unpack obscpio files

2024-10-22 10:51:51 +03:00
parent beab68c274
commit 21086b77bb
182 changed files with 15763 additions and 0 deletions
--- a/metallb-chart/charts/frr-k8s/templates/webhooks.yaml
+++ b/metallb-chart/charts/frr-k8s/templates/webhooks.yaml
@@ -0,0 +1,163 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "frrk8s.fullname" . }}-webhook-server
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "frrk8s.labels" . | nindent 4 }}
+    app.kubernetes.io/component: frr-k8s-webhook-server
+    {{- range $key, $value := .Values.frrk8s.labels }}
+    {{ $key }}: {{ $value | quote }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: frr-k8s-webhook-server
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: frr-k8s-webhook-server
+      labels:
+        app.kubernetes.io/component: frr-k8s-webhook-server
+    spec:
+      {{- if .Values.frrk8s.runtimeClassName }}
+      runtimeClassName: {{ .Values.frrk8s.runtimeClassName }}
+      {{- end }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- end }}
+      containers:
+      - command:
+        - /frr-k8s
+        args:
+        {{- with .Values.frrk8s.logLevel }}
+        - --log-level={{ . }}
+        {{- end }}
+        - "--webhook-mode=onlywebhook"
+        {{- if .Values.frrk8s.disableCertRotation }}
+        - "--disable-cert-rotation=true"
+        {{- end }}
+        {{- if .Values.frrk8s.restartOnRotatorSecretRefresh }}
+        - "--restart-on-rotator-secret-refresh=true"
+        {{- end }}
+        - "--namespace=$(NAMESPACE)"
+        - --health-probe-bind-address=:8081
+        env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: {{ .Values.frrk8s.image.repository }}:{{ .Values.frrk8s.image.tag | default .Chart.AppVersion }}
+        {{- if .Values.frrk8s.image.pullPolicy }}
+        imagePullPolicy: {{ .Values.frrk8s.image.pullPolicy }}
+        {{- end }}
+        name: frr-k8s-webhook-server
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+          readOnlyRootFilesystem: true
+        {{- if .Values.frrk8s.livenessProbe.enabled }}
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: {{ .Values.frrk8s.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }}
+          failureThreshold: {{ .Values.frrk8s.livenessProbe.failureThreshold }}
+        {{- end }}
+        {{- if .Values.frrk8s.readinessProbe.enabled }}
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: {{ .Values.frrk8s.readinessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.frrk8s.readinessProbe.periodSeconds }}
+          failureThreshold: {{ .Values.frrk8s.readinessProbe.failureThreshold }}
+        {{- end }}
+        {{- with .Values.frrk8s.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        volumeMounts:
+        - name: cert
+          mountPath: /tmp/k8s-webhook-server/serving-certs
+          readOnly: true
+      {{- with .Values.frrk8s.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if or .Values.frrk8s.tolerateMaster .Values.frrk8s.tolerations }}
+      tolerations:
+      {{- if .Values.frrk8s.tolerateMaster }}
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+        operator: Exists
+      - key: node-role.kubernetes.io/control-plane
+        effect: NoSchedule
+        operator: Exists
+      {{- end }}
+      {{- with .Values.frrk8s.tolerations }}
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- end }}
+      {{- with .Values.frrk8s.priorityClassName }}
+      priorityClassName: {{ . | quote }}
+      {{- end }}
+      volumes:
+        - name: cert
+          secret:
+            defaultMode: 420
+            secretName: frr-k8s-webhook-server-cert
+      serviceAccountName: {{ template "frrk8s.serviceAccountName" . }}
+      terminationGracePeriodSeconds: 10
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: frr-k8s-webhook-server-cert
+  namespace: {{ .Release.Namespace | quote }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: frr-k8s-webhook-service
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  ports:
+  - port: 443
+    targetPort: 9443
+  selector:
+    app.kubernetes.io/component: frr-k8s-webhook-server
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: frr-k8s-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: frr-k8s-webhook-service
+      namespace: {{ .Release.Namespace }}
+      path: /validate-frrk8s-metallb-io-v1beta1-frrconfiguration
+  failurePolicy: {{ .Values.crds.validationFailurePolicy }}
+  name: frrconfigurationsvalidationwebhook.metallb.io
+  rules:
+  - apiGroups:
+    - frrk8s.metallb.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - frrconfigurations
+  sideEffects: None