Skip to content
This repository was archived by the owner on Apr 17, 2025. It is now read-only.

Commit 8815241

Browse files
zfrhvzfrhv
committed
exclude openshift namespaces via regex
Signed-off-by: Zahar Pecherichny <[email protected]>
1 parent a0351d2 commit 8815241

File tree

4 files changed

+223
-210
lines changed

4 files changed

+223
-210
lines changed

charts/hnc/templates/hnc-controller-manager-ha.yaml

Lines changed: 107 additions & 104 deletions
Original file line numberDiff line numberDiff line change
@@ -1,104 +1,107 @@
1-
{{- if .Values.ha.enabled }}
2-
apiVersion: apps/v1
3-
kind: Deployment
4-
metadata:
5-
labels:
6-
control-plane: controller-manager
7-
name: {{ include "hnc.fullname" . }}-controller-manager-ha
8-
namespace: {{ include "hnc.namespace" . }}
9-
spec:
10-
replicas: 3
11-
selector:
12-
matchLabels:
13-
control-plane: controller-manager-ha
14-
template:
15-
metadata:
16-
annotations:
17-
prometheus.io/scrape: "true"
18-
labels:
19-
control-plane: controller-manager-ha
20-
spec:
21-
containers:
22-
- args:
23-
{{- if .Values.hrq.enabled }}
24-
- --enable-hrq
25-
{{- end }}
26-
{{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces}}
27-
- --excluded-namespace={{ $hncExcludeNamespace }}
28-
{{- end }}
29-
- --webhook-server-port=9443
30-
- --metrics-addr=:8080
31-
- --max-reconciles=10
32-
- --apiserver-qps-throttle=50
33-
- --nopropagation-label=cattle.io/creator=norman
34-
- --webhooks-only
35-
command:
36-
- /manager
37-
image: {{ .Values.image.repository }}:{{ .Values.image.tag | default "hnc-manager:latest" }}
38-
livenessProbe:
39-
failureThreshold: 1
40-
httpGet:
41-
path: /healthz
42-
port: 8081
43-
periodSeconds: 10
44-
name: manager
45-
ports:
46-
- containerPort: 9443
47-
name: webhook-server
48-
protocol: TCP
49-
- containerPort: 8080
50-
name: metrics
51-
protocol: TCP
52-
- containerPort: 8081
53-
name: healthz
54-
protocol: TCP
55-
readinessProbe:
56-
httpGet:
57-
path: /readyz
58-
port: 8081
59-
periodSeconds: 5
60-
securityContext:
61-
allowPrivilegeEscalation: false
62-
capabilities:
63-
drop:
64-
- ALL
65-
readOnlyRootFilesystem: true
66-
runAsNonRoot: true
67-
seccompProfile:
68-
type: RuntimeDefault
69-
startupProbe:
70-
failureThreshold: 100
71-
httpGet:
72-
path: /readyz
73-
port: 8081
74-
periodSeconds: 5
75-
volumeMounts:
76-
- mountPath: /tmp/k8s-webhook-server/serving-certs
77-
name: cert
78-
readOnly: true
79-
{{- with .Values.imagePullPolicy }}
80-
imagePullPolicy: {{ .Values.image.imagePullPolicy }}
81-
{{- end }}
82-
{{- with .Values.ha.manager.resources }}
83-
resources: {{- toYaml . | nindent 12}}
84-
{{- end }}
85-
securityContext:
86-
fsGroup: 2000
87-
runAsNonRoot: true
88-
runAsUser: 1000
89-
terminationGracePeriodSeconds: 10
90-
volumes:
91-
- name: cert
92-
secret:
93-
defaultMode: 420
94-
secretName: {{ include "hnc.fullname" . }}-webhook-server-cert
95-
{{- with .Values.ha.manager.nodeSelector }}
96-
nodeSelector: {{- toYaml . | nindent 8}}
97-
{{- end }}
98-
{{- with .Values.ha.manager.affinity }}
99-
affinity: {{- toYaml . | nindent 8}}
100-
{{- end }}
101-
{{- with .Values.ha.manager.tolerations }}
102-
tolerations: {{- toYaml . | nindent 8}}
103-
{{- end }}
104-
{{- end }}
1+
{{- if .Values.ha.enabled }}
2+
apiVersion: apps/v1
3+
kind: Deployment
4+
metadata:
5+
labels:
6+
control-plane: controller-manager
7+
name: {{ include "hnc.fullname" . }}-controller-manager-ha
8+
namespace: {{ include "hnc.namespace" . }}
9+
spec:
10+
replicas: 3
11+
selector:
12+
matchLabels:
13+
control-plane: controller-manager-ha
14+
template:
15+
metadata:
16+
annotations:
17+
prometheus.io/scrape: "true"
18+
labels:
19+
control-plane: controller-manager-ha
20+
spec:
21+
containers:
22+
- args:
23+
{{- if .Values.hrq.enabled }}
24+
- --enable-hrq
25+
{{- end }}
26+
{{- if $hncIncludeNamespacesRegex}}
27+
- --included-namespace-regex={{ $hncIncludeNamespacesRegex }}
28+
{{- end }}
29+
{{- range $hncExcludeNamespace := .Values.hncExcludeNamespaces}}
30+
- --excluded-namespace={{ $hncExcludeNamespace }}
31+
{{- end }}
32+
- --webhook-server-port=9443
33+
- --metrics-addr=:8080
34+
- --max-reconciles=10
35+
- --apiserver-qps-throttle=50
36+
- --nopropagation-label=cattle.io/creator=norman
37+
- --webhooks-only
38+
command:
39+
- /manager
40+
image: {{ .Values.image.repository }}:{{ .Values.image.tag | default "hnc-manager:latest" }}
41+
livenessProbe:
42+
failureThreshold: 1
43+
httpGet:
44+
path: /healthz
45+
port: 8081
46+
periodSeconds: 10
47+
name: manager
48+
ports:
49+
- containerPort: 9443
50+
name: webhook-server
51+
protocol: TCP
52+
- containerPort: 8080
53+
name: metrics
54+
protocol: TCP
55+
- containerPort: 8081
56+
name: healthz
57+
protocol: TCP
58+
readinessProbe:
59+
httpGet:
60+
path: /readyz
61+
port: 8081
62+
periodSeconds: 5
63+
securityContext:
64+
allowPrivilegeEscalation: false
65+
capabilities:
66+
drop:
67+
- ALL
68+
readOnlyRootFilesystem: true
69+
runAsNonRoot: true
70+
seccompProfile:
71+
type: RuntimeDefault
72+
startupProbe:
73+
failureThreshold: 100
74+
httpGet:
75+
path: /readyz
76+
port: 8081
77+
periodSeconds: 5
78+
volumeMounts:
79+
- mountPath: /tmp/k8s-webhook-server/serving-certs
80+
name: cert
81+
readOnly: true
82+
{{- with .Values.imagePullPolicy }}
83+
imagePullPolicy: {{ .Values.image.imagePullPolicy }}
84+
{{- end }}
85+
{{- with .Values.ha.manager.resources }}
86+
resources: {{- toYaml . | nindent 12}}
87+
{{- end }}
88+
securityContext:
89+
fsGroup: 2000
90+
runAsNonRoot: true
91+
runAsUser: 1000
92+
terminationGracePeriodSeconds: 10
93+
volumes:
94+
- name: cert
95+
secret:
96+
defaultMode: 420
97+
secretName: {{ include "hnc.fullname" . }}-webhook-server-cert
98+
{{- with .Values.ha.manager.nodeSelector }}
99+
nodeSelector: {{- toYaml . | nindent 8}}
100+
{{- end }}
101+
{{- with .Values.ha.manager.affinity }}
102+
affinity: {{- toYaml . | nindent 8}}
103+
{{- end }}
104+
{{- with .Values.ha.manager.tolerations }}
105+
tolerations: {{- toYaml . | nindent 8}}
106+
{{- end }}
107+
{{- end }}

0 commit comments

Comments
 (0)