kustomize

2025-08-15 01:15:24 -04:00 · 2020-04-06 17:23:26 -07:00 · 2020-04-06 17:23:26 -07:00 · aa0e248a45
commit aa0e248a45
parent ae72757665
330 changed files with 27690 additions and 0 deletions
--- a/kubeflow/kfapp/kustomize/webhook/base/cluster-role-binding.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/base/cluster-role-binding.yaml
@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cluster-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-role
+subjects:
+- kind: ServiceAccount
+  name: service-account
--- a/kubeflow/kfapp/kustomize/webhook/base/cluster-role.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/base/cluster-role.yaml
@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-role
+rules:
+- apiGroups:
+  - kubeflow.org
+  resources:
+  - poddefaults
+  verbs:
+  - get
+  - watch
+  - list
+  - update
+  - create
+  - patch
+  - delete
--- a/kubeflow/kfapp/kustomize/webhook/base/crd.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/base/crd.yaml
@ -0,0 +1,51 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: poddefaults.kubeflow.org
+spec:
+  group: kubeflow.org
+  names:
+    kind: PodDefault
+    plural: poddefaults
+    singular: poddefault
+  scope: Namespaced
+  version: v1alpha1
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          type: string
+        kind:
+          type: string
+        metadata:
+          type: object
+        spec:
+          properties:
+            desc:
+              type: string
+            serviceAccountName:
+              type: string
+            env:
+              items:
+                type: object
+              type: array
+            envFrom:
+              items:
+                type: object
+              type: array
+            selector:
+              type: object
+            volumeMounts:
+              items:
+                type: object
+              type: array
+            volumes:
+              items:
+                type: object
+              type: array
+          required:
+          - selector
+          type: object
+        status:
+          type: object
+      type: object
--- a/kubeflow/kfapp/kustomize/webhook/base/deployment.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/base/deployment.yaml
@ -0,0 +1,19 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: deployment
+spec:
+  template:
+    spec:
+      containers:
+      - image: gcr.io/kubeflow-images-public/admission-webhook:v20190520-v0-139-gcee39dbc-dirty-0d8f4c
+        name: admission-webhook
+        volumeMounts:
+        - mountPath: /etc/webhook/certs
+          name: webhook-cert
+          readOnly: true
+      volumes:
+      - name: webhook-cert
+        secret:
+          secretName: webhook-certs
+      serviceAccountName: service-account    
--- a/kubeflow/kfapp/kustomize/webhook/base/kustomization.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/base/kustomization.yaml
@ -0,0 +1,48 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- cluster-role-binding.yaml
+- cluster-role.yaml
+- deployment.yaml
+- mutating-webhook-configuration.yaml
+- service-account.yaml
+- service.yaml
+- crd.yaml
+commonLabels:
+  kustomize.component: admission-webhook
+  app: admission-webhook
+namePrefix: admission-webhook- 
+images:
+  - name: gcr.io/kubeflow-images-public/admission-webhook
+    newName: gcr.io/kubeflow-images-public/admission-webhook
+    newTag: v20190520-v0-139-gcee39dbc-dirty-0d8f4c
+namespace: kubeflow  
+configMapGenerator:
+- name: admission-webhook-parameters
+  env: params.env
+generatorOptions:
+  disableNameSuffixHash: true
+vars:
+- name: namespace
+  objref:
+    kind: ConfigMap
+    name: admission-webhook-parameters 
+    apiVersion: v1
+  fieldref:
+    fieldpath: data.namespace	
+- name: serviceName
+  objref:
+    kind: Service
+    name: service
+    apiVersion: v1
+  fieldref:
+    fieldpath: metadata.name
+- name: deploymentName
+  objref:
+    kind: Deployment
+    name: deployment
+    apiVersion: extensions/v1beta1
+  fieldref:
+    fieldpath: metadata.name
+configurations:
+- params.yaml
--- a/kubeflow/kfapp/kustomize/webhook/base/mutating-webhook-configuration.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/base/mutating-webhook-configuration.yaml
@ -0,0 +1,21 @@
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+webhooks:
+- clientConfig:
+    caBundle: ""
+    service:
+      name: $(serviceName)
+      namespace: $(namespace)
+      path: /apply-poddefault
+  name: $(deploymentName).kubeflow.org
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    resources:
+    - pods
--- a/kubeflow/kfapp/kustomize/webhook/base/params.env
+++ b/kubeflow/kfapp/kustomize/webhook/base/params.env
@ -0,0 +1 @@
+namespace=kubeflow
--- a/kubeflow/kfapp/kustomize/webhook/base/params.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/base/params.yaml
@ -0,0 +1,7 @@
+varReference:
+- path: webhooks/clientConfig/service/namespace
+  kind: MutatingWebhookConfiguration
+- path: webhooks/clientConfig/service/name
+  kind: MutatingWebhookConfiguration
+- path: webhooks/name
+  kind: MutatingWebhookConfiguration
--- a/kubeflow/kfapp/kustomize/webhook/base/service-account.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/base/service-account.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: service-account
--- a/kubeflow/kfapp/kustomize/webhook/base/service.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/base/service.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: service
+spec:
+  ports:
+  - port: 443
+    targetPort: 443
--- a/kubeflow/kfapp/kustomize/webhook/kustomization.yaml
+++ b/kubeflow/kfapp/kustomize/webhook/kustomization.yaml
@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+bases:
+- base
+kind: Kustomization
+namespace: kubeflow