diff options
author | Kevin Krakauer <krakauer@google.com> | 2020-10-09 17:09:39 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-10-09 17:11:19 -0700 |
commit | 79a5910c04ed18901f755588003ca62d0646b763 (patch) | |
tree | dd77813a941caac52468f38863bcf22183bf0506 /test/kubernetes | |
parent | a0ffc84adfe345e52a249bd1bac9c9f883bf0fe7 (diff) |
Add gvisor webhook configuration
PiperOrigin-RevId: 336393190
Diffstat (limited to 'test/kubernetes')
-rw-r--r-- | test/kubernetes/gvisor-injection-admission-webhook.yaml | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/test/kubernetes/gvisor-injection-admission-webhook.yaml b/test/kubernetes/gvisor-injection-admission-webhook.yaml new file mode 100644 index 000000000..691f02dda --- /dev/null +++ b/test/kubernetes/gvisor-injection-admission-webhook.yaml @@ -0,0 +1,89 @@ +# Copyright 2020 The gVisor Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: v1 +kind: Namespace +metadata: + name: e2e + labels: + name: e2e +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gvisor-injection-admission-webhook + namespace: e2e +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gvisor-injection-admission-webhook +rules: +- apiGroups: [ admissionregistration.k8s.io ] + resources: [ mutatingwebhookconfigurations ] + verbs: [ create ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gvisor-injection-admission-webhook + namespace: e2e +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gvisor-injection-admission-webhook +subjects: +- kind: ServiceAccount + name: gvisor-injection-admission-webhook + namespace: e2e +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gvisor-injection-admission-webhook + namespace: e2e + labels: + app: gvisor-injection-admission-webhook +spec: + replicas: 1 + selector: + matchLabels: + app: gvisor-injection-admission-webhook + template: + metadata: + labels: + app: gvisor-injection-admission-webhook + spec: + containers: + - name: webhook + image: gcr.io/gke-gvisor/gvisor-injection-admission-webhook:54ce9bd + args: + - --log-level=debug + ports: + - containerPort: 8443 + serviceAccountName: gvisor-injection-admission-webhook +--- +kind: Service +apiVersion: v1 +metadata: + name: gvisor-injection-admission-webhook + namespace: e2e +spec: + selector: + app: gvisor-injection-admission-webhook + ports: + - protocol: TCP + port: 443 + targetPort: 8443 |