You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47 lines
1.2 KiB
47 lines
1.2 KiB
# This overlay uses CertManager to provision a certificate for the
|
|
# PodDefaults admission controller. This is preferred over the old
|
|
# way of using "bootstrap" which was running a shell script to create
|
|
# the certificate.
|
|
# TODO(jlewi): We should eventually refactor the manifests to delete
|
|
# bootstrap and use certmanager by default.
|
|
bases:
|
|
- ../../base
|
|
|
|
resources:
|
|
- certificate.yaml
|
|
|
|
namespace: kubeflow
|
|
|
|
namePrefix: admission-webhook-
|
|
|
|
commonLabels:
|
|
app: poddefaults
|
|
kustomize.component: poddefaults
|
|
app.kubernetes.io/component: poddefaults
|
|
app.kubernetes.io/name: poddefaults
|
|
|
|
patchesStrategicMerge:
|
|
- mutating-webhook-configuration.yaml
|
|
- deployment.yaml
|
|
|
|
generatorOptions:
|
|
disableNameSuffixHash: true
|
|
|
|
vars:
|
|
# These vars are used to substitute in the namespace, service name and
|
|
# deployment name into the mutating WebHookConfiguration.
|
|
# Since its a CR kustomize isn't aware of those fields and won't
|
|
# transform them.
|
|
# We need the var names to be relatively unique so that when we
|
|
# compose with other applications they won't conflict.
|
|
- name: podDefaultsCertName
|
|
objref:
|
|
kind: Certificate
|
|
group: cert-manager.io
|
|
version: v1
|
|
name: cert
|
|
fieldref:
|
|
fieldpath: metadata.name
|
|
|
|
configurations:
|
|
- params.yaml
|
|
|