wip: tested everything for manual , still working on helm

Signed-off-by: Rahul Vishwakarma <[email protected]>

Author: manzil-infinity180

docs/how-to-install.md

@@ -2,6 +2,7 @@
 # create cluster 
 # Install cert-manager 
 # add trivy - k apply -f docs/trivy-manifest/deployment.yml and then same for svc
+# create our deployment and service and then only create validating webhook
 # k apply -f manifest/k8s-controller-webhook.yaml (it contain everything, cert, tls secrets)
 # add cluster permission for list, watch, create, get 
 # k apply -f manifest/cluster-permission.yaml

docs/trivy-manifest/deployment.yml

@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: trivy-server
+  namespace: default
   labels:
     app: trivy-server
 spec:

docs/trivy-manifest/service.yml

@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: trivy-server-service
+  namespace: default
   labels:
     app: trivy-server
 spec:
@@ -12,3 +13,6 @@ spec:
       port: 8080
       targetPort: 8080
   type: ClusterIP # Use ClusterIP for internal access, or NodePort/LoadBalancer for external access
+
+# [service-name].[service-namespace].svc:8080
+# trivy-server-service.default.svc:8080

manifest/k8s-controller-webhook.yaml

@@ -3,53 +3,6 @@ kind: Namespace
 metadata:
   name: example1
 ---
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: selfsigned
-  namespace: example1
-spec:
-  selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: webhook1-certificate
-  namespace: example1
-spec:
-  secretName: k8s-controller-tls            # Secret mounted in deployment
-  dnsNames:
-    - k8s-custom-controller-service.example1.svc
-    - k8s-custom-controller-service.example1.svc.cluster.local
-  issuerRef:
-    name: selfsigned
----
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: webhook1
-  annotations:
-    cert-manager.io/inject-ca-from: example1/webhook1-certificate
-webhooks:
-  - name: k8s-custom-controller-service.example1.svc
-    admissionReviewVersions:
-      - v1
-    sideEffects: None
-    timeoutSeconds: 30
-    clientConfig:
-      service:
-        name: k8s-custom-controller-service
-        namespace: example1
-        path: /validate
-        port: 443
-    rules:
-        - apiGroups: [ "apps" ]
-          apiVersions: [ "v1" ]
-          operations: [ "CREATE" ]
-          resources: [ "deployments" ]
-    failurePolicy: Fail
-
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -77,8 +30,8 @@ spec:
               value: "/certs/tls.crt"
             - name: TLS_KEY_FILE
               value: "/certs/tls.key"
-#            - name: BYPASS_CVE_DENIED
-#              value: "yes"  # yes or true (lowercase)
+      #            - name: BYPASS_CVE_DENIED
+      #              value: "yes"  # yes or true (lowercase)
       volumes:
         - name: webhook-certs
           secret:
@@ -97,3 +50,49 @@ spec:
       port: 443
       targetPort: 8000
   type: ClusterIP
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned
+  namespace: example1
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: webhook1-certificate
+  namespace: example1
+spec:
+  secretName: k8s-controller-tls            # Secret mounted in deployment
+  dnsNames:
+    - k8s-custom-controller-service.example1.svc
+    - k8s-custom-controller-service.example1.svc.cluster.local
+  issuerRef:
+    name: selfsigned
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: webhook1
+  annotations:
+    cert-manager.io/inject-ca-from: example1/webhook1-certificate
+webhooks:
+  - name: k8s-custom-controller-service.example1.svc
+    admissionReviewVersions:
+      - v1
+    sideEffects: None
+    timeoutSeconds: 30
+    clientConfig:
+      service:
+        name: k8s-custom-controller-service
+        namespace: example1
+        path: /validate
+        port: 443
+    rules:
+        - apiGroups: [ "apps" ]
+          apiVersions: [ "v1" ]
+          operations: [ "CREATE" ]
+          resources: [ "deployments" ]
+    failurePolicy: Fail