mirror of
https://github.com/intel/intel-device-plugins-for-kubernetes.git
synced 2025-06-03 03:59:37 +00:00
e34355940a
rbac-proxy will be deprecated in 2025 Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
124 lines
3.4 KiB
YAML
124 lines
3.4 KiB
YAML
# Adds namespace to all resources.
|
|
namespace: inteldeviceplugins-system
|
|
|
|
# Value of this field is prepended to the
|
|
# names of all resources, e.g. a deployment named
|
|
# "wordpress" becomes "alices-wordpress".
|
|
# Note that it should also match with the prefix (text before '-') of the namespace
|
|
# field above.
|
|
namePrefix: intel-deviceplugins-
|
|
|
|
# Labels to add to all resources and selectors.
|
|
#commonLabels:
|
|
# someName: someValue
|
|
|
|
resources:
|
|
- ../crd
|
|
- ../rbac
|
|
- ../manager
|
|
- ../webhook
|
|
- ../certmanager
|
|
# [METRICS] Expose the controller manager metrics service.
|
|
- metrics_service.yaml
|
|
|
|
|
|
patches:
|
|
# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443.
|
|
# More info: https://book.kubebuilder.io/reference/metrics
|
|
- path: manager_metrics_patch.yaml
|
|
target:
|
|
kind: Deployment
|
|
- path: manager_webhook_patch.yaml
|
|
target:
|
|
kind: Deployment
|
|
name: controller-manager
|
|
# Enable certmanager integration
|
|
- path: webhookcainjection_patch_mutate.yaml
|
|
target:
|
|
name: mutating-webhook-configuration
|
|
- path: webhookcainjection_patch_validate.yaml
|
|
target:
|
|
name: validating-webhook-configuration
|
|
|
|
replacements:
|
|
- source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
|
|
kind: Certificate
|
|
group: cert-manager.io
|
|
version: v1
|
|
name: serving-cert # this name should match the one in certificate.yaml
|
|
fieldPath: .metadata.namespace # namespace of the certificate CR
|
|
targets:
|
|
- select:
|
|
kind: ValidatingWebhookConfiguration
|
|
fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
delimiter: '/'
|
|
index: 0
|
|
create: true
|
|
- select:
|
|
kind: MutatingWebhookConfiguration
|
|
fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
delimiter: '/'
|
|
index: 0
|
|
create: true
|
|
- source:
|
|
kind: Certificate
|
|
group: cert-manager.io
|
|
version: v1
|
|
name: serving-cert # this name should match the one in certificate.yaml
|
|
fieldPath: .metadata.name
|
|
targets:
|
|
- select:
|
|
kind: ValidatingWebhookConfiguration
|
|
fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
delimiter: '/'
|
|
index: 1
|
|
create: true
|
|
- select:
|
|
kind: MutatingWebhookConfiguration
|
|
fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
delimiter: '/'
|
|
index: 1
|
|
create: true
|
|
- source: # Add cert-manager annotation to the webhook Service
|
|
kind: Service
|
|
version: v1
|
|
name: webhook-service
|
|
fieldPath: .metadata.name # namespace of the service
|
|
targets:
|
|
- select:
|
|
kind: Certificate
|
|
group: cert-manager.io
|
|
version: v1
|
|
fieldPaths:
|
|
- .spec.dnsNames.0
|
|
- .spec.dnsNames.1
|
|
options:
|
|
delimiter: '.'
|
|
index: 0
|
|
create: true
|
|
- source:
|
|
kind: Service
|
|
version: v1
|
|
name: webhook-service
|
|
fieldPath: .metadata.namespace # namespace of the service
|
|
targets:
|
|
- select:
|
|
kind: Certificate
|
|
group: cert-manager.io
|
|
version: v1
|
|
fieldPaths:
|
|
- .spec.dnsNames.0
|
|
- .spec.dnsNames.1
|
|
options:
|
|
delimiter: '.'
|
|
index: 1
|
|
create: true
|