apiVersion: v1
kind: Namespace
metadata:
  name: edge-injector
  labels:
    workload.edge.ncr.com: platform
    platform.edge.ncr.com/component: edge-injector
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-injector
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: edge-injector
  namespace: edge-injector
  labels:
    platform.edge.ncr.com/component: edge-injector
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-injector
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
imagePullSecrets:
- name: edge-docker-pull-secret
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: edge-injector
  labels:
    platform.edge.ncr.com/component: edge-injector
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-injector
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
rules:
- resources:
  - nodes
  - pods
  apiGroups:
  - ""
  verbs:
  - get
  - list
  - watch
- resources:
  - nodes/status
  - pods/status
  - secrets/status
  apiGroups:
  - ""
  verbs:
  - get
  - watch
- resources:
  - secrets
  apiGroups:
  - ""
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- resources:
  - daemonsets
  - deployments
  - replicasets
  - statefulsets
  apiGroups:
  - apps
  verbs:
  - get
  - list
  - watch
- resources:
  - couchdbusers
  apiGroups:
  - datasync.edge.ncr.com
  verbs:
  - create
  - get
  - list
  - patch
  - update
  - watch
- resources:
  - couchdbusers/status
  apiGroups:
  - datasync.edge.ncr.com
  verbs:
  - get
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: edge-injector
  labels:
    platform.edge.ncr.com/component: edge-injector
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-injector
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
roleRef:
  name: edge-injector
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
subjects:
- name: edge-injector
  namespace: edge-injector
  kind: ServiceAccount
---
apiVersion: v1
kind: Service
metadata:
  name: edge-injector
  namespace: edge-injector
  labels:
    platform.edge.ncr.com/component: edge-injector
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-injector
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  selector:
    platform.edge.ncr.com/component: edge-injector
  ports:
  - port: 443
    targetPort: 8443
  publishNotReadyAddresses: true
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: edge-injector
  labels:
    platform.edge.ncr.com/component: edge-injector
  namespace: edge-injector
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-injector
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  replicas: 1
  selector:
    matchLabels:
      platform.edge.ncr.com/component: edge-injector
  template:
    metadata:
      labels:
        platform.edge.ncr.com/component: edge-injector
      annotations:
        pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
        pallet.edge.ncr.com/name: edge-injector
        pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
        pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
        pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
        pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
    spec:
      serviceAccountName: edge-injector
      containers:
      - name: edge-injector
        image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/edge-injector@sha256:21c6656f6066017fdb478618d50cf7c24d366d736c85364b6f3121ad9f7a5550
        ports:
        - name: http
          protocol: TCP
          containerPort: 8443
        resources:
          limits:
            cpu: "100m"
        volumeMounts:
        - name: cert
          readOnly: true
          mountPath: "/var/cert"
        imagePullPolicy: IfNotPresent
      volumes:
      - name: cert
        secret:
          secretName: edge-injector
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: edge-injector
  namespace: edge-injector
  labels:
    platform.edge.ncr.com/component: edge-injector
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-injector
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  commonName: edge-injector.edge-injector.svc
  dnsNames:
  - edge-injector.edge-injector.svc
  issuerRef:
    name: edge-injector
  secretName: edge-injector
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: edge-injector
  namespace: edge-injector
  labels:
    platform.edge.ncr.com/component: edge-injector
  annotations:
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-injector
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
spec:
  selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: edge-injector
  labels:
    platform.edge.ncr.com/component: edge-injector
  annotations:
    cert-manager.io/inject-ca-from: edge-injector/edge-injector
    pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
    pallet.edge.ncr.com/name: edge-injector
    pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
    pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/edge-data-sync'
    pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
webhooks:
- name: couchuser.datasync.edge.ncr.com
  admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: edge-injector
      namespace: edge-injector
      port: 443
      path: /mutating-create-update-pod-couchdb-secret
  failurePolicy: Ignore
  objectSelector:
    matchExpressions:
    - key: injector.edge.ncr.com/couchdb-user
      operator: Exists
  rules:
  - resources: ["pods"]
    apiGroups: [""]
    apiVersions: ["v1"]
    operations: ["CREATE", "UPDATE"]
    scope: "*"
  sideEffects: None
- name: node.dsds.edge.ncr.com
  admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: edge-injector
      namespace: edge-injector
      port: 443
      path: /mutating-create-update-pod-node-secret
  failurePolicy: Ignore
  objectSelector:
    matchExpressions:
    - key: injector.edge.ncr.com/add-node-information
      operator: Exists
  rules:
  - resources: ["pods"]
    apiGroups: [""]
    apiVersions: ["v1"]
    operations: ["CREATE", "UPDATE"]
    scope: "*"
  sideEffects: None