github/capsule
1
0
Fork 0
mirror of https://github.com/projectcapsule/capsule.git synced 2026-02-14 18:09:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(kustomize): add defaults handler

Browse Source 
Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
This commit is contained in:
Oliver Bähler
2023-01-05 17:25:14 +01:00
committed by Dario Tranchitella
parent ab0fe91c58
commit a1b624f239
6 changed files with 190 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
config/crd/bases/capsule.clastix.io_tenants.yaml
View File

@@ -2048,7 +2048,8 @@ spec:
description: Specifies the allowed IngressClasses assigned to
the Tenant. Capsule assures that all Ingress resources created
in the Tenant can use only one of the allowed IngressClasses.
Optional.
A default value can be specified, and all the Ingress resources
created will inherit the declared class. Optional.
properties:
allowed:
items:
@@ -2056,6 +2057,8 @@ spec:
type: array
allowedRegex:
type: string
default:
type: string
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
@@ -2868,7 +2871,9 @@ spec:
priorityClasses:
description: Specifies the allowed priorityClasses assigned to the
Tenant. Capsule assures that all Pods resources created in the Tenant
can use only one of the allowed PriorityClasses. Optional.
can use only one of the allowed PriorityClasses. A default value
can be specified, and all the Pod resources created will inherit
the declared class. Optional.
properties:
allowed:
items:
@@ -2876,6 +2881,8 @@ spec:
type: array
allowedRegex:
type: string
default:
type: string
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
@@ -3110,7 +3117,8 @@ spec:
description: Specifies the allowed StorageClasses assigned to the
Tenant. Capsule assures that all PersistentVolumeClaim resources
created in the Tenant can use only one of the allowed StorageClasses.
Optional.
A default value can be specified, and all the PersistentVolumeClaim
resources created will inherit the declared class. Optional.
properties:
allowed:
items:
@@ -3118,6 +3126,8 @@ spec:
type: array
allowedRegex:
type: string
default:
type: string
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.

86
config/install.yaml
View File

@@ -1940,7 +1940,7 @@ spec:
description: Toggles the ability for Ingress resources created in a Tenant to have a hostname wildcard.
type: boolean
allowedClasses:
description: Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. Optional.
description: Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. A default value can be specified, and all the Ingress resources created will inherit the declared class. Optional.
properties:
allowed:
items:
@@ -1948,6 +1948,8 @@ spec:
type: array
allowedRegex:
type: string
default:
type: string
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
@@ -2442,7 +2444,7 @@ spec:
description: Prevent accidental deletion of the Tenant. When enabled, the deletion request will be declined.
type: boolean
priorityClasses:
description: Specifies the allowed priorityClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses. Optional.
description: Specifies the allowed priorityClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses. A default value can be specified, and all the Pod resources created will inherit the declared class. Optional.
properties:
allowed:
items:
@@ -2450,6 +2452,8 @@ spec:
type: array
allowedRegex:
type: string
default:
type: string
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
@@ -2617,7 +2621,7 @@ spec:
type: object
type: object
storageClasses:
description: Specifies the allowed StorageClasses assigned to the Tenant. Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses. Optional.
description: Specifies the allowed StorageClasses assigned to the Tenant. Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses. A default value can be specified, and all the PersistentVolumeClaim resources created will inherit the declared class. Optional.
properties:
allowed:
items:
@@ -2625,6 +2629,8 @@ spec:
type: array
allowedRegex:
type: string
default:
type: string
matchExpressions:
description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
items:
@@ -2812,6 +2818,80 @@ metadata:
creationTimestamp: null
name: capsule-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: capsule-webhook-service
namespace: capsule-system
path: /defaults
failurePolicy: Fail
name: pod.defaults.capsule.clastix.io
namespaceSelector:
matchExpressions:
- key: capsule.clastix.io/tenant
operator: Exists
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
scope: Namespaced
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: capsule-webhook-service
namespace: capsule-system
path: /defaults
failurePolicy: Fail
name: storage.defaults.capsule.clastix.io
namespaceSelector:
matchExpressions:
- key: capsule.clastix.io/tenant
operator: Exists
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- persistentvolumeclaims
scope: Namespaced
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: capsule-webhook-service
namespace: capsule-system
path: /defaults
failurePolicy: Fail
name: ingress.defaults.capsule.clastix.io
namespaceSelector:
matchExpressions:
- key: capsule.clastix.io/tenant
operator: Exists
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1beta1
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
scope: Namespaced
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:

9
config/webhook/kustomization.yaml
View File

@@ -8,7 +8,14 @@ patchesJson6902:
kind: ValidatingWebhookConfiguration
name: validating-webhook-configuration
version: v1
path: patch_ns_selector.yaml
path: patch_validating_ns_selector.yaml
- target:
group: admissionregistration.k8s.io
kind: MutatingWebhookConfiguration
name: mutating-webhook-configuration
version: v1
path: patch_mutating_ns_selector.yaml
configurations:
- kustomizeconfig.yaml

59
config/webhook/manifests.yaml
View File

@@ -5,6 +5,65 @@ metadata:
creationTimestamp: null
name: mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /defaults
failurePolicy: Fail
name: pod.defaults.capsule.clastix.io
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /defaults
failurePolicy: Fail
name: storage.defaults.capsule.clastix.io
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- persistentvolumeclaims
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: webhook-service
namespace: system
path: /defaults
failurePolicy: Fail
name: ingress.defaults.capsule.clastix.io
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1beta1
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:

27
config/webhook/patch_mutating_ns_selector.yaml Normal file
View File

@@ -0,0 +1,27 @@
- op: add
path: /webhooks/0/namespaceSelector
value:
matchExpressions:
- key: capsule.clastix.io/tenant
operator: Exists
- op: add
path: /webhooks/1/namespaceSelector
value:
matchExpressions:
- key: capsule.clastix.io/tenant
operator: Exists
- op: add
path: /webhooks/2/namespaceSelector
value:
matchExpressions:
- key: capsule.clastix.io/tenant
operator: Exists
- op: add
path: /webhooks/0/rules/0/scope
value: Namespaced
- op: add
path: /webhooks/1/rules/0/scope
value: Namespaced
- op: add
path: /webhooks/2/rules/0/scope
value: Namespaced

0
config/webhook/patch_ns_selector.yaml → config/webhook/patch_validating_ns_selector.yaml
View File