Skip to content

Commit 0202328

Browse files
openshift-merge-bot[bot]openshift-merge-bot[bot]
authored
Merge pull request #1284 from rabi/enable_webhook
Enable openstack-baremetal-operator webhooks
2 parents a53d881 + 16164da commit 0202328

File tree

4 files changed

+155
-7
lines changed

4 files changed

+155
-7
lines changed

bindata/operator/managers.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ spec:
3030
- /manager
3131
env:
3232
- name: ENABLE_WEBHOOKS
33-
{{ if eq $operatorName "infra" }}
33+
{{ if or (eq $operatorName "infra") (eq $operatorName "openstack-baremetal") }}
3434
value: 'true'
3535
{{ else }}
3636
value: 'false'
@@ -58,7 +58,7 @@ spec:
5858
memory: 128Mi
5959
securityContext:
6060
allowPrivilegeEscalation: false
61-
{{ if eq $operatorName "infra" }}
61+
{{ if or (eq $operatorName "infra") (eq $operatorName "openstack-baremetal") }}
6262
volumeMounts:
6363
- mountPath: /tmp/k8s-webhook-server/serving-certs
6464
name: cert
@@ -88,7 +88,7 @@ spec:
8888
runAsNonRoot: true
8989
serviceAccountName: {{ $operatorName }}-operator-controller-manager
9090
terminationGracePeriodSeconds: 10
91-
{{ if eq $operatorName "infra" }}
91+
{{ if or (eq $operatorName "infra") (eq $operatorName "openstack-baremetal") }}
9292
volumes:
9393
- name: cert
9494
secret:

bindata/operator/openstack-baremetal-operator-webhooks.yaml

Lines changed: 148 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,148 @@
1+
apiVersion: v1
2+
kind: Service
3+
metadata:
4+
labels:
5+
app.kubernetes.io/component: webhook
6+
app.kubernetes.io/created-by: openstack-operator
7+
app.kubernetes.io/instance: webhook-service
8+
app.kubernetes.io/managed-by: kustomize
9+
app.kubernetes.io/name: service
10+
app.kubernetes.io/part-of: openstack-baremetal-operator
11+
name: openstack-baremetal-operator-webhook-service
12+
namespace: '{{ .OperatorNamespace }}'
13+
spec:
14+
ports:
15+
- port: 443
16+
protocol: TCP
17+
targetPort: 9443
18+
selector:
19+
openstack.org/operator-name: openstack-baremetal
20+
---
21+
apiVersion: cert-manager.io/v1
22+
kind: Certificate
23+
metadata:
24+
labels:
25+
app.kubernetes.io/component: certificate
26+
app.kubernetes.io/created-by: openstack-operator
27+
app.kubernetes.io/instance: serving-cert
28+
app.kubernetes.io/managed-by: kustomize
29+
app.kubernetes.io/name: certificate
30+
app.kubernetes.io/part-of: openstack-baremetal-operator
31+
name: openstack-baremetal-operator-serving-cert
32+
namespace: '{{ .OperatorNamespace }}'
33+
spec:
34+
dnsNames:
35+
- openstack-baremetal-operator-webhook-service.{{ .OperatorNamespace }}.svc
36+
- openstack-baremetal-operator-webhook-service.{{ .OperatorNamespace }}.svc.cluster.local
37+
issuerRef:
38+
kind: Issuer
39+
name: openstack-baremetal-operator-selfsigned-issuer
40+
secretName: openstack-baremetal-operator-webhook-server-cert
41+
---
42+
apiVersion: cert-manager.io/v1
43+
kind: Issuer
44+
metadata:
45+
labels:
46+
app.kubernetes.io/component: certificate
47+
app.kubernetes.io/created-by: openstack-operator
48+
app.kubernetes.io/instance: selfsigned-issuer
49+
app.kubernetes.io/managed-by: kustomize
50+
app.kubernetes.io/name: issuer
51+
app.kubernetes.io/part-of: openstack-baremetal-operator
52+
name: openstack-baremetal-operator-selfsigned-issuer
53+
namespace: '{{ .OperatorNamespace }}'
54+
spec:
55+
selfSigned: {}
56+
---
57+
apiVersion: admissionregistration.k8s.io/v1
58+
kind: MutatingWebhookConfiguration
59+
metadata:
60+
annotations:
61+
cert-manager.io/inject-ca-from: '{{ .OperatorNamespace }}/openstack-baremetal-operator-serving-cert'
62+
creationTimestamp: null
63+
labels:
64+
app.kubernetes.io/component: webhook
65+
app.kubernetes.io/created-by: openstack-operator
66+
app.kubernetes.io/instance: mutating-webhook-configuration
67+
app.kubernetes.io/managed-by: kustomize
68+
app.kubernetes.io/name: mutatingwebhookconfiguration
69+
app.kubernetes.io/part-of: openstack-baremetal-operator
70+
name: openstack-baremetal-operator-mutating-webhook-configuration
71+
webhooks:
72+
- admissionReviewVersions:
73+
- v1
74+
failurePolicy: Fail
75+
name: mopenstackprovisionserver.kb.io
76+
rules:
77+
- apiGroups:
78+
- baremetal.openstack.org
79+
apiVersions:
80+
- v1beta1
81+
operations:
82+
- CREATE
83+
- UPDATE
84+
resources:
85+
- openstackprovisionservers
86+
sideEffects: None
87+
clientConfig:
88+
service:
89+
name: openstack-baremetal-operator-webhook-service
90+
namespace: '{{ .OperatorNamespace }}'
91+
path: /mutate-baremetal-openstack-org-v1beta1-openstackprovisionserver
92+
---
93+
apiVersion: admissionregistration.k8s.io/v1
94+
kind: ValidatingWebhookConfiguration
95+
metadata:
96+
annotations:
97+
cert-manager.io/inject-ca-from: '{{ .OperatorNamespace }}/openstack-baremetal-operator-serving-cert'
98+
creationTimestamp: null
99+
labels:
100+
app.kubernetes.io/component: webhook
101+
app.kubernetes.io/created-by: openstack-operator
102+
app.kubernetes.io/instance: validating-webhook-configuration
103+
app.kubernetes.io/managed-by: kustomize
104+
app.kubernetes.io/name: validatingwebhookconfiguration
105+
app.kubernetes.io/part-of: openstack-baremetal-operator
106+
name: openstack-baremetal-operator-validating-webhook-configuration
107+
webhooks:
108+
- admissionReviewVersions:
109+
- v1
110+
failurePolicy: Fail
111+
name: vopenstackbaremetalset.kb.io
112+
rules:
113+
- apiGroups:
114+
- baremetal.openstack.org
115+
apiVersions:
116+
- v1beta1
117+
operations:
118+
- CREATE
119+
- UPDATE
120+
- DELETE
121+
resources:
122+
- openstackbaremetalsets
123+
sideEffects: None
124+
clientConfig:
125+
service:
126+
name: openstack-baremetal-operator-webhook-service
127+
namespace: '{{ .OperatorNamespace }}'
128+
path: /validate-baremetal-openstack-org-v1beta1-openstackbaremetalset
129+
- admissionReviewVersions:
130+
- v1
131+
failurePolicy: Fail
132+
name: vopenstackprovisionserver.kb.io
133+
rules:
134+
- apiGroups:
135+
- baremetal.openstack.org
136+
apiVersions:
137+
- v1beta1
138+
operations:
139+
- CREATE
140+
- UPDATE
141+
resources:
142+
- openstackprovisionservers
143+
sideEffects: None
144+
clientConfig:
145+
service:
146+
name: openstack-baremetal-operator-webhook-service
147+
namespace: '{{ .OperatorNamespace }}'
148+
path: /validate-baremetal-openstack-org-v1beta1-openstackprovisionserver

config/operator/managers.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ spec:
3030
- /manager
3131
env:
3232
- name: ENABLE_WEBHOOKS
33-
{{ if eq $operatorName "infra" }}
33+
{{ if or (eq $operatorName "infra") (eq $operatorName "openstack-baremetal") }}
3434
value: 'true'
3535
{{ else }}
3636
value: 'false'
@@ -58,7 +58,7 @@ spec:
5858
memory: 128Mi
5959
securityContext:
6060
allowPrivilegeEscalation: false
61-
{{ if eq $operatorName "infra" }}
61+
{{ if or (eq $operatorName "infra") (eq $operatorName "openstack-baremetal") }}
6262
volumeMounts:
6363
- mountPath: /tmp/k8s-webhook-server/serving-certs
6464
name: cert
@@ -88,7 +88,7 @@ spec:
8888
runAsNonRoot: true
8989
serviceAccountName: {{ $operatorName }}-operator-controller-manager
9090
terminationGracePeriodSeconds: 10
91-
{{ if eq $operatorName "infra" }}
91+
{{ if or (eq $operatorName "infra") (eq $operatorName "openstack-baremetal") }}
9292
volumes:
9393
- name: cert
9494
secret:

hack/sync-bindata.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@ for X in $(ls manifests/*clusterserviceversion.yaml); do
158158
CLUSTER_ROLE_RULES=$(cat $X | $LOCAL_BINARIES/yq -r .spec.install.spec.clusterPermissions| sed -e 's|- rules:|rules:|' | sed -e 's| ||' | sed -e '/ serviceAccountName.*/d'
159159
)
160160

161-
if [[ "$OPERATOR_NAME" == "infra-operator" ]]; then
161+
if [[ "$OPERATOR_NAME" == "infra-operator" || "$OPERATOR_NAME" == "openstack-baremetal-operator" ]]; then
162162
write_webhooks "$X" "$OPERATOR_NAME"
163163
fi
164164

0 commit comments

Comments
 (0)