Skip to content
This repository has been archived by the owner on Aug 25, 2021. It is now read-only.

Commit

Permalink
Add cluster resource CRD
Browse files Browse the repository at this point in the history 
- Add a CRD for the cluster resource. This additionally adds a webhook
  for the same as well. This is a CRD that supports the Transparent
Proxy feature.

- Only support the mutating webhook version v1, as v1beta1 is deprecated
  in the newer Kubernetes versions and v1 is supported in Kubernetes
1.16+ which are the versions we support
  • Loading branch information
Ashwin Venkatesh committed Apr 15, 2021
1 parent 6c3b2f6 commit 57a6869
Show file tree
Hide file tree
Showing 9 changed files with 285 additions and 109 deletions.
2 changes: 1 addition & 1 deletion .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ jobs:
-secondary-kubecontext="kind-dc2" \
-debug-directory="$TEST_RESULTS/debug" \
-consul-image="ishustava/consul-enterprise:tproxy-test" \
-consul-k8s-image="docker.mirror.hashicorp.services/hashicorpdev/consul-k8s:296675a"
-consul-k8s-image="ashwinvenkatesh/consul-k8s@sha256:a73eff871ad25f127c303753486fd2f7d2d6dc9a60e9ae025183c8b26089780b"
then
echo "Tests in ${pkg} failed, aborting early"
exit_code=1
Expand Down
16 changes: 6 additions & 10 deletions templates/connect-inject-mutatingwebhook.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
{{- if (or (and (ne (.Values.connectInject.enabled | toString) "-") .Values.connectInject.enabled) (and (eq (.Values.connectInject.enabled | toString) "-") .Values.global.enabled)) }}
# The MutatingWebhookConfiguration to enable the Connect injector.
{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
apiVersion: admissionregistration.k8s.io/v1
{{- else }}
apiVersion: admissionregistration.k8s.io/v1beta1
{{- end }}
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "consul.fullname" . }}-connect-injector-cfg
Expand All @@ -19,18 +15,18 @@ webhooks:
failurePolicy: Ignore
sideEffects: None
admissionReviewVersions:
- "v1beta1"
- "v1"
- "v1beta1"
- "v1"
clientConfig:
service:
name: {{ template "consul.fullname" . }}-connect-injector-svc
namespace: {{ .Release.Namespace }}
path: "/mutate"
rules:
- operations: [ "CREATE" ]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
- operations: [ "CREATE" ]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
{{- if .Values.connectInject.namespaceSelector }}
namespaceSelector:
{{ tpl .Values.connectInject.namespaceSelector . | indent 6 }}
Expand Down
202 changes: 110 additions & 92 deletions templates/controller-mutatingwebhookconfiguration.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,5 @@
{{- if .Values.controller.enabled }}
{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
apiVersion: admissionregistration.k8s.io/v1
{{- else }}
apiVersion: admissionregistration.k8s.io/v1beta1
{{- end }}
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "consul.fullname" . }}-controller-mutating-webhook-configuration
Expand All @@ -22,19 +18,41 @@ webhooks:
path: /mutate-v1alpha1-proxydefaults
failurePolicy: Fail
admissionReviewVersions:
- "v1beta1"
- "v1"
- "v1beta1"
- "v1"
name: mutate-proxydefaults.consul.hashicorp.com
rules:
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- proxydefaults
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- proxydefaults
sideEffects: None
- clientConfig:
caBundle: Cg==
service:
name: {{ template "consul.fullname" . }}-controller-webhook
namespace: {{ .Release.Namespace }}
path: /mutate-v1alpha1-cluster
failurePolicy: Fail
admissionReviewVersions:
- "v1beta1"
- "v1"
name: mutate-cluster.consul.hashicorp.com
rules:
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- cluster
sideEffects: None
- clientConfig:
caBundle: Cg==
Expand All @@ -44,19 +62,19 @@ webhooks:
path: /mutate-v1alpha1-servicedefaults
failurePolicy: Fail
admissionReviewVersions:
- "v1beta1"
- "v1"
- "v1beta1"
- "v1"
name: mutate-servicedefaults.consul.hashicorp.com
rules:
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- servicedefaults
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- servicedefaults
sideEffects: None
- clientConfig:
caBundle: Cg==
Expand All @@ -66,19 +84,19 @@ webhooks:
path: /mutate-v1alpha1-serviceresolver
failurePolicy: Fail
admissionReviewVersions:
- "v1beta1"
- "v1"
- "v1beta1"
- "v1"
name: mutate-serviceresolver.consul.hashicorp.com
rules:
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- serviceresolvers
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- serviceresolvers
sideEffects: None
- clientConfig:
caBundle: Cg==
Expand All @@ -88,19 +106,19 @@ webhooks:
path: /mutate-v1alpha1-servicerouter
failurePolicy: Fail
admissionReviewVersions:
- "v1beta1"
- "v1"
- "v1beta1"
- "v1"
name: mutate-servicerouter.consul.hashicorp.com
rules:
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- servicerouters
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- servicerouters
sideEffects: None
- clientConfig:
caBundle: Cg==
Expand All @@ -110,19 +128,19 @@ webhooks:
path: /mutate-v1alpha1-servicesplitter
failurePolicy: Fail
admissionReviewVersions:
- "v1beta1"
- "v1"
- "v1beta1"
- "v1"
name: mutate-servicesplitter.consul.hashicorp.com
rules:
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- servicesplitters
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- servicesplitters
sideEffects: None
- clientConfig:
caBundle: Cg==
Expand All @@ -132,19 +150,19 @@ webhooks:
path: /mutate-v1alpha1-serviceintentions
failurePolicy: Fail
admissionReviewVersions:
- "v1beta1"
- "v1"
- "v1beta1"
- "v1"
name: mutate-serviceintentions.consul.hashicorp.com
rules:
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- serviceintentions
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- serviceintentions
sideEffects: None
- clientConfig:
caBundle: Cg==
Expand All @@ -154,19 +172,19 @@ webhooks:
path: /mutate-v1alpha1-ingressgateway
failurePolicy: Fail
admissionReviewVersions:
- "v1beta1"
- "v1"
- "v1beta1"
- "v1"
name: mutate-ingressgateway.consul.hashicorp.com
rules:
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- ingressgateways
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- ingressgateways
sideEffects: None
- clientConfig:
caBundle: Cg==
Expand All @@ -176,18 +194,18 @@ webhooks:
path: /mutate-v1alpha1-terminatinggateway
failurePolicy: Fail
admissionReviewVersions:
- "v1beta1"
- "v1"
- "v1beta1"
- "v1"
name: mutate-terminatinggateway.consul.hashicorp.com
rules:
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- terminatinggateways
- apiGroups:
- consul.hashicorp.com
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- terminatinggateways
sideEffects: None
{{- end }}
Loading

0 comments on commit 57a6869

Please sign in to comment.