hyper-v-mutator

hyper-v-mutator.yaml

apiVersion: v1
kind: Namespace
metadata:
  labels:
    control-plane: controller-manager
  name: hyper-v-mutator-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: hyper-v-mutator-leader-election-role
  namespace: hyper-v-mutator-system
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
- apiGroups:
  - ""
  resources:
  - configmaps/status
  verbs:
  - get
  - update
  - patch
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: hyper-v-mutator-manager-role
rules:
- apiGroups:
  - windows.windows.k8s.io
  resources:
  - hypervs
  verbs:
  - create
  - delete
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - windows.windows.k8s.io
  resources:
  - hypervs/status
  verbs:
  - get
  - patch
  - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: hyper-v-mutator-proxy-role
rules:
- apiGroups:
  - authentication.k8s.io
  resources:
  - tokenreviews
  verbs:
  - create
- apiGroups:
  - authorization.k8s.io
  resources:
  - subjectaccessreviews
  verbs:
  - create
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: hyper-v-mutator-metrics-reader
rules:
- nonResourceURLs:
  - /metrics
  verbs:
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: hyper-v-mutator-leader-election-rolebinding
  namespace: hyper-v-mutator-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: hyper-v-mutator-leader-election-role
subjects:
- kind: ServiceAccount
  name: default
  namespace: hyper-v-mutator-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: hyper-v-mutator-manager-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: hyper-v-mutator-manager-role
subjects:
- kind: ServiceAccount
  name: default
  namespace: hyper-v-mutator-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: hyper-v-mutator-proxy-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: hyper-v-mutator-proxy-role
subjects:
- kind: ServiceAccount
  name: default
  namespace: hyper-v-mutator-system
---
apiVersion: v1
kind: Service
metadata:
  labels:
    control-plane: controller-manager
  name: hyper-v-mutator-controller-manager-metrics-service
  namespace: hyper-v-mutator-system
spec:
  ports:
  - name: https
    port: 8443
    targetPort: https
  selector:
    control-plane: controller-manager
---
apiVersion: v1
kind: Service
metadata:
  name: hyper-v-mutator-webhook-service
  namespace: hyper-v-mutator-system
spec:
  ports:
  - port: 443
    targetPort: 9443
  selector:
    control-plane: controller-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    control-plane: controller-manager
  name: hyper-v-mutator-controller-manager
  namespace: hyper-v-mutator-system
spec:
  replicas: 1
  selector:
    matchLabels:
      control-plane: controller-manager
  template:
    metadata:
      labels:
        control-plane: controller-manager
    spec:
      containers:
      - args:
        - --secure-listen-address=0.0.0.0:8443
        - --upstream=http://127.0.0.1:8080/
        - --logtostderr=true
        - --v=10
        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
        name: kube-rbac-proxy
        ports:
        - containerPort: 8443
          name: https
      - args:
        - --metrics-addr=127.0.0.1:8080
        - --enable-leader-election
        command:
        - /manager
        image: jsturtevant/hyperv-webhook:latest
        imagePullPolicy: Always
        name: manager
        ports:
        - containerPort: 9443
          name: webhook-server
          protocol: TCP
        resources:
          limits:
            cpu: 100m
            memory: 30Mi
          requests:
            cpu: 100m
            memory: 20Mi
        volumeMounts:
        - mountPath: /tmp/k8s-webhook-server/serving-certs
          name: cert
          readOnly: true
      terminationGracePeriodSeconds: 10
      volumes:
      - name: cert
        secret:
          defaultMode: 420
          secretName: webhook-server-cert
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
  name: hyper-v-mutator-serving-cert
  namespace: hyper-v-mutator-system
spec:
  dnsNames:
  - hyper-v-mutator-webhook-service.hyper-v-mutator-system.svc
  - hyper-v-mutator-webhook-service.hyper-v-mutator-system.svc.cluster.local
  issuerRef:
    kind: Issuer
    name: hyper-v-mutator-selfsigned-issuer
  secretName: webhook-server-cert
---
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
  name: hyper-v-mutator-selfsigned-issuer
  namespace: hyper-v-mutator-system
spec:
  selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
  annotations:
    cert-manager.io/inject-ca-from: hyper-v-mutator-system/hyper-v-mutator-serving-cert
  creationTimestamp: null
  name: hyper-v-mutator-mutating-webhook-configuration
webhooks:
- clientConfig:
    caBundle: Cg==
    service:
      name: hyper-v-mutator-webhook-service
      namespace: hyper-v-mutator-system
      path: /mutate-v1-pod
  failurePolicy: Fail
  name: mpod.kb.io
  rules:
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - pods