diff options
author | Pawan Verma <pawanjbs5@gmail.com> | 2021-10-04 18:44:20 +0530 |
---|---|---|
committer | Pawan Verma <pawanjbs5@gmail.com> | 2021-10-16 00:55:05 +0530 |
commit | 0ab7ff90c3fec546275fd35ffc13cb787c03721e (patch) | |
tree | 983c14abdc5d840315c478f9555c9127e7219700 /tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/templates/danm-webhook.yaml | |
parent | 212d0f7165d26d97823852992ed261529e095b69 (diff) |
Add support for Calico, Cilium, Contiv-VPP and Danm in k8scluster deployment scripts.
This patch adds support for installing Calico, Cilium, Contiv-VPP and
Danm in Kubernetes cluster deployment ansible scripts.
Signed-off-by: Pawan Verma <pawanjbs5@gmail.com>
Change-Id: Ib76620fa0f63dd58e8496bbf31baf515f697bcde
Diffstat (limited to 'tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/templates/danm-webhook.yaml')
-rw-r--r-- | tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/templates/danm-webhook.yaml | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/templates/danm-webhook.yaml b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/templates/danm-webhook.yaml new file mode 100644 index 00000000..1e5d66ee --- /dev/null +++ b/tools/k8s/cluster-deployment/k8scluster/roles/clustermanager/templates/danm-webhook.yaml @@ -0,0 +1,128 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: danm-webhook + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: caas:danm-webhook +rules: +- apiGroups: + - danm.k8s.io + resources: + - tenantconfigs + - danmeps + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: caas:danm-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: caas:danm-webhook +subjects: +- kind: ServiceAccount + name: danm-webhook + namespace: kube-system +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: danm-webhook-config + namespace: kube-system +webhooks: + - name: danm-netvalidation.nokia.k8s.io + clientConfig: + service: + name: danm-webhook-svc + namespace: kube-system + path: "/netvalidation" + caBundle: {{ ca_bundle }} + rules: + # UPDATE IS TEMPORARILY REMOVED DUE TO:https://github.com/nokia/danm/issues/144 + - operations: ["CREATE"] + apiGroups: ["danm.k8s.io"] + apiVersions: ["v1"] + resources: ["danmnets","clusternetworks","tenantnetworks"] + failurePolicy: Fail + timeoutSeconds: 25 + - name: danm-configvalidation.nokia.k8s.io + clientConfig: + service: + name: danm-webhook-svc + namespace: kube-system + path: "/confvalidation" + caBundle: {{ ca_bundle }} + rules: + - operations: ["CREATE","UPDATE"] + apiGroups: ["danm.k8s.io"] + apiVersions: ["v1"] + resources: ["tenantconfigs"] + failurePolicy: Fail + timeoutSeconds: 25 + - name: danm-netdeletion.nokia.k8s.io + clientConfig: + service: + name: danm-webhook-svc + namespace: kube-system + path: "/netdeletion" + caBundle: {{ ca_bundle }} + rules: + - operations: ["DELETE"] + apiGroups: ["danm.k8s.io"] + apiVersions: ["v1"] + resources: ["danmnets","clusternetworks","tenantnetworks"] + failurePolicy: Fail + timeoutSeconds: 25 +--- +apiVersion: v1 +kind: Service +metadata: + name: danm-webhook-svc + namespace: kube-system + labels: + danm: webhook +spec: + ports: + - name: webhook + port: 443 + targetPort: 8443 + selector: + danm: webhook +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: danm-webhook-deployment + namespace: kube-system + labels: + danm: webhook +spec: + selector: + matchLabels: + danm: webhook + template: + metadata: + name: danm-webhook + labels: + danm: webhook + spec: + serviceAccountName: danm-webhook + containers: + - name: danm-webhook + image: webhook + command: [ "/usr/local/bin/webhook", "-tls-cert-bundle=/etc/webhook/certs/cert.pem", "-tls-private-key-file=/etc/webhook/certs/key.pem", "bind-port=8443" ] + imagePullPolicy: IfNotPresent + volumeMounts: + - name: webhook-certs + mountPath: /etc/webhook/certs + readOnly: true + # Configure the directory holding the Webhook's server certificates + volumes: + - name: webhook-certs + secret: + secretName: danm-webhook-certs
\ No newline at end of file |