fix runtime webhook configuration

pluralsh · Dec 30, 2023 · 078d374 · 078d374
1 parent 37ceb2e
commit 078d374
Show file tree

Hide file tree

Showing 11 changed files with 67 additions and 22 deletions.
diff --git a/charts/runtime/Chart.yaml b/charts/runtime/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: runtime
 description: Sets up the basic dependencies needed to get a network stack running
 type: application
-version: 0.1.6
+version: 0.1.7
 appVersion: "0.1.0"
 dependencies:
 - name: external-dns

diff --git a/charts/runtime/templates/operator-cm.yaml b/charts/runtime/templates/operator-cm.yaml
@@ -2,13 +2,17 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: plural-operator-selfsigned-issuer
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
 spec:
   selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: plural-operator-serving-cert
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
 spec:
   dnsNames:
   - plural-operator-webhook-service.{{ .Release.Namespace }}.svc

diff --git a/charts/runtime/templates/webhook.yaml b/charts/runtime/templates/webhook.yaml
@@ -0,0 +1,34 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/plural-operator-serving-cert
+  name: mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: plural-operator-webhook-service
+      namespace: {{ .Release.Namespace }}
+      path: /mutate-security-plural-sh-v1alpha1-oauthinjector
+  failurePolicy: Fail
+  name: moauthinjector.security.plural.sh
+  objectSelector:
+    matchExpressions:
+    - key: security.plural.sh/inject-oauth-sidecar
+      operator: In
+      values:
+      - "true"
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - pods
+  sideEffects: None
diff --git a/templates/setup/console.tf b/templates/setup/console.tf
@@ -11,17 +11,17 @@ data "local_sensitive_file" "console" {
   depends_on = [ null_resource.console ]
 }
 
-resource "helm_release" "console" {
-  name             = "console"
-  namespace        = "plrl-console"
-  chart            = "console"
-  repository       = "https://pluralsh.github.io/console"
-  version          = "0.1.15"
-  create_namespace = true
-  timeout          = 300
-  values           = [
-    data.local_sensitive_file.console
-  ]
+# resource "helm_release" "console" {
+#   name             = "console"
+#   namespace        = "plrl-console"
+#   chart            = "console"
+#   repository       = "https://pluralsh.github.io/console"
+#   version          = "0.1.15"
+#   create_namespace = true
+#   timeout          = 300
+#   values           = [
+#     data.local_sensitive_file.console
+#   ]
 
-  depends_on = [ module.mgmt.cluster ]
-}
+#   depends_on = [ module.mgmt.cluster, module.mgmt.runtime_ready ]
+# }
diff --git a/terraform/clouds/aws/runtime.tf b/terraform/clouds/aws/runtime.tf
@@ -33,7 +33,7 @@ resource "helm_release" "runtime" {
   namespace        = "plural-runtime"
   chart            = "runtime"
   repository       = "https://pluralsh.github.io/bootstrap"
-  version          = "0.1.5"
+  version          = var.runtime_vsn
   create_namespace = true
   timeout          = 300
   values           = [

diff --git a/terraform/clouds/aws/variables.tf b/terraform/clouds/aws/variables.tf
@@ -53,6 +53,10 @@ variable "runtime_values_file" {
   default = "../../helm-values/runtime.yaml"
 }
 
+variable "runtime_vsn" {
+  default = "0.1.7"
+}
+
 variable "db_instance_class" {
     default = "db.t4g.large"
 }
diff --git a/terraform/clouds/azure/runtime.tf b/terraform/clouds/azure/runtime.tf
@@ -3,7 +3,7 @@ resource "helm_release" "runtime" {
   namespace        = "plural-runtime"
   chart            = "runtime"
   repository       = "https://pluralsh.github.io/bootstrap"
-  version          = "0.1.5"
+  version          = var.runtime_vsn
   create_namespace = true
   timeout          = 300
   values           = [

diff --git a/terraform/clouds/azure/variables.tf b/terraform/clouds/azure/variables.tf
@@ -60,4 +60,8 @@ variable "install_runtime" {
 variable "runtime_values_file" {
   type = string
   default = "../../helm-values/runtime.yaml"
-}
+}
+
+variable "runtime_vsn" {
+  default = "0.1.7"
+}
diff --git a/terraform/clouds/gcp/runtime.tf b/terraform/clouds/gcp/runtime.tf
@@ -4,7 +4,7 @@ resource "helm_release" "runtime" {
   namespace        = "plural-runtime"
   chart            = "runtime"
   repository       = "https://pluralsh.github.io/bootstrap"
-  version          = "0.1.5"
+  version          = var.runtime_vsn
   create_namespace = true
   timeout          = 300
   values           = [

diff --git a/terraform/clouds/gcp/variables.tf b/terraform/clouds/gcp/variables.tf
@@ -82,7 +82,6 @@ variable "runtime_values_file" {
   default = "../../helm-values/runtime.yaml"
 }
 
-variable "console_values_file" {
-  type = string
-  default = "../../helm-values/console.yaml"
+variable "runtime_vsn" {
+  default = "0.1.7"
 }
diff --git a/test/main.tf b/test/main.tf
@@ -33,5 +33,5 @@ resource "helm_release" "console" {
     data.local_sensitive_file.console.content
   ]
 
-  depends_on = [ module.gcp.cluster ]
+  depends_on = [ module.gcp.cluster, module.gcp.runtime_ready ]
 }