||
caBundle: Cg==
|
||||
service:
|
||||
namespace: system
|
||||
name: webhook-service
|
||||
path: /convert
|
@ -0,0 +1,9 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: capd-system
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
|
||||
bases:
|
||||
- ../rbac
|
6
manifests/function/capd/v0.3.11/default/namespace.yaml
Normal file
6
manifests/function/capd/v0.3.11/default/namespace.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
labels:
|
||||
control-plane: controller-manager
|
||||
name: system
|
9
manifests/function/capd/v0.3.11/kustomization.yaml
Normal file
9
manifests/function/capd/v0.3.11/kustomization.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
namePrefix: capd-
|
||||
|
||||
commonLabels:
|
||||
cluster.x-k8s.io/provider: "infrastructure-docker"
|
||||
|
||||
resources:
|
||||
- crd
|
||||
- default
|
||||
- webhook
|
@ -0,0 +1,8 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- manager.yaml
|
||||
|
||||
patchesStrategicMerge:
|
||||
- manager_image_patch.yaml
|
||||
- manager_auth_proxy_patch.yaml
|
47
manifests/function/capd/v0.3.11/manager/manager.yaml
Normal file
47
manifests/function/capd/v0.3.11/manager/manager.yaml
Normal file
@ -0,0 +1,47 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: controller-manager
|
||||
namespace: system
|
||||
labels:
|
||||
control-plane: controller-manager
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
control-plane: controller-manager
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
control-plane: controller-manager
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --enable-leader-election
|
||||
image: controller:latest
|
||||
name: manager
|
||||
ports:
|
||||
- containerPort: 9440
|
||||
name: healthz
|
||||
protocol: TCP
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: healthz
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: healthz
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/docker.sock
|
||||
name: dockersock
|
||||
securityContext:
|
||||
privileged: true
|
||||
terminationGracePeriodSeconds: 10
|
||||
tolerations:
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/master
|
||||
volumes:
|
||||
- name: dockersock
|
||||
hostPath:
|
||||
path: /var/run/docker.sock
|
@ -0,0 +1,26 @@
|
||||
# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
|
||||
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: controller-manager
|
||||
namespace: system
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: kube-rbac-proxy
|
||||
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
|
||||
args:
|
||||
- "--secure-listen-address=0.0.0.0:8443"
|
||||
- "--upstream=http://127.0.0.1:8080/"
|
||||
- "--logtostderr=true"
|
||||
- "--v=10"
|
||||
ports:
|
||||
- containerPort: 8443
|
||||
name: https
|
||||
- name: manager
|
||||
args:
|
||||
- "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false}"
|
||||
- "--metrics-addr=0"
|
||||
- "-v=4"
|
@ -0,0 +1,12 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: controller-manager
|
||||
namespace: system
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
# Change the value of image field below to your controller image URL
|
||||
- image: gcr.io/k8s-staging-cluster-api/capd-manager:master
|
||||
name: manager
|
@ -0,0 +1,19 @@
|
||||
# This patch enables Prometheus scraping for the manager pod.
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: controller-manager
|
||||
namespace: system
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/scrape: 'true'
|
||||
spec:
|
||||
containers:
|
||||
# Expose the prometheus metrics on default port
|
||||
- name: manager
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: metrics
|
||||
protocol: TCP
|
@ -0,0 +1,11 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: controller-manager
|
||||
namespace: system
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: manager
|
||||
imagePullPolicy: Always
|
13
manifests/function/capd/v0.3.11/rbac/auth_proxy_role.yaml
Normal file
13
manifests/function/capd/v0.3.11/rbac/auth_proxy_role.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: proxy-role
|
||||
rules:
|
||||
- apiGroups: ["authentication.k8s.io"]
|
||||
resources:
|
||||
- tokenreviews
|
||||
verbs: ["create"]
|
||||
- apiGroups: ["authorization.k8s.io"]
|
||||
resources:
|
||||
- subjectaccessreviews
|
||||
verbs: ["create"]
|
@ -0,0 +1,12 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: proxy-rolebinding
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: proxy-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
namespace: system
|
18
manifests/function/capd/v0.3.11/rbac/auth_proxy_service.yaml
Normal file
18
manifests/function/capd/v0.3.11/rbac/auth_proxy_service.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/port: "8443"
|
||||
prometheus.io/scheme: https
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
control-plane: controller-manager
|
||||
name: controller-manager-metrics-service
|
||||
namespace: system
|
||||
spec:
|
||||
ports:
|
||||
- name: https
|
||||
port: 8443
|
||||
targetPort: https
|
||||
selector:
|
||||
control-plane: controller-manager
|
13
manifests/function/capd/v0.3.11/rbac/kustomization.yaml
Normal file
13
manifests/function/capd/v0.3.11/rbac/kustomization.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- role.yaml
|
||||
- role_binding.yaml
|
||||
- leader_election_role.yaml
|
||||
- leader_election_role_binding.yaml
|
||||
# Comment the following 3 lines if you want to disable
|
||||
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
|
||||
# which protects your /metrics endpoint.
|
||||
- auth_proxy_service.yaml
|
||||
- auth_proxy_role.yaml
|
||||
- auth_proxy_role_binding.yaml
|
@ -0,0 +1,44 @@
|
||||
# permissions to do leader election.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: leader-election-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps/status
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- "coordination.k8s.io"
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
@ -0,0 +1,12 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: leader-election-rolebinding
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: leader-election-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
namespace: system
|
85
manifests/function/capd/v0.3.11/rbac/role.yaml
Normal file
85
manifests/function/capd/v0.3.11/rbac/role.yaml
Normal file
@ -0,0 +1,85 @@
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: manager-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- cluster.x-k8s.io
|
||||
resources:
|
||||
- clusters
|
||||
- machines
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- exp.cluster.x-k8s.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- exp.infrastructure.cluster.x-k8s.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- infrastructure.cluster.x-k8s.io
|
||||
resources:
|
||||
- dockerclusters
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- infrastructure.cluster.x-k8s.io
|
||||
resources:
|
||||
- dockerclusters/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- infrastructure.cluster.x-k8s.io
|
||||
resources:
|
||||
- dockermachines
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- infrastructure.cluster.x-k8s.io
|
||||
resources:
|
||||
- dockermachines/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
12
manifests/function/capd/v0.3.11/rbac/role_binding.yaml
Normal file
12
manifests/function/capd/v0.3.11/rbac/role_binding.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: manager-rolebinding
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: manager-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
namespace: system
|
45
manifests/function/capd/v0.3.11/webhook/kustomization.yaml
Normal file
45
manifests/function/capd/v0.3.11/webhook/kustomization.yaml
Normal file
@ -0,0 +1,45 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: capd-system
|
||||
|
||||
resources:
|
||||
- manifests.yaml
|
||||
- service.yaml
|
||||
- ../certmanager
|
||||
- ../manager
|
||||
|
||||
patchesStrategicMerge:
|
||||
- manager_webhook_patch.yaml
|
||||
- webhookcainjection_patch.yaml
|
||||
|
||||
configurations:
|
||||
- kustomizeconfig.yaml
|
||||
|
||||
vars:
|
||||
- name: SERVICE_NAMESPACE # namespace of the service
|
||||
objref:
|
||||
kind: Service
|
||||
version: v1
|
||||
name: webhook-service
|
||||
fieldref:
|
||||
fieldpath: metadata.namespace
|
||||
- name: SERVICE_NAME
|
||||
objref:
|
||||
kind: Service
|
||||
version: v1
|
||||
name: webhook-service
|
||||
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
|
||||
- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
|
||||
objref:
|
||||
kind: Certificate
|
||||
group: cert-manager.io
|
||||
version: v1alpha2
|
||||
name: serving-cert # this name should match the one in certificate.yaml
|
||||
fieldref:
|
||||
fieldpath: metadata.namespace
|
||||
- name: CERTIFICATE_NAME
|
||||
objref:
|
||||
kind: Certificate
|
||||
group: cert-manager.io
|
||||
version: v1alpha2
|
||||
name: serving-cert # this name should match the one in certificate.yaml
|
20
manifests/function/capd/v0.3.11/webhook/kustomizeconfig.yaml
Normal file
20
manifests/function/capd/v0.3.11/webhook/kustomizeconfig.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
# the following config is for teaching kustomize where to look at when substituting vars.
|
||||
# It requires kustomize v2.1.0 or newer to work properly.
|
||||
nameReference:
|
||||
- kind: Service
|
||||
version: v1
|
||||
fieldSpecs:
|
||||
- kind: ValidatingWebhookConfiguration
|
||||
group: admissionregistration.k8s.io
|
||||
path: webhooks/clientConfig/service/name
|
||||
|
||||
namespace:
|
||||
- kind: ValidatingWebhookConfiguration
|
||||
group: admissionregistration.k8s.io
|
||||
path: webhooks/clientConfig/service/namespace
|
||||
create: true
|
||||
|
||||
varReference:
|
||||
- path: metadata/annotations
|
||||
- kind: Deployment
|
||||
path: spec/template/spec/volumes/secret/secretName
|
@ -0,0 +1,24 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: controller-manager
|
||||
namespace: system
|
||||
spec:
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: manager
|
||||
ports:
|
||||
- containerPort: 9443
|
||||
name: webhook-server
|
||||
protocol: TCP
|
||||
volumeMounts:
|
||||
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
||||
name: cert
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: cert
|
||||
secret:
|
||||
defaultMode: 420
|
||||
secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize
|
||||
|
30
manifests/function/capd/v0.3.11/webhook/manifests.yaml
Normal file
30
manifests/function/capd/v0.3.11/webhook/manifests.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
|
||||
---
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: validating-webhook-configuration
|
||||
webhooks:
|
||||
- admissionReviewVersions:
|
||||
- v1beta1
|
||||
clientConfig:
|
||||
caBundle: Cg==
|
||||
service:
|
||||
name: webhook-service
|
||||
namespace: system
|
||||
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-dockermachinetemplate
|
||||
failurePolicy: Fail
|
||||
matchPolicy: Equivalent
|
||||
name: validation.dockermachinetemplate.infrastructure.cluster.x-k8s.io
|
||||
rules:
|
||||
- apiGroups:
|
||||
- infrastructure.cluster.x-k8s.io
|
||||
apiVersions:
|
||||
- v1alpha3
|
||||
operations:
|
||||
- CREATE
|
||||
- UPDATE
|
||||
resources:
|
||||
- dockermachinetemplates
|
||||
sideEffects: None
|
12
manifests/function/capd/v0.3.11/webhook/service.yaml
Normal file
12
manifests/function/capd/v0.3.11/webhook/service.yaml
Normal file
@ -0,0 +1,12 @@
|
||||
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: webhook-service
|
||||
namespace: system
|
||||
spec:
|
||||
ports:
|
||||
- port: 443
|
||||
targetPort: 9443
|
||||
selector:
|
||||
control-plane: controller-manager
|
@ -0,0 +1,8 @@
|
||||
# This patch add annotation to admission webhook config and
|
||||
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
|
||||
apiVersion: admissionregistration.k8s.io/v1
|
||||
kind: ValidatingWebhookConfiguration
|
||||
metadata:
|
||||
name: validating-webhook-configuration
|
||||
annotations:
|
||||
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
|
Loading…
Reference in New Issue
Block a user