airship/airshipctl
Code Issues Proposed changes

Add CAPI Metal3 prodvider

Browse Source 
Version 0.3.1 has been used as a basis for this function

Closes: #161
Change-Id: I7c15fdff0a0cb2ba90295d0a403f737ee4398deb
This commit is contained in:
Dmitry Ukov 2020-04-10 13:03:45 +04:00
parent 992efae971
commit 5cf6528dee
40 changed files with 1737 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
manifests/function/capm3/v0.3.1/certmanager/certificate.yaml Normal file
View File

@ -0,0 +1,24 @@
# The following manifests contain a self-signed issuer CR and a certificate CR.
# More document can be found at https://docs.cert-manager.io
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: selfsigned-issuer
namespace: system
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml
namespace: system
spec:
# $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
dnsNames:
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
- $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed, since it's not managed by kustomize

7
manifests/function/capm3/v0.3.1/certmanager/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- certificate.yaml
configurations:
- kustomizeconfig.yaml

19
manifests/function/capm3/v0.3.1/certmanager/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,19 @@
# This configuration is for teaching kustomize how to update name ref and var substitution
nameReference:
- kind: Issuer
group: cert-manager.io
fieldSpecs:
- kind: Certificate
group: cert-manager.io
path: spec/issuerRef/name
varReference:
- kind: Certificate
group: cert-manager.io
path: spec/commonName
- kind: Certificate
group: cert-manager.io
path: spec/dnsNames
- kind: Certificate
group: cert-manager.io
path: spec/secretName

225
manifests/function/capm3/v0.3.1/crd/bases/infrastructure.cluster.x-k8s.io_metal3clusters.yaml Normal file
View File

@ -0,0 +1,225 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.8
creationTimestamp: null
name: metal3clusters.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: Metal3Cluster
listKind: Metal3ClusterList
plural: metal3clusters
shortNames:
- m3c
- m3cluster
singular: metal3cluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: metal3Cluster is Ready
jsonPath: .status.ready
name: Ready
type: string
- description: Most recent error
jsonPath: .status.errorReason
name: Error
type: string
- description: API endpoints
jsonPath: .status.apiEndpoints
name: APIEndpoints
type: string
name: v1alpha2
schema:
openAPIV3Schema:
description: Metal3Cluster is the Schema for the metal3clusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Metal3ClusterSpec defines the desired state of Metal3Cluster.
properties:
apiEndpoint:
type: string
noCloudProvider:
type: boolean
required:
- apiEndpoint
type: object
status:
description: Metal3ClusterStatus defines the observed state of Metal3Cluster.
properties:
apiEndpoints:
description: APIEndpoints represents the endpoints to communicate
with the control plane.
items:
description: APIEndpoint represents a reachable Kubernetes API endpoint.
properties:
host:
description: Host is the hostname on which the API server is
serving.
type: string
port:
description: Port is the port on which the API server is serving.
type: integer
required:
- host
- port
type: object
type: array
errorMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the metal3machine and will contain
a more verbose string suitable for logging and human consumption.
\n This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the metal3machine's spec or the configuration of the
controller, and that manual intervention is required. Examples of
terminal errors would be invalid combinations of settings in the
spec, values that are unsupported by the controller, or the responsible
controller itself being critically misconfigured. \n Any transient
errors that occur during the reconciliation of Machines can be added
as events to the metal3machine object and/or logged in the controller's
output."
type: string
errorReason:
description: "ErrorReason will be set in the event that there is a
terminal problem reconciling the metal3machine and will contain
a succinct value suitable for machine interpretation. \n This field
should not be set for transitive errors that a controller faces
that are expected to be fixed automatically over time (like service
outages), but instead indicate that something is fundamentally wrong
with the metal3machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of Machines can be added as events
to the metal3machine object and/or logged in the controller's output."
type: string
lastUpdated:
description: LastUpdated identifies when this status was last observed.
format: date-time
type: string
ready:
description: Ready denotes that the Metal3 cluster (infrastructure)
is ready. In Baremetal case, it does not mean anything for now as
no infrastructure steps need to be performed. Required by Cluster
API. Set to True by the metal3Cluster controller after creation.
type: boolean
required:
- ready
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- description: metal3Cluster is Ready
jsonPath: .status.ready
name: Ready
type: string
- description: Most recent error
jsonPath: .status.failureReason
name: Error
type: string
- description: Cluster to which this BMCluster belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- description: Control plane endpoint
jsonPath: .spec.controlPlaneEndpoint
name: Endpoint
type: string
name: v1alpha3
schema:
openAPIV3Schema:
description: Metal3Cluster is the Schema for the metal3clusters API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Metal3ClusterSpec defines the desired state of Metal3Cluster.
properties:
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: Host is the hostname on which the API server is serving.
type: string
port:
description: Port is the port on which the API server is serving.
type: integer
required:
- host
- port
type: object
noCloudProvider:
type: boolean
required:
- controlPlaneEndpoint
type: object
status:
description: Metal3ClusterStatus defines the observed state of Metal3Cluster.
properties:
failureMessage:
description: FailureMessage indicates that there is a fatal problem
reconciling the state, and will be set to a descriptive error message.
type: string
failureReason:
description: FailureReason indicates that there is a fatal problem
reconciling the state, and will be set to a token value suitable
for programmatic interpretation.
type: string
lastUpdated:
description: LastUpdated identifies when this status was last observed.
format: date-time
type: string
ready:
description: Ready denotes that the Metal3 cluster (infrastructure)
is ready. In Baremetal case, it does not mean anything for now as
no infrastructure steps need to be performed. Required by Cluster
API. Set to True by the metal3Cluster controller after creation.
type: boolean
required:
- ready
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

388
manifests/function/capm3/v0.3.1/crd/bases/infrastructure.cluster.x-k8s.io_metal3machines.yaml Normal file
View File

@ -0,0 +1,388 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.8
creationTimestamp: null
name: metal3machines.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: Metal3Machine
listKind: Metal3MachineList
plural: metal3machines
shortNames:
- m3m
- m3machine
singular: metal3machine
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Provider ID
jsonPath: .spec.providerID
name: ProviderID
type: string
- description: Machines current phase
jsonPath: .status.phase
name: Phase
type: string
- description: metal3machine is Ready
jsonPath: .status.ready
name: Ready
type: string
- description: Most recent error
jsonPath: .status.errorReason
name: Error
type: string
name: v1alpha2
schema:
openAPIV3Schema:
description: Metal3Machine is the Schema for the metal3machines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Metal3MachineSpec defines the desired state of Metal3Machine
properties:
hostSelector:
description: HostSelector specifies matching criteria for labels on
BareMetalHosts. This is used to limit the set of BareMetalHost objects
considered for claiming for a metal3machine.
properties:
matchExpressions:
description: Label match expressions that must be true on a chosen
BareMetalHost
items:
description: HostSelectorRequirement struct
properties:
key:
type: string
operator:
description: Operator represents a key/field's relationship
to value(s). See labels.Requirement and fields.Requirement
for more details.
type: string
values:
items:
type: string
type: array
required:
- key
- operator
- values
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: Key/value pairs of labels that must exist on a chosen
BareMetalHost
type: object
type: object
image:
description: Image is the image to be provisioned.
properties:
checksum:
description: Checksum is a md5sum value or a URL to retrieve one.
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
type: object
providerID:
description: ProviderID will be the Metal3 machine in ProviderID format
(baremetal:////<machinename>)
type: string
userData:
description: UserData references the Secret that holds user data needed
by the bare metal operator. The Namespace is optional; it will default
to the metal3machine's namespace if not specified.
properties:
name:
description: Name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
required:
- image
type: object
status:
description: Metal3MachineStatus defines the observed state of Metal3Machine
properties:
addresses:
description: Addresses is a list of addresses assigned to the machine.
This field is copied from the infrastructure provider reference.
items:
description: MachineAddress contains information for the node's
address.
properties:
address:
description: The machine address.
type: string
type:
description: Machine address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
errorMessage:
description: "ErrorMessage will be set in the event that there is
a terminal problem reconciling the metal3machine and will contain
a more verbose string suitable for logging and human consumption.
\n This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the metal3machine's spec or the configuration of the
controller, and that manual intervention is required. Examples of
terminal errors would be invalid combinations of settings in the
spec, values that are unsupported by the controller, or the responsible
controller itself being critically misconfigured. \n Any transient
errors that occur during the reconciliation of metal3machines can
be added as events to the metal3machine object and/or logged in
the controller's output."
type: string
errorReason:
description: "ErrorReason will be set in the event that there is a
terminal problem reconciling the metal3machine and will contain
a succinct value suitable for machine interpretation. \n This field
should not be set for transitive errors that a controller faces
that are expected to be fixed automatically over time (like service
outages), but instead indicate that something is fundamentally wrong
with the metal3machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of metal3machines can be added as
events to the metal3machine object and/or logged in the controller's
output."
type: string
lastUpdated:
description: LastUpdated identifies when this status was last observed.
format: date-time
type: string
phase:
description: Phase represents the current phase of machine actuation.
E.g. Pending, Running, Terminating, Failed etc.
type: string
ready:
description: 'Ready is the state of the metal3. TODO : Document the
variable : mhrivnak: " it would be good to document what this means,
how to interpret it, under what circumstances the value changes,
etc."'
type: boolean
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- description: Provider ID
jsonPath: .spec.providerID
name: ProviderID
type: string
- description: metal3machine is Ready
jsonPath: .status.ready
name: Ready
type: string
- description: Cluster to which this BMMachine belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- description: metal3machine current phase
jsonPath: .status.phase
name: Phase
type: string
name: v1alpha3
schema:
openAPIV3Schema:
description: Metal3Machine is the Schema for the metal3machines API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Metal3MachineSpec defines the desired state of Metal3Machine
properties:
hostSelector:
description: HostSelector specifies matching criteria for labels on
BareMetalHosts. This is used to limit the set of BareMetalHost objects
considered for claiming for a metal3machine.
properties:
matchExpressions:
description: Label match expressions that must be true on a chosen
BareMetalHost
items:
properties:
key:
type: string
operator:
description: Operator represents a key/field's relationship
to value(s). See labels.Requirement and fields.Requirement
for more details.
type: string
values:
items:
type: string
type: array
required:
- key
- operator
- values
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: Key/value pairs of labels that must exist on a chosen
BareMetalHost
type: object
type: object
image:
description: Image is the image to be provisioned.
properties:
checksum:
description: Checksum is a md5sum value or a URL to retrieve one.
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
type: object
providerID:
description: ProviderID will be the Metal3 machine in ProviderID format
(baremetal:////<machinename>)
type: string
userData:
description: UserData references the Secret that holds user data needed
by the bare metal operator. The Namespace is optional; it will default
to the metal3machine's namespace if not specified.
properties:
name:
description: Name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: Namespace defines the space within which the secret
name must be unique.
type: string
type: object
required:
- image
type: object
status:
description: Metal3MachineStatus defines the observed state of Metal3Machine
properties:
addresses:
description: Addresses is a list of addresses assigned to the machine.
This field is copied from the infrastructure provider reference.
items:
description: MachineAddress contains information for the node's
address.
properties:
address:
description: The machine address.
type: string
type:
description: Machine address type, one of Hostname, ExternalIP
or InternalIP.
type: string
required:
- address
- type
type: object
type: array
failureMessage:
description: "FailureMessage will be set in the event that there is
a terminal problem reconciling the metal3machine and will contain
a more verbose string suitable for logging and human consumption.
\n This field should not be set for transitive errors that a controller
faces that are expected to be fixed automatically over time (like
service outages), but instead indicate that something is fundamentally
wrong with the metal3machine's spec or the configuration of the
controller, and that manual intervention is required. Examples of
terminal errors would be invalid combinations of settings in the
spec, values that are unsupported by the controller, or the responsible
controller itself being critically misconfigured. \n Any transient
errors that occur during the reconciliation of metal3machines can
be added as events to the metal3machine object and/or logged in
the controller's output."
type: string
failureReason:
description: "FailureReason will be set in the event that there is
a terminal problem reconciling the metal3machine and will contain
a succinct value suitable for machine interpretation. \n This field
should not be set for transitive errors that a controller faces
that are expected to be fixed automatically over time (like service
outages), but instead indicate that something is fundamentally wrong
with the metal3machine's spec or the configuration of the controller,
and that manual intervention is required. Examples of terminal errors
would be invalid combinations of settings in the spec, values that
are unsupported by the controller, or the responsible controller
itself being critically misconfigured. \n Any transient errors that
occur during the reconciliation of metal3machines can be added as
events to the metal3machine object and/or logged in the controller's
output."
type: string
lastUpdated:
description: LastUpdated identifies when this status was last observed.
format: date-time
type: string
phase:
description: Phase represents the current phase of machine actuation.
E.g. Pending, Running, Terminating, Failed etc.
type: string
ready:
description: 'Ready is the state of the metal3. TODO : Document the
variable : mhrivnak: " it would be good to document what this means,
how to interpret it, under what circumstances the value changes,
etc."'
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

243
manifests/function/capm3/v0.3.1/crd/bases/infrastructure.cluster.x-k8s.io_metal3machinetemplates.yaml Normal file
View File

@ -0,0 +1,243 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.2.8
creationTimestamp: null
name: metal3machinetemplates.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
categories:
- cluster-api
kind: Metal3MachineTemplate
listKind: Metal3MachineTemplateList
plural: metal3machinetemplates
singular: metal3machinetemplate
scope: Namespaced
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: Metal3MachineTemplate is the Schema for the metal3machinetemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Metal3MachineTemplateSpec defines the desired state of Metal3MachineTemplate
properties:
template:
description: Metal3MachineTemplateResource describes the data needed
to create a Metal3Machine from a template
properties:
spec:
description: Spec is the specification of the desired behavior
of the machine.
properties:
hostSelector:
description: HostSelector specifies matching criteria for
labels on BareMetalHosts. This is used to limit the set
of BareMetalHost objects considered for claiming for a metal3machine.
properties:
matchExpressions:
description: Label match expressions that must be true
on a chosen BareMetalHost
items:
description: HostSelectorRequirement struct
properties:
key:
type: string
operator:
description: Operator represents a key/field's relationship
to value(s). See labels.Requirement and fields.Requirement
for more details.
type: string
values:
items:
type: string
type: array
required:
- key
- operator
- values
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: Key/value pairs of labels that must exist
on a chosen BareMetalHost
type: object
type: object
image:
description: Image is the image to be provisioned.
properties:
checksum:
description: Checksum is a md5sum value or a URL to retrieve
one.
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
type: object
providerID:
description: ProviderID will be the Metal3 machine in ProviderID
format (baremetal:////<machinename>)
type: string
userData:
description: UserData references the Secret that holds user
data needed by the bare metal operator. The Namespace is
optional; it will default to the metal3machine's namespace
if not specified.
properties:
name:
description: Name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: Namespace defines the space within which
the secret name must be unique.
type: string
type: object
required:
- image
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: false
- name: v1alpha3
schema:
openAPIV3Schema:
description: Metal3MachineTemplate is the Schema for the metal3machinetemplates
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Metal3MachineTemplateSpec defines the desired state of Metal3MachineTemplate
properties:
template:
description: Metal3MachineTemplateResource describes the data needed
to create a Metal3Machine from a template
properties:
spec:
description: Spec is the specification of the desired behavior
of the machine.
properties:
hostSelector:
description: HostSelector specifies matching criteria for
labels on BareMetalHosts. This is used to limit the set
of BareMetalHost objects considered for claiming for a metal3machine.
properties:
matchExpressions:
description: Label match expressions that must be true
on a chosen BareMetalHost
items:
properties:
key:
type: string
operator:
description: Operator represents a key/field's relationship
to value(s). See labels.Requirement and fields.Requirement
for more details.
type: string
values:
items:
type: string
type: array
required:
- key
- operator
- values
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: Key/value pairs of labels that must exist
on a chosen BareMetalHost
type: object
type: object
image:
description: Image is the image to be provisioned.
properties:
checksum:
description: Checksum is a md5sum value or a URL to retrieve
one.
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- checksum
- url
type: object
providerID:
description: ProviderID will be the Metal3 machine in ProviderID
format (baremetal:////<machinename>)
type: string
userData:
description: UserData references the Secret that holds user
data needed by the bare metal operator. The Namespace is
optional; it will default to the metal3machine's namespace
if not specified.
properties:
name:
description: Name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: Namespace defines the space within which
the secret name must be unique.
type: string
type: object
required:
- image
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

34
manifests/function/capm3/v0.3.1/crd/kustomization.yaml Normal file
View File

@ -0,0 +1,34 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
commonLabels:
cluster.x-k8s.io/v1alpha2: v1alpha2
cluster.x-k8s.io/v1alpha3: v1alpha3
resources:
- bases/infrastructure.cluster.x-k8s.io_metal3clusters.yaml
- bases/infrastructure.cluster.x-k8s.io_metal3machines.yaml
- bases/infrastructure.cluster.x-k8s.io_metal3machinetemplates.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
- patches/webhook_in_metal3machines.yaml
- patches/webhook_in_metal3clusters.yaml
- patches/webhook_in_metal3machinetemplates.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
- patches/cainjection_in_metal3machines.yaml
- patches/cainjection_in_metal3clusters.yaml
- patches/cainjection_in_metal3machinetemplates.yaml
# +kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
- kustomizeconfig.yaml

17
manifests/function/capm3/v0.3.1/crd/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,17 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/name
namespace:
- kind: CustomResourceDefinition
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/namespace
create: false
varReference:
- path: metadata/annotations

8
manifests/function/capm3/v0.3.1/crd/patches/cainjection_in_metal3clusters.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: metal3clusters.infrastructure.cluster.x-k8s.io

8
manifests/function/capm3/v0.3.1/crd/patches/cainjection_in_metal3machines.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: metal3machines.infrastructure.cluster.x-k8s.io

8
manifests/function/capm3/v0.3.1/crd/patches/cainjection_in_metal3machinetemplates.yaml Normal file
View File

@ -0,0 +1,8 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
name: metal3machinetemplates.infrastructure.cluster.x-k8s.io

19
manifests/function/capm3/v0.3.1/crd/patches/webhook_in_metal3clusters.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: metal3clusters.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capm3/v0.3.1/crd/patches/webhook_in_metal3machines.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: metal3machines.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

19
manifests/function/capm3/v0.3.1/crd/patches/webhook_in_metal3machinetemplates.yaml Normal file
View File

@ -0,0 +1,19 @@
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: metal3machinetemplates.infrastructure.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: ["v1", "v1beta1"]
clientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert

12
manifests/function/capm3/v0.3.1/default/kustomization.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
# Adds namespace to all resources.
namespace: capm3-system
resources:
- namespace.yaml
bases:
- ../rbac
- ../manager

4
manifests/function/capm3/v0.3.1/default/namespace.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: system

29
manifests/function/capm3/v0.3.1/kustomization.yaml Normal file
View File

@ -0,0 +1,29 @@
namePrefix: capm3-
commonLabels:
cluster.x-k8s.io/provider: "infrastructure-metal3"
bases:
- crd
- webhook # Disable this if you're not using the webhook functionality.
- default
patchesJson6902:
- target: # NOTE: This patch needs to be repeatd for EACH CustomResourceDefinition you have under crd/bases.
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: metal3clusters.infrastructure.cluster.x-k8s.io
path: patch_crd_webhook_namespace.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: metal3machines.infrastructure.cluster.x-k8s.io
path: patch_crd_webhook_namespace.yaml
- target:
group: apiextensions.k8s.io
version: v1
kind: CustomResourceDefinition
name: metal3machinetemplates.infrastructure.cluster.x-k8s.io
path: patch_crd_webhook_namespace.yaml

13
manifests/function/capm3/v0.3.1/manager/kustomization.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- manager.yaml
generatorOptions:
disableNameSuffixHash: true
patchesStrategicMerge:
- manager_image_patch.yaml
- manager_pull_policy.yaml
- manager_auth_proxy_patch.yaml

80
manifests/function/capm3/v0.3.1/manager/manager.yaml Normal file
View File

@ -0,0 +1,80 @@
apiVersion: v1
kind: Service
metadata:
name: controller-manager-service
namespace: system
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
selector:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
ports:
- port: 443
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
selector:
matchLabels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
template:
metadata:
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
containers:
- command:
- /manager
image: controller:latest
imagePullPolicy: IfNotPresent
name: manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
ports:
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
livenessProbe:
httpGet:
path: /healthz
port: healthz
volumeMounts:
- mountPath: /tmp/cert
name: cert
readOnly: true
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-secret
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-server-secret
namespace: system

25
manifests/function/capm3/v0.3.1/manager/manager_auth_proxy_patch.yaml Normal file
View File

@ -0,0 +1,25 @@
# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"
- "--enable-leader-election"

12
manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: quay.io/metal3-io/cluster-api-provider-metal3:v0.3.1
name: manager

12
manifests/function/capm3/v0.3.1/manager/manager_image_patch.yaml-e Normal file
View File

@ -0,0 +1,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: quay.io/metal3-io/cluster-api-provider-metal3:
name: manager

19
manifests/function/capm3/v0.3.1/manager/manager_prometheus_metrics_patch.yaml Normal file
View File

@ -0,0 +1,19 @@
# This patch enables Prometheus scraping for the manager pod.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
metadata:
annotations:
prometheus.io/scrape: 'true'
spec:
containers:
# Expose the prometheus metrics on default port
- name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP

11
manifests/function/capm3/v0.3.1/manager/manager_pull_policy.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
imagePullPolicy: IfNotPresent

11
manifests/function/capm3/v0.3.1/manager/manager_pull_policy.yaml-e Normal file
View File

@ -0,0 +1,11 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
imagePullPolicy: IfNotPresent

3
manifests/function/capm3/v0.3.1/patch_crd_webhook_namespace.yaml Normal file
View File

@ -0,0 +1,3 @@
- op: replace
path: "/spec/conversion/webhook/clientConfig/service/namespace"
value: capi-webhook-system

13
manifests/function/capm3/v0.3.1/rbac/auth_proxy_role.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]

12
manifests/function/capm3/v0.3.1/rbac/auth_proxy_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

18
manifests/function/capm3/v0.3.1/rbac/auth_proxy_service.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8443"
prometheus.io/scheme: https
prometheus.io/scrape: "true"
labels:
control-plane: controller-manager
name: controller-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager

10
manifests/function/capm3/v0.3.1/rbac/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- role.yaml
- role_binding.yaml
- auth_proxy_service.yaml
- auth_proxy_role.yaml
- auth_proxy_role_binding.yaml
- leader_election_role_binding.yaml
- leader_election_role.yaml

32
manifests/function/capm3/v0.3.1/rbac/leader_election_role.yaml Normal file
View File

@ -0,0 +1,32 @@
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create

12
manifests/function/capm3/v0.3.1/rbac/leader_election_role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

109
manifests/function/capm3/v0.3.1/rbac/role.yaml Normal file
View File

@ -0,0 +1,109 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- get
- list
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- metal3clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- metal3clusters/status
verbs:
- get
- patch
- update
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- metal3machines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- infrastructure.cluster.x-k8s.io
resources:
- metal3machines/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- baremetalhosts/status
verbs:
- get
- patch
- update

12
manifests/function/capm3/v0.3.1/rbac/role_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

42
manifests/function/capm3/v0.3.1/webhook/kustomization.yaml Normal file
View File

@ -0,0 +1,42 @@
namespace: capi-webhook-system
resources:
- manifests.yaml
- service.yaml
- ../certmanager
- ../manager
configurations:
- kustomizeconfig.yaml
patchesStrategicMerge:
- manager_webhook_patch.yaml
- webhookcainjection_patch.yaml # Disable this value if you don't have any defaulting or validation webhook. If you don't know, you can check if the manifests.yaml file in the same directory has any contents.
vars:
- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
objref:
kind: Certificate
group: cert-manager.io
version: v1alpha2
name: serving-cert # this name should match the one in certificate.yaml
fieldref:
fieldpath: metadata.namespace
- name: CERTIFICATE_NAME
objref:
kind: Certificate
group: cert-manager.io
version: v1alpha2
name: serving-cert # this name should match the one in certificate.yaml
- name: SERVICE_NAMESPACE # namespace of the service
objref:
kind: Service
version: v1
name: webhook-service
fieldref:
fieldpath: metadata.namespace
- name: SERVICE_NAME
objref:
kind: Service
version: v1
name: webhook-service

27
manifests/function/capm3/v0.3.1/webhook/kustomizeconfig.yaml Normal file
View File

@ -0,0 +1,27 @@
# the following config is for teaching kustomize where to look at when substituting vars.
# It requires kustomize v2.1.0 or newer to work properly.
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/name
namespace:
- kind: MutatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
- kind: ValidatingWebhookConfiguration
group: admissionregistration.k8s.io
path: webhooks/clientConfig/service/namespace
create: true
varReference:
- path: metadata/annotations
- kind: Deployment
path: spec/template/spec/volumes/secret/secretName

26
manifests/function/capm3/v0.3.1/webhook/manager_webhook_patch.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"
- "--webhook-port=9443"
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: $(SERVICE_NAME)-cert

130
manifests/function/capm3/v0.3.1/webhook/manifests.yaml Normal file
View File

@ -0,0 +1,130 @@
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: null
name: mutating-webhook-configuration
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-metal3cluster
failurePolicy: Fail
matchPolicy: Equivalent
name: default.metal3cluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- metal3clusters
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-metal3machinetemplate
failurePolicy: Fail
matchPolicy: Equivalent
name: default.metal3machinetemplate.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- metal3machinetemplates
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha3-metal3machine
failurePolicy: Fail
matchPolicy: Equivalent
name: default.metal3machine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- metal3machines
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: validating-webhook-configuration
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-metal3cluster
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.metal3cluster.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- metal3clusters
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-metal3machinetemplate
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.metal3machinetemplate.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- metal3machinetemplates
- clientConfig:
caBundle: Cg==
service:
name: webhook-service
namespace: system
path: /validate-infrastructure-cluster-x-k8s-io-v1alpha3-metal3machine
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.metal3machine.infrastructure.cluster.x-k8s.io
rules:
- apiGroups:
- infrastructure.cluster.x-k8s.io
apiVersions:
- v1alpha3
operations:
- CREATE
- UPDATE
resources:
- metal3machines

10
manifests/function/capm3/v0.3.1/webhook/service.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: webhook-server

15
manifests/function/capm3/v0.3.1/webhook/webhookcainjection_patch.yaml Normal file
View File

@ -0,0 +1,15 @@
# This patch add annotation to admission webhook config and
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)