Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[feat.] Merge Webhook and Server Helm Chart #817

Merged
merged 10 commits into from
May 27, 2021
Merged

[feat.] Merge Webhook and Server Helm Chart #817

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
fa0accc
Merge Webhook and Server Helm Chart
rahulchheda May 26, 2021
dca9027
Dont create LoadBalancer service
rahulchheda May 26, 2021
f5fa815
Allow fail policy
rahulchheda May 26, 2021
014d696
Allow webhook failurePolicy to be Fail
rahulchheda May 26, 2021
02c3648
minor changes and shifting helm charts to deploy/helm/
devang-gaur May 27, 2021
576db26
addition to the helm chart maintainer list
devang-gaur May 27, 2021
a299c02
parameterized deployment replicas
devang-gaur May 27, 2021
553b222
Merge pull request #1 from dev-gaur/review_817
rahulchheda May 27, 2021
550ada2
Fix name in maintainers
rahulchheda May 27, 2021
0e56753
Add comment in helm template for reference
rahulchheda May 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 2 additions & 5 deletions deploy/helm-charts/server/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,8 @@
{{- $globconfig := .Files.Glob "data/config.toml" }}
{{- if $globconfig }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.config_name }}
namespace: {{ .Release.Namespace }}
data:
terrascan-config: |-
{{ .Files.Get "data/config.toml" | b64enc }}
{{- end }}
terrascan-config: |
{{ .Files.Get "data/config.toml" | indent 4 }}
62 changes: 61 additions & 1 deletion ...m-charts/server/templates/deployment.yaml → ...-charts/server/templates/deployments.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ spec:
{{- if $globconfig }}
- name: config-volume
configMap:
configMapName: {{ .Values.config_name }}
name: {{ .Values.config_name }}
{{- end }}
{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }}
- name: terrascan-data-sync
Expand All @@ -87,3 +87,63 @@ spec:
- name: terrascan-data-sync
emptyDir: {}
{{- end }}
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ .Values.name }}
webhooks:
- name: {{ .Values.webhook.name }}
admissionReviewVersions:
{{- range .Values.webhook.admissionReviewVersions }}
- {{ . | printf "%s" }}
{{ end }}
failurePolicy: {{ .Values.webhook.failurePolicy }}
sideEffects: {{ .Values.webhook.sideEffects }}
clientConfig:
service:
name: {{ .Values.name }}
namespace: {{ .Release.Namespace }}
path: {{ .Values.terrascan_webhook_key | printf "/v1/k8s/webhooks/%s/scan/validate" }}
caBundle: {{ .Files.Get "data/server.crt" | b64enc }}
rules:
- apiGroups:
{{- range .Values.webhook.apiGroups }}
{{- if eq . ""}}
- ""
{{- else if eq . "*" }}
- "*"
{{- else }}
- {{ . -}}
{{- end }}
{{- end }}
resources:
{{- range .Values.webhook.resources }}
{{- if eq . ""}}
- ""
{{- else if eq . "*" }}
- "*"
{{- else }}
- {{ . -}}
{{- end }}
{{- end }}
apiVersions:
{{- range .Values.webhook.apiVersions }}
{{- if eq . ""}}
- ""
{{- else if eq . "*" }}
- "*"
{{- else }}
- {{ . -}}
{{- end }}
{{- end }}
operations:
{{- range .Values.webhook.operations }}
{{- if eq . ""}}
- ""
{{- else if eq . "*" }}
- "*"
{{- else }}
- {{ . -}}
{{- end }}
{{- end }}
1 change: 0 additions & 1 deletion deploy/helm-charts/server/templates/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ metadata:
name: {{ .Values.name }}
namespace: {{ .Release.Namespace }}
spec:
type: LoadBalancer
Copy link
Contributor Author

@rahulchheda rahulchheda May 26, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to create LoadBalancer service, until we are using this service from outside of this cluster. It's the user choice to change it afterwards to enhance its usecases.
cc: @jlk @kanchwala-yusuf @dev-gaur

selector:
app: {{ .Values.name }}
ports:
Expand Down
19 changes: 19 additions & 0 deletions deploy/helm-charts/server/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,22 @@ name: terrascan
persistence:
enabled: false
existingclaim: terrascanPvc

webhook:
name: webhook.terrascan.io
failurePolicy: Ignore
Copy link
Contributor Author

@rahulchheda rahulchheda May 26, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had to change this to Ignore, because if service is un-available for webhook, it should not block all the specified resources in cluster.
Hope this is the desired behaviour.
cc: @dev-gaur @kanchwala-yusuf @jlk

sideEffects: None
admissionReviewVersions:
- "v1"
- "v1beta1"
apiGroups:
- "apps"
- ""
resources:
- "deployments"
- "pods"
apiVersions:
- "*"
operations:
- CREATE
- UPDATE
18 changes: 0 additions & 18 deletions deploy/helm-charts/webhook/Chart.yaml
View file
Open in desktop

This file was deleted.

59 changes: 0 additions & 59 deletions deploy/helm-charts/webhook/templates/validating-webhook.yaml
View file
Open in desktop

This file was deleted.

20 changes: 0 additions & 20 deletions deploy/helm-charts/webhook/values.yaml
View file
Open in desktop

This file was deleted.