Skip to content

Commit

Permalink
Helm updates to add autoAnnotationConfig and Namespace/Workload Webhooks
Browse files Browse the repository at this point in the history
  • Loading branch information
sky333999 committed Feb 9, 2024
1 parent 0bb89bd commit 1372fcf
Show file tree
Hide file tree
Showing 5 changed files with 135 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,66 @@ webhooks:
- pods
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-namespace
failurePolicy: {{ .Values.admissionWebhooks.pods.failurePolicy }}
name: mnamespace.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- namespaces
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-workload
failurePolicy: {{ .Values.admissionWebhooks.pods.failurePolicy }}
name: mworkload.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- daemonsets
- deployments
- statefulsets
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
Expand Down
62 changes: 62 additions & 0 deletions helm/templates/admission-webhooks/operator-webhook.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,68 @@ webhooks:
- pods
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-namespace
caBundle: {{ $ca.Cert | b64enc }}
failurePolicy: {{ .Values.admissionWebhooks.pods.failurePolicy }}
name: mnamespace.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- namespaces
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
- admissionReviewVersions:
- v1
clientConfig:
service:
name: {{ template "amazon-cloudwatch-observability.webhookServiceName" . }}
namespace: {{ .Release.Namespace }}
path: /mutate-v1-workload
caBundle: {{ $ca.Cert | b64enc }}
failurePolicy: {{ .Values.admissionWebhooks.pods.failurePolicy }}
name: mworkload.kb.io
{{- if .Values.admissionWebhooks.namespaceSelector }}
namespaceSelector:
{{- toYaml .Values.admissionWebhooks.namespaceSelector | nindent 6 }}
{{- end }}
{{- if .Values.admissionWebhooks.objectSelector }}
objectSelector:
{{- toYaml .Values.admissionWebhooks.objectSelector | nindent 6 }}
{{- end }}
rules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- daemonsets
- deployments
- statefulsets
sideEffects: None
timeoutSeconds: {{ .Values.admissionWebhooks.timeoutSeconds }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
Expand Down
2 changes: 1 addition & 1 deletion helm/templates/operator-clusterrole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ rules:
verbs: [ "create", "patch" ]
- apiGroups: [ "" ]
resources: [ "namespaces" ]
verbs: [ "list","watch" ]
verbs: [ "get","list","patch","update","watch" ]
- apiGroups: [ "" ]
resources: [ "serviceaccounts" ]
verbs: [ "create","delete","get","list","patch","update","watch" ]
Expand Down
1 change: 1 addition & 0 deletions helm/templates/operator-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ spec:
containers:
- image: {{ template "cloudwatch-agent-operator.image" . }}
args:
- {{ printf "--auto-annotation-config=%s" (.Values.manager.autoAnnotation | toJson) | quote }}
- "--auto-instrumentation-java-image={{ .Values.manager.autoInstrumentationImage.java.repository }}:{{ .Values.manager.autoInstrumentationImage.java.tag }}"
- "--auto-instrumentation-python-image={{ .Values.manager.autoInstrumentationImage.python.repository }}:{{ .Values.manager.autoInstrumentationImage.python.tag }}"
command:
Expand Down
11 changes: 11 additions & 0 deletions helm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,17 @@ manager:
python:
repository: ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python
tag: 0.43b0
autoAnnotation:
java:
namespaces: [ ]
deployments: [ ]
daemonsets: [ ]
statefulsets: [ ]
python:
namespaces: [ ]
deployments: [ ]
daemonsets: [ ]
statefulsets: [ ]
ports:
containerPort: 9443
metricsPort: 8080
Expand Down

0 comments on commit 1372fcf

Please sign in to comment.