summaryrefslogtreecommitdiffhomepage
path: root/test/kubernetes
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2020-10-09 17:09:39 -0700
committergVisor bot <gvisor-bot@google.com>2020-10-09 17:11:19 -0700
commit79a5910c04ed18901f755588003ca62d0646b763 (patch)
treedd77813a941caac52468f38863bcf22183bf0506 /test/kubernetes
parenta0ffc84adfe345e52a249bd1bac9c9f883bf0fe7 (diff)
Add gvisor webhook configuration
PiperOrigin-RevId: 336393190
Diffstat (limited to 'test/kubernetes')
-rw-r--r--test/kubernetes/gvisor-injection-admission-webhook.yaml89
1 files changed, 89 insertions, 0 deletions
diff --git a/test/kubernetes/gvisor-injection-admission-webhook.yaml b/test/kubernetes/gvisor-injection-admission-webhook.yaml
new file mode 100644
index 000000000..691f02dda
--- /dev/null
+++ b/test/kubernetes/gvisor-injection-admission-webhook.yaml
@@ -0,0 +1,89 @@
+# Copyright 2020 The gVisor Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: e2e
+ labels:
+ name: e2e
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: gvisor-injection-admission-webhook
+ namespace: e2e
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: gvisor-injection-admission-webhook
+rules:
+- apiGroups: [ admissionregistration.k8s.io ]
+ resources: [ mutatingwebhookconfigurations ]
+ verbs: [ create ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: gvisor-injection-admission-webhook
+ namespace: e2e
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: gvisor-injection-admission-webhook
+subjects:
+- kind: ServiceAccount
+ name: gvisor-injection-admission-webhook
+ namespace: e2e
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: gvisor-injection-admission-webhook
+ namespace: e2e
+ labels:
+ app: gvisor-injection-admission-webhook
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: gvisor-injection-admission-webhook
+ template:
+ metadata:
+ labels:
+ app: gvisor-injection-admission-webhook
+ spec:
+ containers:
+ - name: webhook
+ image: gcr.io/gke-gvisor/gvisor-injection-admission-webhook:54ce9bd
+ args:
+ - --log-level=debug
+ ports:
+ - containerPort: 8443
+ serviceAccountName: gvisor-injection-admission-webhook
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: gvisor-injection-admission-webhook
+ namespace: e2e
+spec:
+ selector:
+ app: gvisor-injection-admission-webhook
+ ports:
+ - protocol: TCP
+ port: 443
+ targetPort: 8443