DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Admission Webhook: Truncate name. (#10523)

Browse source
This commit is contained in:
Marco Ebert 2023-10-29 18:26:05 +01:00 committed by GitHub
parent f59738c753
commit 0120a2df48
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 58 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

4
charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml
View file

@ -42,10 +42,10 @@ spec:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
spec:
secretName: {{ include "ingress-nginx.fullname" . }}-admission
secretName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
issuerRef:
{{- if .Values.controller.admissionWebhooks.certManager.issuerRef }}

4
charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@ -28,7 +28,7 @@ rules:
{{- with .Values.controller.admissionWebhooks.existingPsp }}
- {{ . }}
{{- else }}
- {{ include "ingress-nginx.fullname" . }}-admission
- {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
{{- end }}
{{- end }}
{{- end }}

6
charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
@ -15,9 +15,9 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
{{- end }}

8
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
View file

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-create
name: {{ include "ingress-nginx.admissionWebhooks.createSecretJob.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
@ -23,7 +23,7 @@ spec:
{{- end }}
template:
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-create
name: {{ include "ingress-nginx.admissionWebhooks.createSecretJob.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
{{- end }}
@ -50,7 +50,7 @@ spec:
- create
- --host={{ include "ingress-nginx.controller.fullname" . }}-admission,{{ include "ingress-nginx.controller.fullname" . }}-admission.$(POD_NAMESPACE).svc
- --namespace=$(POD_NAMESPACE)
- --secret-name={{ include "ingress-nginx.fullname" . }}-admission
- --secret-name={{ include "ingress-nginx.admissionWebhooks.fullname" . }}
env:
- name: POD_NAMESPACE
valueFrom:
@ -66,7 +66,7 @@ spec:
resources: {{ toYaml .Values.controller.admissionWebhooks.createSecretJob.resources | nindent 12 }}
{{- end }}
restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }}

10
charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
View file

@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-patch
name: {{ include "ingress-nginx.admissionWebhooks.patchWebhookJob.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
annotations:
"helm.sh/hook": post-install,post-upgrade
@ -23,7 +23,7 @@ spec:
{{- end }}
template:
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission-patch
name: {{ include "ingress-nginx.admissionWebhooks.patchWebhookJob.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.podAnnotations }}
annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }}
{{- end }}
@ -48,10 +48,10 @@ spec:
imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }}
args:
- patch
- --webhook-name={{ include "ingress-nginx.fullname" . }}-admission
- --webhook-name={{ include "ingress-nginx.admissionWebhooks.fullname" . }}
- --namespace=$(POD_NAMESPACE)
- --patch-mutating=false
- --secret-name={{ include "ingress-nginx.fullname" . }}-admission
- --secret-name={{ include "ingress-nginx.admissionWebhooks.fullname" . }}
- --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }}
env:
- name: POD_NAMESPACE
@ -68,7 +68,7 @@ spec:
resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }}
{{- end }}
restartPolicy: OnFailure
serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission
serviceAccountName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
{{- if .Values.controller.admissionWebhooks.patch.nodeSelector }}
nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }}
{{- end }}

2
charts/ingress-nginx/templates/admission-webhooks/job-patch/networkpolicy.yaml
View file

@ -2,7 +2,7 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade

2
charts/ingress-nginx/templates/admission-webhooks/job-patch/psp.yaml
View file

@ -3,7 +3,7 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded

2
charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade

6
charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
View file

@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
@ -16,9 +16,9 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ (include "ingress-nginx.namespace" .) | quote }}
{{- end }}

2
charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
View file

@ -2,7 +2,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
namespace: {{ include "ingress-nginx.namespace" . }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade

6
charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
View file

@ -6,8 +6,8 @@ kind: ValidatingWebhookConfiguration
metadata:
annotations:
{{- if .Values.controller.admissionWebhooks.certManager.enabled }}
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }}
cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }}
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.admissionWebhooks.fullname" .) | quote }}
cert-manager.io/inject-ca-from: {{ printf "%s/%s" .Release.Namespace (include "ingress-nginx.admissionWebhooks.fullname" .) | quote }}
{{- end }}
{{- if .Values.controller.admissionWebhooks.annotations }}
{{- toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
@ -18,7 +18,7 @@ metadata:
{{- with .Values.controller.admissionWebhooks.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
name: {{ include "ingress-nginx.fullname" . }}-admission
name: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
webhooks:
- name: validate.nginx.ingress.kubernetes.io
matchPolicy: Equivalent