Text file src/sigs.k8s.io/gateway-api/config/webhook/admission_webhook.yaml

Documentation: sigs.k8s.io/gateway-api/config/webhook

     1apiVersion: admissionregistration.k8s.io/v1
     2kind: ValidatingWebhookConfiguration
     3metadata:
     4  name: gateway-api-admission
     5webhooks:
     6- name: validate.gateway.networking.k8s.io
     7  matchPolicy: Equivalent
     8  rules:
     9  - operations: [ "CREATE" , "UPDATE" ]
    10    apiGroups: [ "gateway.networking.k8s.io" ]
    11    apiVersions: [ "v1alpha2", "v1beta1" ]
    12    resources: [ "gateways", "gatewayclasses", "httproutes" ]
    13  failurePolicy: Fail
    14  sideEffects: None
    15  admissionReviewVersions:
    16  - v1
    17  clientConfig:
    18    service:
    19      name: gateway-api-admission-server
    20      namespace: gateway-system
    21      path: "/validate"
    22---
    23apiVersion: v1
    24kind: Service
    25metadata:
    26  labels:
    27    name: gateway-api-webhook-server
    28  name: gateway-api-admission-server
    29  namespace: gateway-system
    30spec:
    31  type: ClusterIP
    32  ports:
    33  - name: https-webhook
    34    port: 443
    35    targetPort: 8443
    36  selector:
    37    name: gateway-api-admission-server
    38---
    39apiVersion: apps/v1
    40kind: Deployment
    41metadata:
    42  name: gateway-api-admission-server
    43  namespace: gateway-system
    44  labels:
    45    name: gateway-api-admission-server
    46spec:
    47  replicas: 1
    48  selector:
    49    matchLabels:
    50      name: gateway-api-admission-server
    51  template:
    52    metadata:
    53      name: gateway-api-admission-server
    54      labels:
    55        name: gateway-api-admission-server
    56    spec:
    57      containers:
    58      - name: webhook
    59        image: registry.k8s.io/gateway-api/admission-server:v1.0.0-rc1
    60        imagePullPolicy: IfNotPresent
    61        args:
    62        - -logtostderr
    63        - --tlsCertFile=/etc/certs/cert
    64        - --tlsKeyFile=/etc/certs/key
    65        - -v=10
    66        - 2>&1
    67        ports:
    68        - containerPort: 8443
    69          name: webhook
    70        resources:
    71          limits:
    72            memory: 50Mi
    73            cpu: 100m
    74          requests:
    75            memory: 50Mi
    76            cpu: 100m
    77        volumeMounts:
    78        - name: webhook-certs
    79          mountPath: /etc/certs
    80          readOnly: true
    81        securityContext:
    82          allowPrivilegeEscalation: false
    83          readOnlyRootFilesystem: true
    84          runAsNonRoot: true
    85          runAsUser: 65532
    86          runAsGroup: 65532
    87          capabilities:
    88            drop:
    89            - "ALL"
    90          seccompProfile:
    91            type: RuntimeDefault
    92      volumes:
    93      - name: webhook-certs
    94        secret:
    95          secretName: gateway-api-admission

View as plain text