admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4159 from yuswift/remove-webhook-file

Browse Source 
remove config/webhook config/samples config/servicemesh config/rbac config/default dir
This commit is contained in:
KubeSphere CI Bot
2021-08-19 14:10:09 +08:00
committed by GitHub
parent 75cf8b51c8 fd128c213f
commit ddc645838d
41 changed files with 0 additions and 947 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
config/default/kustomization.yaml
View File

@@ -1,49 +0,0 @@
# Add namespace to all resources.
namespace: t-system
# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: t-
# Labels to add to all resources and selectors.
#commonLabels:
# someName: someValue
# Each entry in this list must resolve to an existing
# resource definition in YAML. These are the resource
# files that kustomize reads, modifies and emits as a
# YAML string, with resources separated by document
# markers ("---").
resources:
- ../rbac/rbac_role.yaml
- ../rbac/rbac_role_binding.yaml
- ../manager/manager.yaml
# Comment the following 3 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint.
#- ../rbac/auth_proxy_service.yaml
#- ../rbac/auth_proxy_role.yaml
#- ../rbac/auth_proxy_role_binding.yaml
patches:
- manager_image_patch.yaml
# Protect the /metrics endpoint by putting it behind auth.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
- manager_auth_proxy_patch.yaml
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, uncomment the following line and
# comment manager_auth_proxy_patch.yaml.
# Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled.
#- manager_prometheus_metrics_patch.yaml
vars:
- name: WEBHOOK_SECRET_NAME
objref:
kind: Secret
name: webhook-server-secret
apiVersion: v1

24
config/default/manager_auth_proxy_patch.yaml
View File

@@ -1,24 +0,0 @@
# This patch injects a sidecar container which is an HTTP proxy for the controller manager.
# It performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: quay.io/coreos/kube-rbac-proxy:v0.4.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https
- name: manager
args:
- "--metrics-addr=127.0.0.1:8080"

12
config/default/manager_image_patch.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: kubespheredev/controller-manager:latest
name: manager

19
config/default/manager_prometheus_metrics_patch.yaml
View File

@@ -1,19 +0,0 @@
# This patch enables Prometheus scraping for the manager pod.
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: controller-manager
namespace: system
spec:
template:
metadata:
annotations:
prometheus.io/scrape: 'true'
spec:
containers:
# Expose the prometheus metrics on default port
- name: manager
ports:
- containerPort: 8080
name: metrics
protocol: TCP

20
config/default/provisonercapability/aws-ebs.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: kubernetes-io-aws-ebs
spec:
pluginInfo:
name: kubernetes.io/aws-ebs
version: ""
features:
topology: false
volume:
create: true
attach: true
clone: false
list: false
stats: false
expandMode: ONLINE
snapshot:
create: false
list: false

20
config/default/provisonercapability/azure-disk.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: kubernetes-io-azure-disk
spec:
pluginInfo:
name: kubernetes.io/azure-disk
version: ""
features:
topology: false
volume:
create: true
attach: true
clone: false
list: false
stats: false
expandMode: OFFLINE
snapshot:
create: false
list: false

20
config/default/provisonercapability/azure-file.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: kubernetes-io-azure-file
spec:
pluginInfo:
name: kubernetes.io/azure-file
version: ""
features:
topology: false
volume:
create: true
attach: true
clone: false
list: false
stats: false
expandMode: OFFLINE
snapshot:
create: false
list: false

20
config/default/provisonercapability/cinder.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: kubernetes-io-cinder
spec:
pluginInfo:
name: kubernetes.io/cinder
version: ""
features:
topology: false
volume:
create: true
attach: true
clone: false
list: false
stats: false
expandMode: ONLINE
snapshot:
create: false
list: false

20
config/default/provisonercapability/disk-csi-qingcloud-com.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: disk-csi-qingcloud-com
spec:
pluginInfo:
name: disk.csi.qingcloud.com
version: ""
features:
topology: true
snapshot:
create: true
list: false
volume:
attach: true
clone: true
create: true
expandMode: OFFLINE
list: false
stats: true

20
config/default/provisonercapability/gce-pd.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: kubernetes-io-gce-pd
spec:
pluginInfo:
name: kubernetes.io/gce-pd
version: ""
features:
topology: false
volume:
create: true
attach: true
clone: false
list: false
stats: false
expandMode: ONLINE
snapshot:
create: false
list: false

20
config/default/provisonercapability/glusterfs.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: kubernetes-io-glusterfs
spec:
pluginInfo:
name: kubernetes.io/glusterfs
version: ""
features:
topology: false
volume:
create: true
attach: true
clone: false
list: false
stats: false
expandMode: OFFLINE
snapshot:
create: false
list: false

20
config/default/provisonercapability/neonsan-csi-qingstor-com.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: neonsan-csi-qingstor-com
spec:
pluginInfo:
name: neonsan.csi.qingstor.com
version: ""
features:
topology: false
snapshot:
create: true
list: false
volume:
attach: true
clone: true
create: true
expandMode: OFFLINE
list: false
stats: true

20
config/default/provisonercapability/portworx-volume.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: kubernetes-io-portworx-volume
spec:
pluginInfo:
name: kubernetes.io/portworx-volume
version: ""
features:
topology: false
volume:
create: true
attach: true
clone: false
list: false
stats: false
expandMode: OFFLINE
snapshot:
create: false
list: false

20
config/default/provisonercapability/rbd.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: kubernetes-io-rbd
spec:
pluginInfo:
name: kubernetes.io/rbd
version: ""
features:
topology: false
volume:
create: true
attach: true
clone: false
list: false
stats: false
expandMode: ONLINE
snapshot:
create: false
list: false

83
config/manager/manager.yaml
View File

@@ -1,83 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
name: system
---
apiVersion: v1
kind: Service
metadata:
name: controller-manager-service
namespace: system
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
selector:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
ports:
- port: 443
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
selector:
matchLabels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
serviceName: controller-manager-service
template:
metadata:
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
spec:
containers:
- command:
- ./controller-manager
image: kubespheredev/controller-manager:latest
imagePullPolicy: Always
name: manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SECRET_NAME
value: $(WEBHOOK_SECRET_NAME)
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/cert
name: cert
readOnly: true
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-secret
---
apiVersion: v1
kind: Secret
metadata:
name: webhook-server-secret
namespace: system

13
config/rbac/auth_proxy_role.yaml generated
View File

@@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
- tokenreviews
verbs: ["create"]
- apiGroups: ["authorization.k8s.io"]
resources:
- subjectaccessreviews
verbs: ["create"]

12
config/rbac/auth_proxy_role_binding.yaml generated
View File

@@ -1,12 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

20
config/rbac/auth_proxy_service.yaml generated
View File

@@ -1,20 +0,0 @@
apiVersion: v1
kind: Service
metadata:
annotations:
prometheus.io/port: "8443"
prometheus.io/scheme: https
prometheus.io/scrape: "true"
labels:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
controller-tools.k8s.io: "1.0"

171
config/rbac/rbac_role.yaml generated
View File

@@ -1,171 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- core.kubesphere.io
resources:
- namespaces
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- core.kubesphere.io
resources:
- namespaces/status
verbs:
- get
- update
- patch
- apiGroups:
- core.kubesphere.io
resources:
- namespaces
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- core.kubesphere.io
resources:
- namespaces/status
verbs:
- get
- update
- patch
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
- deployments/status
verbs:
- get
- update
- patch
- apiGroups:
- devops.kubesphere.io
resources:
- s2ibinaries
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- devops.kubesphere.io
resources:
- s2ibinaries/status
verbs:
- get
- update
- patch
- apiGroups:
- tenant.kubesphere.io
resources:
- workspaces
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- tenant.kubesphere.io
resources:
- workspaces/status
verbs:
- get
- update
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- "storage.k8s.io"
resources:
- storageclasses
verbs:
- get
- list
- watch
- apiGroups:
- "snapshot.storage.k8s.io"
resources:
- volumesnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- "storage.kubesphere.io"
resources:
- storageclasscapabilities
verbs:
- create
- get
- list
- watch
- update
- patch
- delete

13
config/rbac/rbac_role_binding.yaml generated
View File

@@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
creationTimestamp: null
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: system

54
config/rbac/role.yaml generated
View File

@@ -1,54 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- crd.projectcalico.org
resources:
- clusterinformations
- felixconfigurations
- globalfelixconfigs
- globalnetworkpolicies
- globalnetworksets
- hostendpoints
- ipamblocks
- ippools
- networkpolicies
- networksets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- network.kubesphere.io
resources:
- namespacenetworkpolicies
- workspacenetworkpolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- tenant.kubesphere.io
resources:
- workspaces
verbs:
- create
- delete
- get
- list
- patch
- update
- watch

6
config/samples/devops_v1alpha1_s2ibinary.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: devops.kubesphere.io/v1alpha1
kind: S2iBinary
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: s2ibinary-sample

9
config/samples/devops_v1alpha3_devopsproject.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: devops.kubesphere.io/v1alpha3
kind: DevOpsProject
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: devopsproject-sample
spec:
# Add fields here
foo: bar

9
config/samples/devops_v1alpha3_pipeline.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: devops.kubesphere.io/v1alpha3
kind: Pipeline
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: pipeline-sample
spec:
# Add fields here
foo: bar

14
config/samples/iam_v1alpha2_globalrole.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: global-admin
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'

14
config/samples/iam_v1alpha2_globalrolebinding.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRoleBinding
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: admin
roleRef:
apiGroup: iam.kubesphere.io/v1alpha2
kind: GlobalRole
name: global-admin
subjects:
- apiGroup: iam.kubesphere.io/v1alpha2
kind: User
name: admin

4
config/samples/iam_v1alpha2_group.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: iam.kubesphere.io/v1alpha2
kind: Group
metadata:
name: group2

12
config/samples/iam_v1alpha2_groupbinding.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: iam.kubesphere.io/v1alpha2
kind: GroupBinding
metadata:
name: groupbinding-sample1
groupRef:
apiGroup: rbac.authorization.k8s.io
kind: Group
name: groupdemo
users:
- user1
- user2

16
config/samples/iam_v1alpha2_rolebindings.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
iam.kubesphere.io/group-ref: admin
name: group-group1-admin
namespace: proj2
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: group1

9
config/samples/iam_v1alpha2_user.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: iam.kubesphere.io/v1alpha2
kind: User
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: admin
spec:
email: admin@kubesphere.io
password: P@88w0rd

9
config/samples/network_v1alpha1_namespacenetworkpolicy.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: network.kubesphere.io/v1alpha1
kind: NamespaceNetworkPolicy
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: namespacenetworkpolicy-sample
spec:
# Add fields here
foo: bar

9
config/samples/servicemesh_v1alpha2_servicepolicy.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: servicemesh.kubesphere.io/v1alpha2
kind: ServicePolicy
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: servicepolicy-sample
spec:
# Add fields here
foo: bar

28
config/samples/servicemesh_v1alpha2_strategy.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: servicemesh.kubesphere.io/v1alpha2
kind: Strategy
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: strategy-sample
spec:
# Add fields here
type: Canary
selector:
matchLabels:
"servicemesh.kubesphere.io/type": "canary"
template:
spec:
service: "details"
principal: "v1"
hosts:
- details
http:
- route:
- destination:
host: "details"
subset: v1
weight: 60
- destination:
host: "details"
subset: v2
weight: 40

20
config/samples/storage_v1alpha1_provisionercapability.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: ProvisionerCapability
metadata:
name: kubernetes-io-no-provisioner
spec:
pluginInfo:
name: kubernetes.io/no-provisioner
version: ""
features:
topology: false
volume:
create: true
attach: true
clone: false
list: false
stats: fasle
expandMode: OFFLINE
snapshot:
create: fasle
list: false

18
config/samples/storage_v1alpha1_storageclasscapability.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: storage.kubesphere.io/v1alpha1
kind: StorageClassCapability
metadata:
name: example-sc
spec:
provisioner: "csi.example.sc"
features:
topology: true
volume:
create: true
attach: true
clone: true
list: false
stats: true
expandMode: UNKNOWN
snapshot:
create: true
list: false

8
config/samples/tenant_v1alpha1_workspace.yaml
View File

@@ -1,8 +0,0 @@
apiVersion: tenant.kubesphere.io/v1alpha1
kind: Workspace
metadata:
labels:
controller-tools.k8s.io: "1.0"
name: workspace-sample
spec:
manager: admin

25
config/webhook/iam.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: kubesphere-iam-validator
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: <caBundle>
service:
name: ks-controller-manager
namespace: kubesphere-system
path: /validate-email-iam-kubesphere-io-v1alpha2
failurePolicy: Fail
name: vemail.iam.kubesphere.io
rules:
- apiGroups:
- iam.kubesphere.io
apiVersions:
- v1alpha2
operations:
- CREATE
- UPDATE
resources:
- users

13
config/webhook/ks-controller-manager.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: ks-controller-manager
namespace: kubesphere-system
spec:
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
app: ks-controller-manager
tier: backend

0
config/webhook/manifests.yaml
View File

24
config/webhook/network.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
creationTimestamp: null
name: kubesphere-nsnp-validate
webhooks:
- clientConfig:
caBundle: <caBundle>
service:
name: ks-controller-manager
namespace: kubesphere-system
path: /validate-network-kubesphere-io-v1alpha1
failurePolicy: Fail
name: validate.nsnp.kubesphere.io
rules:
- apiGroups:
- network.kubesphere.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- namespacenetworkpolicies

30
config/webhook/quota.yaml
View File

@@ -1,30 +0,0 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: resourcesquotas.quota.kubesphere.io
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
caBundle: <caBundle>
service:
name: ks-controller-manager
namespace: kubesphere-system
path: /validate-quota-kubesphere-io-v1alpha2
port: 443
failurePolicy: Ignore
matchPolicy: Exact
name: resourcesquotas.quota.kubesphere.io
namespaceSelector: {}
objectSelector: {}
rules:
- apiGroups:
- '*'
apiVersions:
- '*'
operations:
- CREATE
resources:
- pods
scope: '*'
sideEffects: None