uc-cdis · emalinowski · Oct 21, 2024 · Jun 24, 2024 · Jun 24, 2024 · Jun 24, 2024
diff --git a/files/squid_whitelist/web_wildcard_whitelist b/files/squid_whitelist/web_wildcard_whitelist
@@ -59,6 +59,7 @@
 .immport.org
 .jenkins.io
 .jenkins-ci.org
+.jetstack.io
 .k8s.io
 .kegg.jp
 .kidsfirstdrc.org

diff --git a/kube/services/node-affinity-daemonset/README.md b/kube/services/node-affinity-daemonset/README.md
@@ -0,0 +1,3 @@
+# Prerequisites
+
+This service needs certmanager to work. Please install certmanager before deploying this service. Once certmanager is installed, you can deploy this service by applying the manifests in this directory.
diff --git a/kube/services/node-affinity-daemonset/deployment.yaml b/kube/services/node-affinity-daemonset/deployment.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: node-affinity-daemonset
+  namespace: kube-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: node-affinity-daemonset
+  template:
+    metadata:
+      labels:
+        app: node-affinity-daemonset
+    spec:
+      containers:
+        - name: node-affinity-daemonset
+          image: quay.io/cdis/node-affinity-daemonset:master
+          ports:
+            - containerPort: 8443
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: webhook-certs #pragma: allowlist secret
diff --git a/kube/services/node-affinity-daemonset/service.yaml b/kube/services/node-affinity-daemonset/service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: node-affinity-daemonset
+  namespace: kube-system
+spec:
+  ports:
+    - port: 443
+      targetPort: 8443
+  selector:
+    app: node-affinity-daemonset
diff --git a/kube/services/node-affinity-daemonset/webhook.yaml b/kube/services/node-affinity-daemonset/webhook.yaml
@@ -0,0 +1,43 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: node-affinity-daemonset
+  cert-manager.io/inject-ca-from: kube-system/node-affinity-daemonset-cert
+webhooks:
+  - name: node-affinity-daemonset.k8s.io
+    clientConfig:
+      service:
+        name: node-affinity-daemonset
+        namespace: kube-system
+        path: "/mutate"
+    rules:
+      - operations: ["CREATE"]
+        apiGroups: ["apps"]
+        apiVersions: ["v1"]
+        resources: ["daemonsets"]
+    admissionReviewVersions: ["v1"]
+    sideEffects: None
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: node-affinity-daemonset-cert
+  namespace: kube-system
+spec:
+  secretName: webhook-certs #pragma: allowlist secret
+  dnsNames:
+  - node-affinity-daemonset.kube-system.svc
+  issuerRef:
+    name: selfsigned
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: selfsigned
+  namespace: kube-system
+spec:
+  selfSigned: {}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# Prerequisites

		This service needs certmanager to work. Please install certmanager before deploying this service. Once certmanager is installed, you can deploy this service by applying the manifests in this directory.