nonrtric-plt-auth-token-fetch:1.1.1 Release docker image
[nonrtric.git] / service-exposure / rapps-webhook.yaml
1 #
2 # ============LICENSE_START=======================================================
3 #  Copyright (C) 2022-2023 Nordix Foundation.
4 # ================================================================================
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
8 #
9 #      http://www.apache.org/licenses/LICENSE-2.0
10 #
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
16 #
17 # SPDX-License-Identifier: Apache-2.0
18 # ============LICENSE_END=========================================================
19 #
20 ---
21 apiVersion: v1
22 kind: ServiceAccount
23 metadata:
24   name: webhook-app
25   namespace: default
26 ---
27 apiVersion: rbac.authorization.k8s.io/v1
28 kind: ClusterRoleBinding
29 metadata:
30   name: webhook-app
31 roleRef:
32   apiGroup: rbac.authorization.k8s.io
33   kind: ClusterRole
34   name: cluster-admin
35 subjects:
36   - kind: ServiceAccount
37     name: webhook-app
38     namespace: default
39 ---
40 apiVersion: apps/v1
41 kind: Deployment
42 metadata:
43   name: jwt-proxy-admission-controller-deployment
44   namespace: default
45   labels:
46     app: jwt-proxy-admission-controller
47     app.kubernetes.io/instance: jwt-proxy-admission-controller
48     app.kubernetes.io/name: jwt-proxy-admission-controller
49 spec:
50   selector:
51     matchLabels:
52       app: jwt-proxy-admission-controller
53   template:
54     metadata:
55       labels:
56         app: jwt-proxy-admission-controller
57         version: v1
58         app.kubernetes.io/instance: jwt-proxy-admission-controller
59         app.kubernetes.io/name: jwt-proxy-admission-controller
60     spec:
61       serviceAccountName: webhook-app
62       containers:
63       - name: jwt-proxy-admission-controller
64         image: ktimoney/rapps-webhook
65         imagePullPolicy: IfNotPresent
66         command: ["/app/rapps-webhook"]
67         args: [
68                 "-port", "8443",
69                 "-tlsCertFile", "/certs/tls.crt",
70                 "-tlsKeyFile", "/certs/tls.key",
71                 "-secret", "cm-keycloak-client-certs",
72               ]
73         ports:
74         - containerPort: 8443
75         resources:
76           limits:
77             memory: 256Mi
78             cpu: "250m"
79           requests:
80             memory: 128Mi
81             cpu: "80m"
82         volumeMounts:
83           - readOnly: true
84             mountPath: /certs
85             name: webhook-cert
86       volumes:
87         - name: webhook-cert
88           secret:
89             secretName: cm-webhook-server-certs
90   replicas: 1
91 ---
92 apiVersion: v1
93 kind: Service
94 metadata:
95   name: jwt-proxy-admission-controller
96   namespace: default
97   labels:
98     app: jwt-proxy-admission-controller
99     app.kubernetes.io/instance: jwt-proxy-admission-controller
100     app.kubernetes.io/name: jwt-proxy-admission-controller
101 spec:
102   selector:
103     app: jwt-proxy-admission-controller
104   ports:
105     - protocol: TCP
106       port: 443
107       targetPort: 8443
108       nodePort: 30570
109   type: NodePort
110 ---