added admission options to helm (#1396)

* added admission options to helm * typo * added the helm values to pkg/config * changed type
loft-sh · Dec 6, 2023 · cef84da · cef84da
1 parent 6d07a75
commit cef84da
Show file tree

Hide file tree

Showing 9 changed files with 71 additions and 0 deletions.
diff --git a/charts/eks/templates/syncer-deployment.yaml b/charts/eks/templates/syncer-deployment.yaml
@@ -173,6 +173,16 @@ spec:
           {{- if .Values.coredns.integrated }}
           - --integrated-coredns=true
           {{- end }}
+          {{- if .Values.admission.validatingWebhooks }}
+          {{- range .Values.admission.validatingWebhooks }}
+          - --enforce-validating-hook={{ . | b64enc }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.admission.mutatingWebhooks }}
+          {{- range .Values.admission.mutatingWebhooks }}
+          - --enforce-mutating-hook={{ . | b64enc }}
+          {{- end }}
+          {{- end }}
           {{- if and .Values.coredns.integrated .Values.coredns.plugin.enabled }}
           - --use-coredns-plugin=true
           {{- end }}

diff --git a/charts/eks/values.yaml b/charts/eks/values.yaml
@@ -502,6 +502,12 @@ isolation:
 multiNamespaceMode:
   enabled: false
 
+# list of {validating/mutating}webhooks that the syncer should proxy.
+# This is a PRO only feature.
+admission:
+  validatingWebhooks: []
+  mutatingWebhooks: []
+
 telemetry:
   disabled: false
   instanceCreator: "helm"

diff --git a/charts/k0s/templates/statefulset.yaml b/charts/k0s/templates/statefulset.yaml
@@ -209,6 +209,16 @@ spec:
           {{- if and .Values.coredns.integrated .Values.coredns.plugin.enabled }}
           - --use-coredns-plugin=true
           {{- end }}
+          {{- if .Values.admission.validatingWebhooks }}
+          {{- range .Values.admission.validatingWebhooks }}
+          - --enforce-validating-hook={{ . | b64enc }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.admission.mutatingWebhooks }}
+          {{- range .Values.admission.mutatingWebhooks }}
+          - --enforce-mutating-hook={{ . | b64enc }}
+          {{- end }}
+          {{- end }}
           {{- range $f := .Values.syncer.extraArgs }}
           - {{ $f | quote }}
           {{- end }}

diff --git a/charts/k0s/values.yaml b/charts/k0s/values.yaml
@@ -488,6 +488,12 @@ init:
 multiNamespaceMode:
   enabled: false
 
+# list of {validating/mutating}webhooks that the syncer should proxy.
+# This is a PRO only feature.
+admission:
+  validatingWebhooks: []
+  mutatingWebhooks: []
+
 telemetry:
   disabled: false
   instanceCreator: "helm"

diff --git a/charts/k3s/templates/statefulset.yaml b/charts/k3s/templates/statefulset.yaml
@@ -264,6 +264,16 @@ spec:
           - --sync-k8s-service=true
           {{- end }}
           {{- end }}
+          {{- if .Values.admission.validatingWebhooks }}
+          {{- range .Values.admission.validatingWebhooks }}
+          - --enforce-validating-hook={{ . | b64enc }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.admission.mutatingWebhooks }}
+          {{- range .Values.admission.mutatingWebhooks }}
+          - --enforce-mutating-hook={{ . | b64enc }}
+          {{- end }}
+          {{- end }}
           {{- range $f := .Values.syncer.extraArgs }}
           - {{ $f | quote }}
           {{- end }}

diff --git a/charts/k3s/values.yaml b/charts/k3s/values.yaml
@@ -197,6 +197,12 @@ embeddedEtcd:
   # If embedded etcd should be enabled, this is a PRO only feature
   enabled: false
 
+# list of {validating/mutating}webhooks that the syncer should proxy.
+# This is a PRO only feature.
+admission:
+  validatingWebhooks: []
+  mutatingWebhooks: []
+
 # Storage settings for the vcluster
 storage:
   # If this is disabled, vcluster will use an emptyDir instead

diff --git a/charts/k8s/templates/syncer-deployment.yaml b/charts/k8s/templates/syncer-deployment.yaml
@@ -209,6 +209,16 @@ spec:
           {{- if and .Values.coredns.integrated .Values.coredns.plugin.enabled }}
           - --use-coredns-plugin=true
           {{- end }}
+          {{- if .Values.admission.validatingWebhooks }}
+          {{- range .Values.admission.validatingWebhooks }}
+          - --enforce-validating-hook={{ . | b64enc }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.admission.mutatingWebhooks }}
+          {{- range .Values.admission.mutatingWebhooks }}
+          - --enforce-mutating-hook={{ . | b64enc }}
+          {{- end }}
+          {{- end }}
           {{- range $f := .Values.syncer.extraArgs }}
           - {{ $f | quote }}
           {{- end }}

diff --git a/charts/k8s/values.yaml b/charts/k8s/values.yaml
@@ -533,6 +533,13 @@ init:
 multiNamespaceMode:
   enabled: false
 
+
+# list of {validating/mutating}webhooks that the syncer should proxy.
+# This is a PRO only feature.
+admission:
+  validatingWebhooks: []
+  mutatingWebhooks: []
+
 telemetry:
   disabled: false
   instanceCreator: "helm"

diff --git a/pkg/config/helmvalues/k3s.go b/pkg/config/helmvalues/k3s.go
@@ -89,6 +89,7 @@ type BaseHelm struct {
 	Telemetry          TelemetryValues  `json:"telemetry,omitempty"`
 	NoopSyncer         NoopSyncerValues `json:"noopSyncer,omitempty"`
 	Monitoring         MonitoringValues `json:"monitoring,omitempty"`
+	Admission          AdmissionValues  `json:"admission,omitempty"`
 }
 
 type SyncerValues struct {
@@ -379,3 +380,8 @@ type NoopSyncerValues struct {
 		KubeConfig          string `json:"kubeConfig,omitempty"`
 	}
 }
+
+type AdmissionValues struct {
+	ValidatingWebhooks []string `json:"validatingWebhooks,omitempty"`
+	MutatingWebhooks   []string `json:"mutatingWebhooks,omitempty"`
+}