Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update mutating webhook API Version (#408)

Browse source 
* Update mutating webhook API Version

* Set to ignore by default

* Remove extra `-`

* Add required fields
This commit is contained in:
Yong Wen Chua 2020-12-07 23:18:25 +08:00 committed by GitHub
parent be48291bcf
commit 94adad8335
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
templates/injector-mutating-webhook.yaml
View file

@ -1,5 +1,9 @@
{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }} {{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }}
{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
apiVersion: admissionregistration.k8s.io/v1
{{- else }}
apiVersion: admissionregistration.k8s.io/v1beta1 apiVersion: admissionregistration.k8s.io/v1beta1
{{- end }}
kind: MutatingWebhookConfiguration kind: MutatingWebhookConfiguration
metadata: metadata:
name: {{ template "vault.fullname" . }}-agent-injector-cfg name: {{ template "vault.fullname" . }}-agent-injector-cfg
@ -9,6 +13,10 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks: webhooks:
- name: vault.hashicorp.com - name: vault.hashicorp.com
sideEffects: None
admissionReviewVersions:
- "v1beta1"
- "v1"
clientConfig: clientConfig:
service: service:
name: {{ template "vault.fullname" . }}-agent-injector-svc name: {{ template "vault.fullname" . }}-agent-injector-svc

4
test/unit/injector-mutating-webhook.bats
View file

@ -76,7 +76,7 @@ load _helpers
[ "${actual}" = "true" ] [ "${actual}" = "true" ]
} }
@test "injector/MutatingWebhookConfiguration: failurePolicy empty by default" { @test "injector/MutatingWebhookConfiguration: failurePolicy 'Ignore' by default" {
cd `chart_dir` cd `chart_dir`
local actual=$(helm template \ local actual=$(helm template \
--show-only templates/injector-mutating-webhook.yaml \ --show-only templates/injector-mutating-webhook.yaml \
@ -84,7 +84,7 @@ load _helpers
--namespace foo \ --namespace foo \
. | tee /dev/stderr | . | tee /dev/stderr |
yq '.webhooks[0].failurePolicy' | tee /dev/stderr) yq '.webhooks[0].failurePolicy' | tee /dev/stderr)
[ "${actual}" = "null" ] [ "${actual}" = "\"Ignore\"" ]
} }
@test "injector/MutatingWebhookConfiguration: can set failurePolicy" { @test "injector/MutatingWebhookConfiguration: can set failurePolicy" {

5
values.yaml
View file

@ -70,11 +70,12 @@ injector:
# sidecar-injector: enabled # sidecar-injector: enabled
namespaceSelector: {} namespaceSelector: {}
# Configures failurePolicy of the webhook. By default webhook failures are ignored. # Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the
# API Version of the WebHook.
# To block pod creation while webhook is unavailable, set the policy to `Fail` below. # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
# See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
# #
# failurePolcy: Fail failurePolicy: Ignore
certs: certs:
# secretName is the name of the secret that has the TLS certificate and # secretName is the name of the secret that has the TLS certificate and