harbor-operator/templates/admission-control.yml

{{ if .Values.admissionController }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: admission-control
spec:
  secretName: admission-control
  dnsNames:
    - admission-control.harbor-operator.svc
  issuerRef:
    name: harbor-operator
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: harbor-operator-admission-control
  annotations:
    cert-manager.io/inject-ca-from: harbor-operator/admission-control
webhooks:
  - name: harbor-operator-admission-control.codemowers.io
    rules:
      - apiGroups:
          - ""
        apiVersions:
          - v1
        operations:
          - CREATE
        resources:
          - pods
        scope: Namespaced
    clientConfig:
      service:
        namespace: harbor-operator
        name: admission-control
    admissionReviewVersions:
      - v1
    sideEffects: None
    timeoutSeconds: 30
    failurePolicy: Ignore
---
apiVersion: v1
kind: Service
metadata:
  name: admission-control
  labels:
    app.kubernetes.io/name: harbor-operator
spec:
  selector:
    app.kubernetes.io/name: harbor-operator
  ports:
  - name: http
    targetPort: 3001
    port: 443
{{ end }}
Initial commit 2022-11-14 19:08:45 +00:00			`{{ if .Values.admissionController }}`
			`---`
			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: admission-control`
			`spec:`
			`secretName: admission-control`
			`dnsNames:`
			`- admission-control.harbor-operator.svc`
			`issuerRef:`
			`name: harbor-operator`
			`---`
			`apiVersion: admissionregistration.k8s.io/v1`
			`kind: MutatingWebhookConfiguration`
			`metadata:`
			`name: harbor-operator-admission-control`
			`annotations:`
			`cert-manager.io/inject-ca-from: harbor-operator/admission-control`
			`webhooks:`
			`- name: harbor-operator-admission-control.codemowers.io`
			`rules:`
			`- apiGroups:`
			`- ""`
			`apiVersions:`
			`- v1`
			`operations:`
			`- CREATE`
			`resources:`
			`- pods`
			`scope: Namespaced`
			`clientConfig:`
			`service:`
			`namespace: harbor-operator`
			`name: admission-control`
			`admissionReviewVersions:`
			`- v1`
			`sideEffects: None`
			`timeoutSeconds: 30`
			`failurePolicy: Ignore`
			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: admission-control`
			`labels:`
			`app.kubernetes.io/name: harbor-operator`
			`spec:`
			`selector:`
			`app.kubernetes.io/name: harbor-operator`
			`ports:`
			`- name: http`
			`targetPort: 3001`
			`port: 443`
			`{{ end }}`