1 {{- if .Values.webhook.enabled -}}
2 {{- $altNames := list "cmk-webhook-service" ( printf "cmk-webhook-service.%s" .Release.Namespace ) ( printf "cmk-webhook-service.%s.svc" .Release.Namespace ) -}}
3 {{- $cert := genSelfSignedCert ( printf "cmk-webhook-service.%s.svc" .Release.Namespace ) nil $altNames 36500 -}}
7 name: {{ include "cpu-manager.fullname" . }}-webhook-certs
9 {{- include "cpu-manager.labels" . | nindent 4 }}
11 cert.pem: {{ $cert.Cert | b64enc }}
12 key.pem: {{ $cert.Key | b64enc }}
18 name: {{ include "cpu-manager.fullname" . }}-webhook-configmap
20 {{- include "cpu-manager.labels" . | nindent 4 }}
24 binding-address: "0.0.0.0"
25 port: {{ .Values.webhook.service.port }}
26 cert: "/etc/ssl/cert.pem"
27 key: "/etc/ssl/key.pem"
28 mutations: "/etc/webhook/mutations.yaml"
34 cmk.intel.com/resources-injected: "true"
36 serviceAccount: {{ include "cpu-manager.serviceAccountName" . }}
43 - name: cmk-config-dir
45 path: {{ .Values.configDir | quote }}
46 - name: cmk-install-dir
48 path: {{ .Values.installDir | quote }}
57 - name: cmk-config-dir
59 - name: cmk-install-dir
65 name: cmk-webhook-service
67 {{- include "cpu-manager.labels" . | nindent 4 }}
71 - port: {{ .Values.webhook.service.port }}
74 {{- include "cpu-manager.labels" . | nindent 4 }}
81 {{- include "cpu-manager.labels" . | nindent 4 }}
83 name: {{ include "cpu-manager.fullname" . }}-webhook-deployment
85 replicas: {{ .Values.webhook.replicaCount }}
88 {{- include "cpu-manager.selectorLabels" . | nindent 6 }}
93 {{- include "cpu-manager.selectorLabels" . | nindent 8 }}
96 {{- toYaml .Values.webhook.annotations | nindent 8 }}
98 {{- with .Values.imagePullSecrets }}
100 {{- toYaml . | nindent 8 }}
103 {{- toYaml .Values.podSecurityContext | nindent 8 }}
108 - "/cmk/cmk.py webhook --conf-file /etc/webhook/server.yaml"
112 image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
113 imagePullPolicy: {{ .Values.image.pullPolicy }}
116 {{- toYaml .Values.securityContext | nindent 10 }}
118 - mountPath: /etc/webhook
119 name: cmk-webhook-configmap
120 - mountPath: /etc/ssl
121 name: cmk-webhook-certs
124 - name: cmk-webhook-configmap
126 name: {{ include "cpu-manager.fullname" . }}-webhook-configmap
127 - name: cmk-webhook-certs
129 secretName: {{ include "cpu-manager.fullname" . }}-webhook-certs
131 apiVersion: admissionregistration.k8s.io/v1beta1
132 kind: MutatingWebhookConfiguration
135 {{- include "cpu-manager.labels" . | nindent 4 }}
137 name: {{ include "cpu-manager.fullname" . }}-webhook-config
140 caBundle: {{ $cert.Cert | b64enc }}
142 name: cmk-webhook-service
143 namespace: {{ $.Release.Namespace }}
145 failurePolicy: Ignore