项目重构

2024-11-28 16:42:36 +08:00
parent a31ae1055a
commit c9f69d595e
822 changed files with 4 additions and 3091 deletions
--- a/0-部署应用/Oracle-Cloud/cert-manager/cert-manager-1.6.1/templates/webhook-validating-webhook.yaml
+++ b/0-部署应用/Oracle-Cloud/cert-manager/cert-manager-1.6.1/templates/webhook-validating-webhook.yaml
@@ -0,0 +1,63 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: {{ include "webhook.fullname" . }}
+  labels:
+    app: {{ include "webhook.name" . }}
+    app.kubernetes.io/name: {{ include "webhook.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: "webhook"
+    {{- include "labels" . | nindent 4 }}
+  annotations:
+    cert-manager.io/inject-ca-from-secret: "{{ .Release.Namespace }}/{{ template "webhook.fullname" . }}-ca"
+  {{- if .Values.webhook.validatingWebhookConfigurationAnnotations }}
+{{ toYaml .Values.webhook.validatingWebhookConfigurationAnnotations | indent 4 }}
+  {{- end }}
+webhooks:
+  - name: webhook.cert-manager.io
+    namespaceSelector:
+      matchExpressions:
+      - key: "cert-manager.io/disable-validation"
+        operator: "NotIn"
+        values:
+        - "true"
+      - key: "name"
+        operator: "NotIn"
+        values:
+        - {{ .Release.Namespace }}
+    rules:
+      - apiGroups:
+          - "cert-manager.io"
+          - "acme.cert-manager.io"
+        apiVersions:
+          - "v1"
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - "*/*"
+    # We don't actually support `v1beta1` but is listed here as it is a
+    # required value for
+    # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025).
+    # The API server reads the supported versions in order, so _should always_
+    # attempt a `v1` request which is understood by the cert-manager webhook.
+    # Any `v1beta1` request will return an error and fail closed for that
+    # resource (the whole object request is rejected). When we no longer
+    # support v1.16 we can remove `v1beta1` from this list.
+    admissionReviewVersions: ["v1", "v1beta1"]
+    # This webhook only accepts v1 cert-manager resources.
+    # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
+    # this webhook (after the resources have been converted to v1).
+    matchPolicy: Equivalent
+    timeoutSeconds: {{ .Values.webhook.timeoutSeconds }}
+    failurePolicy: Fail
+    sideEffects: None
+    clientConfig:
+      {{- if .Values.webhook.url.host }}
+      url: https://{{ .Values.webhook.url.host }}/validate
+      {{- else }}
+      service:
+        name: {{ template "webhook.fullname" . }}
+        namespace: {{ .Release.Namespace | quote }}
+        path: /validate
+      {{- end }}