diff --git a/deployments/custom-installation/deployManager.yaml b/deployments/custom-installation/deployManager.yaml
index 5d9ff99764c358ebd3006a156e210b9eec97699d..0a6f2684a1fe32861d523fe84e1887bbc2e6e44a 100644
--- a/deployments/custom-installation/deployManager.yaml
+++ b/deployments/custom-installation/deployManager.yaml
@@ -18638,6 +18638,44 @@ kind: ClusterRole
metadata:
name: l2sm-manager-role
rules:
+- apiGroups:
+ - apps
+ resources:
+ - replicasets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - pods/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - ""
+ resources:
+ - pods/status
+ verbs:
+ - get
+ - patch
+ - update
- apiGroups:
- l2sm.l2sm.k8s.local
resources:
@@ -18716,6 +18754,18 @@ rules:
- get
- patch
- update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - replicasets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -18842,6 +18892,26 @@ spec:
selector:
control-plane: controller-manager
---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/instance: webhook-service
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: service
+ app.kubernetes.io/part-of: controllermanager
+ name: l2sm-webhook-service
+ namespace: l2sm-system
+spec:
+ ports:
+ - port: 443
+ protocol: TCP
+ targetPort: 9443
+ selector:
+ control-plane: controller-manager
+---
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -18868,29 +18938,6 @@ spec:
control-plane: controller-manager
spec:
containers:
- - args:
- - --secure-listen-address=0.0.0.0:8443
- - --upstream=http://127.0.0.1:8080/
- - --logtostderr=true
- - --v=0
- image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
- name: kube-rbac-proxy
- ports:
- - containerPort: 8443
- name: https
- protocol: TCP
- resources:
- limits:
- cpu: 500m
- memory: 128Mi
- requests:
- cpu: 5m
- memory: 64Mi
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - ALL
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
@@ -18900,14 +18947,19 @@ spec:
env:
- name: CONTROLLER_IP
value: l2sm-controller-service.default.svc.cluster.local
- image: alexdecb/l2sm-controller-manager:2.4
+ - name: CONTROLLER_PORT
+ image: alexdecb/l2sm-controller-manager:2.5
livenessProbe:
httpGet:
path: /healthz
- port: 8081
+ port: 31043
initialDelaySeconds: 15
periodSeconds: 20
name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
readinessProbe:
httpGet:
path: /readyz
@@ -18926,9 +18978,111 @@ spec:
capabilities:
drop:
- ALL
+ volumeMounts:
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ - args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=0
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
+ name: kube-rbac-proxy
+ ports:
+ - containerPort: 8443
+ name: https
+ protocol: TCP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 5m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
securityContext:
runAsNonRoot: true
serviceAccountName: l2sm-controller-manager
terminationGracePeriodSeconds: 10
-
-
\ No newline at end of file
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: webhook-server-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ app.kubernetes.io/component: certificate
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/instance: serving-cert
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: certificate
+ app.kubernetes.io/part-of: controllermanager
+ name: l2sm-serving-cert
+ namespace: l2sm-system
+spec:
+ dnsNames:
+ - l2sm-webhook-service.l2sm-system.svc
+ - l2sm-webhook-service.l2sm-system.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: l2sm-selfsigned-issuer
+ secretName: webhook-server-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ app.kubernetes.io/component: certificate
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/instance: serving-cert
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: certificate
+ app.kubernetes.io/part-of: controllermanager
+ name: l2sm-selfsigned-issuer
+ namespace: l2sm-system
+spec:
+ selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: l2sm-system/l2sm-serving-cert
+ labels:
+ app.kubernetes.io/component: webhook
+ app.kubernetes.io/created-by: controllermanager
+ app.kubernetes.io/instance: mutating-webhook-configuration
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: mutatingwebhookconfiguration
+ app.kubernetes.io/part-of: controllermanager
+ name: l2sm-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ caBundle: ""
+ service:
+ name: l2sm-webhook-service
+ namespace: l2sm-system
+ path: /mutate-v1-pod
+ failurePolicy: Ignore
+ name: mpod.kb.io
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - pods
+ sideEffects: None