Skip to content

Commit

Permalink
Merge pull request #1 from RedisLabs/master
Browse files Browse the repository at this point in the history
aaa
  • Loading branch information
yuvallevy2 authored Aug 4, 2020
2 parents 3838255 + 142e72d commit a445545
Show file tree
Hide file tree
Showing 28 changed files with 1,311 additions and 296 deletions.
458 changes: 245 additions & 213 deletions README.md

Large diffs are not rendered by default.

157 changes: 157 additions & 0 deletions admission.bundle.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: redis-enterprise-admission
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: redis-enterprise-admission
rules:
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
verbs: ["create", "watch"]
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: redis-enterprise-admission
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: redis-enterprise-admission
subjects:
- kind: ServiceAccount
name: redis-enterprise-admission
roleRef:
kind: Role
name: redis-enterprise-admission
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: redis-enterprise-admission
subjects:
- kind: ServiceAccount
namespace: NAMESPACE_OF_SERVICE_ACCOUNT
name: redis-enterprise-admission
roleRef:
kind: ClusterRole
name: redis-enterprise-admission
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Service
metadata:
name: admission
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
app: redb-admission
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: admission-deploy
spec:
selector:
matchLabels:
app: redb-admission
template:
metadata:
labels:
app: redb-admission
spec:
serviceAccountName: redis-enterprise-admission
containers:
- name: admin
image: redislabs/operator:6.0.6-11
command:
- /usr/local/bin/admission
args:
- '-v=0'
imagePullPolicy: Always
ports:
- containerPort: 443
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
limits:
cpu: 100m
memory: 512Mi
requests:
cpu: 25m
memory: 256Mi
readinessProbe:
failureThreshold: 3
successThreshold: 1
periodSeconds: 30
timeoutSeconds: 10
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initContainers:
- name: admin-init
image: redislabs/operator:6.0.6-11
command:
- /usr/local/bin/admission
args:
- '-generate-tls'
- '-v=1'
imagePullPolicy: Always
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
resources:
limits:
cpu: 2000m
memory: 256Mi
requests:
cpu: 100m
memory: 256Mi

---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: redb-admission
webhooks:
- name: redb.admission.redislabs
failurePolicy: Fail
rules:
- apiGroups: ["app.redislabs.com"]
apiVersions: ["v1alpha1"]
operations: ["*"]
resources: ["redisenterprisedatabases"]
clientConfig:
service:
namespace: NAMESPACE_OF_SERVICE_ACCOUNT
name: admission
path: /admission
caBundle: "" # Fill in with BASE64 encoded signed cert
admissionReviewVersions: ["v1beta1"]
---
157 changes: 157 additions & 0 deletions admission.openshift.bundle.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: redis-enterprise-admission
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: redis-enterprise-admission
rules:
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
verbs: ["create", "watch"]
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: redis-enterprise-admission
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: redis-enterprise-admission
subjects:
- kind: ServiceAccount
name: redis-enterprise-admission
roleRef:
kind: Role
name: redis-enterprise-admission
apiGroup: rbac.authorization.k8s.io
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: redis-enterprise-admission
subjects:
- kind: ServiceAccount
namespace: NAMESPACE_OF_SERVICE_ACCOUNT
name: redis-enterprise-admission
roleRef:
kind: ClusterRole
name: redis-enterprise-admission
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Service
metadata:
name: admission
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
app: redb-admission
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: admission-deploy
spec:
selector:
matchLabels:
app: redb-admission
template:
metadata:
labels:
app: redb-admission
spec:
serviceAccountName: redis-enterprise-admission
containers:
- name: admin
image: redislabs/operator:6.0.6-11.rhel7
command:
- /usr/local/bin/admission
args:
- '-v=0'
imagePullPolicy: Always
ports:
- containerPort: 443
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
limits:
cpu: 100m
memory: 512Mi
requests:
cpu: 25m
memory: 256Mi
readinessProbe:
failureThreshold: 3
successThreshold: 1
periodSeconds: 30
timeoutSeconds: 10
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initContainers:
- name: admin-init
image: redislabs/operator:6.0.6-11.rhel7
command:
- /usr/local/bin/admission
args:
- '-generate-tls'
- '-v=1'
imagePullPolicy: Always
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
resources:
limits:
cpu: 2000m
memory: 256Mi
requests:
cpu: 100m
memory: 256Mi

---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: redb-admission
webhooks:
- name: redb.admission.redislabs
failurePolicy: Fail
rules:
- apiGroups: ["app.redislabs.com"]
apiVersions: ["v1alpha1"]
operations: ["*"]
resources: ["redisenterprisedatabases"]
clientConfig:
service:
namespace: NAMESPACE_OF_SERVICE_ACCOUNT
name: admission
path: /admission
caBundle: "" # Fill in with BASE64 encoded signed cert
admissionReviewVersions: ["v1beta1"]
---
Loading

0 comments on commit a445545

Please sign in to comment.