1 // Copyright 2022 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package webhook 16 17 const ( 18 ControllerManagerServiceAccountRegex = "system:serviceaccount:[a-z0-9.-]+:cnrm-controller-manager" 19 // ServicePort is the port that the webhook binary will bind to, as well as use as the service port. 20 // 21 // must be 443 as private GKE clusters have opened up 443 specifically 22 // as a port that GKE masters can send requests to nodes to, and the requests are sent 23 // directly to the targetPort of the pod rather than the service port. 24 // see b/180354275 25 // 26 // Since the TargetPort is effectively being used as a public port, 27 // standardizing public ports removes ambiguity. 28 ServicePort = 443 29 certDir = "/tmp/cert" 30 certSecretName = "cnrm-webhook-cert" 31 ) 32