service-exposure/rapps-webhook.yaml

   1 #
   2 # ============LICENSE_START=======================================================
   3 #  Copyright (C) 2022-2023 Nordix Foundation.
   4 # ================================================================================
   5 # Licensed under the Apache License, Version 2.0 (the "License");
   6 # you may not use this file except in compliance with the License.
   7 # You may obtain a copy of the License at
   8 #
   9 #      http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS,
  13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 # See the License for the specific language governing permissions and
  15 # limitations under the License.
  16 #
  17 # SPDX-License-Identifier: Apache-2.0
  18 # ============LICENSE_END=========================================================
  19 #
  20 ---
  21 apiVersion: v1
  22 kind: ServiceAccount
  23 metadata:
  24   name: webhook-app
  25   namespace: default
  26 ---
  27 apiVersion: rbac.authorization.k8s.io/v1
  28 kind: ClusterRoleBinding
  29 metadata:
  30   name: webhook-app
  31 roleRef:
  32   apiGroup: rbac.authorization.k8s.io
  33   kind: ClusterRole
  34   name: cluster-admin
  35 subjects:
  36   - kind: ServiceAccount
  37     name: webhook-app
  38     namespace: default
  39 ---
  40 apiVersion: apps/v1
  41 kind: Deployment
  42 metadata:
  43   name: jwt-proxy-admission-controller-deployment
  44   namespace: default
  45   labels:
  46     app: jwt-proxy-admission-controller
  47     app.kubernetes.io/instance: jwt-proxy-admission-controller
  48     app.kubernetes.io/name: jwt-proxy-admission-controller
  49 spec:
  50   selector:
  51     matchLabels:
  52       app: jwt-proxy-admission-controller
  53   template:
  54     metadata:
  55       labels:
  56         app: jwt-proxy-admission-controller
  57         version: v1
  58         app.kubernetes.io/instance: jwt-proxy-admission-controller
  59         app.kubernetes.io/name: jwt-proxy-admission-controller
  60     spec:
  61       serviceAccountName: webhook-app
  62       containers:
  63       - name: jwt-proxy-admission-controller
  64         image: ktimoney/rapps-webhook
  65         imagePullPolicy: IfNotPresent
  66         command: ["/app/rapps-webhook"]
  67         args: [
  68                 "-port", "8443",
  69                 "-tlsCertFile", "/certs/tls.crt",
  70                 "-tlsKeyFile", "/certs/tls.key",
  71                 "-secret", "cm-keycloak-client-certs",
  72               ]
  73         ports:
  74         - containerPort: 8443
  75         resources:
  76           limits:
  77             memory: 256Mi
  78             cpu: "250m"
  79           requests:
  80             memory: 128Mi
  81             cpu: "80m"
  82         volumeMounts:
  83           - readOnly: true
  84             mountPath: /certs
  85             name: webhook-cert
  86       volumes:
  87         - name: webhook-cert
  88           secret:
  89             secretName: cm-webhook-server-certs
  90   replicas: 1
  91 ---
  92 apiVersion: v1
  93 kind: Service
  94 metadata:
  95   name: jwt-proxy-admission-controller
  96   namespace: default
  97   labels:
  98     app: jwt-proxy-admission-controller
  99     app.kubernetes.io/instance: jwt-proxy-admission-controller
 100     app.kubernetes.io/name: jwt-proxy-admission-controller
 101 spec:
 102   selector:
 103     app: jwt-proxy-admission-controller
 104   ports:
 105     - protocol: TCP
 106       port: 443
 107       targetPort: 8443
 108       nodePort: 30570
 109   type: NodePort
 110 ---