1apiVersion: v1
2kind: Namespace
3metadata:
4 name: tolerator
5 labels:
6 webhook: tolerator
7 workload.edge.ncr.com: platform
8 platform.edge.ncr.com/component: tolerator
9 annotations:
10 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
11 pallet.edge.ncr.com/name: tolerator
12 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
13 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
14 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
15 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
16---
17apiVersion: v1
18kind: ServiceAccount
19metadata:
20 name: tolerator
21 namespace: tolerator
22 labels:
23 app: tolerator
24 platform.edge.ncr.com/component: tolerator
25 annotations:
26 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
27 pallet.edge.ncr.com/name: tolerator
28 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
29 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
30 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
31 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
32---
33apiVersion: rbac.authorization.k8s.io/v1
34kind: ClusterRole
35metadata:
36 name: tolerator
37 labels:
38 app: tolerator
39 platform.edge.ncr.com/component: tolerator
40 annotations:
41 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
42 pallet.edge.ncr.com/name: tolerator
43 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
44 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
45 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
46 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
47rules:
48- resources: ["mutatingwebhookconfigurations"]
49 apiGroups: ["admissionregistration.k8s.io"]
50 verbs: ["create", "get", "delete", "list", "patch", "update", "watch"]
51---
52apiVersion: rbac.authorization.k8s.io/v1
53kind: ClusterRoleBinding
54metadata:
55 name: tolerator
56 labels:
57 app: tolerator
58 platform.edge.ncr.com/component: tolerator
59 annotations:
60 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
61 pallet.edge.ncr.com/name: tolerator
62 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
63 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
64 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
65 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
66roleRef:
67 name: tolerator
68 kind: ClusterRole
69 apiGroup: rbac.authorization.k8s.io
70subjects:
71- name: tolerator
72 namespace: tolerator
73 kind: ServiceAccount
74---
75apiVersion: v1
76kind: Service
77metadata:
78 name: tolerator
79 namespace: tolerator
80 labels:
81 app: tolerator
82 platform.edge.ncr.com/component: tolerator
83 annotations:
84 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
85 pallet.edge.ncr.com/name: tolerator
86 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
87 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
88 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
89 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
90spec:
91 selector:
92 app: tolerator
93 platform.edge.ncr.com/component: tolerator
94 ports:
95 - port: 443
96 targetPort: 8443
97---
98apiVersion: apps/v1
99kind: Deployment
100metadata:
101 name: tolerator
102 namespace: tolerator
103 labels:
104 app: tolerator
105 platform.edge.ncr.com/component: tolerator
106 annotations:
107 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
108 pallet.edge.ncr.com/name: tolerator
109 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
110 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
111 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
112 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
113spec:
114 selector:
115 matchLabels:
116 app: tolerator
117 platform.edge.ncr.com/component: tolerator
118 template:
119 metadata:
120 labels:
121 app: tolerator
122 platform.edge.ncr.com/component: tolerator
123 annotations:
124 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
125 pallet.edge.ncr.com/name: tolerator
126 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
127 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
128 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
129 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
130 spec:
131 serviceAccountName: tolerator
132 containers:
133 - name: tolerator
134 image: us-east1-docker.pkg.dev/ret-edge-pltf-infra/workloads/tolerator@sha256:dc18625e666d0e829b91227bd0775e4b4160c0e82dfa1ae598e197114b6e6b48
135 args:
136 - -service-name=tolerator
137 ports:
138 - containerPort: 8443
139 env:
140 - name: POD_NAMESPACE
141 valueFrom:
142 fieldRef:
143 fieldPath: metadata.namespace
144 volumeMounts:
145 - name: cert
146 readOnly: true
147 mountPath: "/var/cert"
148 lifecycle:
149 preStop:
150 exec:
151 command: ["/bin/sh", "-c", "/prestop.sh"]
152 imagePullPolicy: IfNotPresent
153 volumes:
154 - name: cert
155 secret:
156 secretName: tolerator-webhook-certificate
157 imagePullSecrets:
158 - name: edge-docker-pull-secret
159---
160apiVersion: cert-manager.io/v1
161kind: Certificate
162metadata:
163 name: tolerator-certificate
164 namespace: tolerator
165 labels:
166 platform.edge.ncr.com/component: tolerator
167 annotations:
168 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
169 pallet.edge.ncr.com/name: tolerator
170 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
171 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
172 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
173 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
174spec:
175 dnsNames:
176 - tolerator.tolerator.svc
177 issuerRef:
178 name: selfsigned
179 secretName: tolerator-webhook-certificate
180---
181apiVersion: cert-manager.io/v1
182kind: Issuer
183metadata:
184 name: selfsigned
185 namespace: tolerator
186 labels:
187 platform.edge.ncr.com/component: tolerator
188 annotations:
189 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
190 pallet.edge.ncr.com/name: tolerator
191 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
192 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
193 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
194 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
195spec:
196 selfSigned: {}
197---
198apiVersion: admissionregistration.k8s.io/v1
199kind: MutatingWebhookConfiguration
200metadata:
201 name: tolerator-webhook
202 labels:
203 platform.edge.ncr.com/component: tolerator
204 annotations:
205 cert-manager.io/inject-ca-from: tolerator/tolerator-certificate
206 pallet.edge.ncr.com/created: "2023-02-16T21:26:39Z"
207 pallet.edge.ncr.com/name: tolerator
208 pallet.edge.ncr.com/revision: 696897a3df910b6e84a88c9336907a17b18159c1
209 pallet.edge.ncr.com/source: https://github.com/ncrvoyix-swt-retail/edge-infra/tree/696897a3df910b6e84a88c9336907a17b18159c1
210 pallet.edge.ncr.com/team: '@ncrvoyix-swt-retail/sds'
211 pallet.edge.ncr.com/version: 7.7.7-rc.1676582799+commit.696897a
212webhooks:
213- name: tolerator.tolerator.svc
214 admissionReviewVersions:
215 - v1
216 - v1beta1
217 clientConfig:
218 service:
219 name: tolerator
220 namespace: tolerator
221 port: 443
222 path: /inject
223 failurePolicy: Ignore
224 matchPolicy: Equivalent
225 namespaceSelector:
226 matchExpressions:
227 - key: webhook
228 operator: NotIn
229 values:
230 - tolerator
231 objectSelector: {}
232 reinvocationPolicy: Never
233 rules:
234 - resources:
235 - pods
236 apiGroups:
237 - ""
238 apiVersions:
239 - v1
240 operations:
241 - CREATE
242 - UPDATE
243 scope: '*'
244 sideEffects: None
View as plain text