move webhookconfig to separate files

Signed-off-by: Suraj Deshmukh <suraj@kinvolk.io>

assets/components/linkerd2/templates/proxy-injector-rbac.yaml

@@ -71,36 +71,3 @@ data:
   key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.proxyInjector.keyPEM)) (empty .Values.proxyInjector.keyPEM) }}
 ---
 {{- end }}
-apiVersion: admissionregistration.k8s.io/v1beta1
-kind: MutatingWebhookConfiguration
-metadata:
-  name: linkerd-proxy-injector-webhook-config
-  labels:
-    {{.Values.global.controllerComponentLabel}}: proxy-injector
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-webhooks:
-- name: linkerd-proxy-injector.linkerd.io
-  namespaceSelector:
-    matchExpressions:
-    - key: config.linkerd.io/admission-webhooks
-      operator: NotIn
-      values:
-      - disabled
-  clientConfig:
-    service:
-      name: linkerd-proxy-injector
-      namespace: {{ .Values.global.namespace }}
-      path: "/"
-{{- if and (.Values.proxyInjector.externalSecret) (empty .Values.proxyInjector.caBundle) }}
-  {{- fail "If proxyInjector.externalSecret is true then you need to provide proxyInjector.caBundle" }}
-{{- end }}
-    caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.proxyInjector.caBundle)) (empty .Values.proxyInjector.caBundle) }}
-  failurePolicy: {{.Values.webhookFailurePolicy}}
-  rules:
-  - operations: [ "CREATE" ]
-    apiGroups: [""]
-    apiVersions: ["v1"]
-    resources: ["pods"]
-  {{- if not .Values.omitWebhookSideEffects }}
-  sideEffects: None
-  {{- end }}

assets/components/linkerd2/templates/proxy-injector-webhookconfig.yaml

@@ -0,0 +1,33 @@
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: linkerd-proxy-injector-webhook-config
+  labels:
+    {{.Values.global.controllerComponentLabel}}: proxy-injector
+    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
+webhooks:
+- name: linkerd-proxy-injector.linkerd.io
+  namespaceSelector:
+    matchExpressions:
+    - key: config.linkerd.io/admission-webhooks
+      operator: NotIn
+      values:
+      - disabled
+  clientConfig:
+    service:
+      name: linkerd-proxy-injector
+      namespace: {{ .Values.global.namespace }}
+      path: "/"
+{{- if and (.Values.proxyInjector.externalSecret) (empty .Values.proxyInjector.caBundle) }}
+  {{- fail "If proxyInjector.externalSecret is true then you need to provide proxyInjector.caBundle" }}
+{{- end }}
+    caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.proxyInjector.caBundle)) (empty .Values.proxyInjector.caBundle) }}
+  failurePolicy: {{.Values.webhookFailurePolicy}}
+  rules:
+  - operations: [ "CREATE" ]
+    apiGroups: [""]
+    apiVersions: ["v1"]
+    resources: ["pods"]
+  {{- if not .Values.omitWebhookSideEffects }}
+  sideEffects: None
+  {{- end }}

assets/components/linkerd2/templates/smi-metrics-apiservice.yaml

@@ -0,0 +1,22 @@
+{{- if .Values.smiMetrics.enabled }}
+apiVersion: apiregistration.k8s.io/v1
+kind: APIService
+metadata:
+  name: v1alpha1.metrics.smi-spec.io
+  labels:
+    {{.Values.global.controllerComponentLabel}}: smi-metrics
+    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
+spec:
+  group: metrics.smi-spec.io
+  version: v1alpha1
+  insecureSkipTLSVerify: false
+  groupPriorityMinimum: 100
+  versionPriority: 100
+  service:
+    name: linkerd-smi-metrics
+    namespace: {{.Values.global.namespace}}
+{{- if and (.Values.smiMetrics.externalSecret) (empty .Values.smiMetrics.caBundle) }}
+  {{- fail "If smiMetrics.externalSecret is true then you need to provide smiMetrics.caBundle" }}
+{{- end }}
+  caBundle: {{ ternary (b64enc $cert.Cert) (b64enc (trim .Values.smiMetrics.caBundle)) (empty .Values.smiMetrics.caBundle) }}
+{{- end }}

assets/components/linkerd2/templates/smi-metrics-rbac.yaml

@@ -49,24 +49,4 @@ data:
   tls.key: {{ ternary (b64enc $cert.Key) (b64enc (trim .Values.smiMetrics.keyPEM)) (empty .Values.smiMetrics.keyPEM) }}
 ---
 {{- end }}
-apiVersion: apiregistration.k8s.io/v1
-kind: APIService
-metadata:
-  name: v1alpha1.metrics.smi-spec.io
-  labels:
-    {{.Values.global.controllerComponentLabel}}: smi-metrics
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-spec:
-  group: metrics.smi-spec.io
-  version: v1alpha1
-  insecureSkipTLSVerify: false
-  groupPriorityMinimum: 100
-  versionPriority: 100
-  service:
-    name: linkerd-smi-metrics
-    namespace: {{.Values.global.namespace}}
-{{- if and (.Values.smiMetrics.externalSecret) (empty .Values.smiMetrics.caBundle) }}
-  {{- fail "If smiMetrics.externalSecret is true then you need to provide smiMetrics.caBundle" }}
-{{- end }}
-  caBundle: {{ ternary (b64enc $cert.Cert) (b64enc (trim .Values.smiMetrics.caBundle)) (empty .Values.smiMetrics.caBundle) }}
 {{- end }}

assets/components/linkerd2/templates/sp-validator-rbac.yaml

@@ -59,36 +59,3 @@ data:
   key.pem: {{ ternary (b64enc $ca.Key) (b64enc (trim .Values.profileValidator.keyPEM)) (empty .Values.profileValidator.keyPEM) }}
 ---
 {{- end }}
-apiVersion: admissionregistration.k8s.io/v1beta1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: linkerd-sp-validator-webhook-config
-  labels:
-    {{.Values.global.controllerComponentLabel}}: sp-validator
-    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
-webhooks:
-- name: linkerd-sp-validator.linkerd.io
-  namespaceSelector:
-    matchExpressions:
-    - key: config.linkerd.io/admission-webhooks
-      operator: NotIn
-      values:
-      - disabled
-  clientConfig:
-    service:
-      name: linkerd-sp-validator
-      namespace: {{ .Values.global.namespace }}
-      path: "/"
-{{- if and (.Values.profileValidator.externalSecret) (empty .Values.profileValidator.caBundle) }}
-  {{- fail "If profileValidator.externalSecret is true then you need to provide profileValidator.caBundle" }}
-{{- end }}
-    caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.profileValidator.caBundle)) (empty .Values.profileValidator.caBundle) }}
-  failurePolicy: {{.Values.webhookFailurePolicy}}
-  rules:
-  - operations: [ "CREATE" , "UPDATE" ]
-    apiGroups: ["linkerd.io"]
-    apiVersions: ["v1alpha1", "v1alpha2"]
-    resources: ["serviceprofiles"]
-  {{- if not .Values.omitWebhookSideEffects }}
-  sideEffects: None
-  {{- end }}

assets/components/linkerd2/templates/sp-validator-webhookconfig.yaml

@@ -0,0 +1,33 @@
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: linkerd-sp-validator-webhook-config
+  labels:
+    {{.Values.global.controllerComponentLabel}}: sp-validator
+    {{.Values.global.controllerNamespaceLabel}}: {{.Values.global.namespace}}
+webhooks:
+- name: linkerd-sp-validator.linkerd.io
+  namespaceSelector:
+    matchExpressions:
+    - key: config.linkerd.io/admission-webhooks
+      operator: NotIn
+      values:
+      - disabled
+  clientConfig:
+    service:
+      name: linkerd-sp-validator
+      namespace: {{ .Values.global.namespace }}
+      path: "/"
+{{- if and (.Values.profileValidator.externalSecret) (empty .Values.profileValidator.caBundle) }}
+  {{- fail "If profileValidator.externalSecret is true then you need to provide profileValidator.caBundle" }}
+{{- end }}
+    caBundle: {{ ternary (b64enc $ca.Cert) (b64enc (trim .Values.profileValidator.caBundle)) (empty .Values.profileValidator.caBundle) }}
+  failurePolicy: {{.Values.webhookFailurePolicy}}
+  rules:
+  - operations: [ "CREATE" , "UPDATE" ]
+    apiGroups: ["linkerd.io"]
+    apiVersions: ["v1alpha1", "v1alpha2"]
+    resources: ["serviceprofiles"]
+  {{- if not .Values.omitWebhookSideEffects }}
+  sideEffects: None
+  {{- end }}