chart/operator/templates/webhook.yaml (400 lines of code) (raw):
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.webhook.enabled }}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "operator.fullname" . | trunc (int (sub 63 (len "-serving-cert"))) | printf "%s-serving-cert" }}
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-mutating-webhook-configuration"))) | printf "%s-mutating-webhook-configuration" }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-pod
failurePolicy: Fail
name: mpod.kb.io
namespaceSelector:
matchLabels:
swck-injection: enabled
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-operator-skywalking-apache-org-v1alpha1-fetcher
failurePolicy: Fail
name: mfetcher.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- fetchers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-operator-skywalking-apache-org-v1alpha1-javaagent
failurePolicy: Fail
name: mjavaagent.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- javaagents
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-operator-skywalking-apache-org-v1alpha1-oapserver
failurePolicy: Fail
name: moapserver.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- oapservers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-operator-skywalking-apache-org-v1alpha1-oapserverconfig
failurePolicy: Fail
name: moapserverconfig.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- oapserverconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-operator-skywalking-apache-org-v1alpha1-oapserverdynamicconfig
failurePolicy: Fail
name: moapserverdynamicconfig.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- oapserverdynamicconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-operator-skywalking-apache-org-v1alpha1-satellite
failurePolicy: Fail
name: msatellite.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- satellites
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-operator-skywalking-apache-org-v1alpha1-storage
failurePolicy: Fail
name: mstorage.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- storages
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-operator-skywalking-apache-org-v1alpha1-swagent
failurePolicy: Fail
name: mswagent.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- swagents
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /mutate-operator-skywalking-apache-org-v1alpha1-ui
failurePolicy: Fail
name: mui.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- uis
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "operator.fullname" . | trunc (int (sub 63 (len "-serving-cert"))) | printf "%s-serving-cert" }}
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-validating-webhook-configuration"))) | printf "%s-validating-webhook-configuration" }}
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /validate-operator-skywalking-apache-org-v1alpha1-fetcher
failurePolicy: Fail
name: vfetcher.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- fetchers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /validate-operator-skywalking-apache-org-v1alpha1-javaagent
failurePolicy: Fail
name: vjavaagent.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- javaagents
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /validate-operator-skywalking-apache-org-v1alpha1-oapserver
failurePolicy: Fail
name: voapserver.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- oapservers
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /validate-operator-skywalking-apache-org-v1alpha1-oapserverconfig
failurePolicy: Fail
name: voapserverconfig.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- oapserverconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /validate-operator-skywalking-apache-org-v1alpha1-oapserverdynamicconfig
failurePolicy: Fail
name: voapserverdynamicconfig.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- oapserverdynamicconfigs
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /validate-operator-skywalking-apache-org-v1alpha1-satellite
failurePolicy: Fail
name: vsatellite.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- satellites
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /validate-operator-skywalking-apache-org-v1alpha1-storage
failurePolicy: Fail
name: vstorage.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- storages
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /validate-operator-skywalking-apache-org-v1alpha1-swagent
failurePolicy: Fail
name: vswagent.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- swagents
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ include "operator.fullname" . | trunc (int (sub 63 (len "-webhook-service"))) | printf "%s-webhook-service" }}
namespace: {{ .Release.Namespace }}
path: /validate-operator-skywalking-apache-org-v1alpha1-ui
failurePolicy: Fail
name: vui.kb.io
rules:
- apiGroups:
- operator.skywalking.apache.org
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- uis
sideEffects: None
{{- end }}