marko/docker-development-youtube-series
1
0
Fork 0
mirror of https://github.com/marcel-dempers/docker-development-youtube-series.git synced 2025-06-06 17:01:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
docker-development-youtube-.../kubernetes/datree/manifests/datree.0.1.46-enforce.yaml
marcel-dempers d271b80901 datree updates
2023-01-14 09:14:40 +11:00

719 lines
32 KiB
YAML
Raw Blame History

---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: cluster-scan-job-service-account
namespace: datree
---
# Source: datree-admission-webhook/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: datree-webhook-server
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
---
# Source: datree-admission-webhook/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: datree-label-namespaces-hook-post-install
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
---
# Source: datree-admission-webhook/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: datree-cleanup-namespaces-hook-pre-delete
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
---
# Source: datree-admission-webhook/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: datree-wait-server-ready-hook-post-install
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
---
# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: datree-ca-tls
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
namespace: datree
type: kubernetes.io/tls
data:
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNHZiVnZJUzc0N1B2eFQyMER4amQ5ZFBUSGhJcWlYbUdlc1BEd2EwdFVoUFJPZjFLCm0yZ0Z4YjVpNkl5TEE2Zi81R00wT0xZVGVNc1pQSUlycytSMGpyZ016b1lXdWRZSlQ2ayttZmFyaGtlUGJ1NTcKWGg5NHBOamttTVhkOHNROS8rVkpoTnRNRFN0MjlkaHlOZ2o1am1Ea3NUNHRFUXF3aHcvOXZSRVlYYlJOazR4LwovMm5TMkdjdnhXVkU3WFlzZ3pNOVRXS3VqR01tQ2h1dXY3WEZweEtBbllRbDNPUUV2YUVQNC9rdmUyWFJsZStPCmNYbW16eXhMa29VMXNPQlRMclhqMU04V3pIRTNiMGtPcFdHV2toVjc3b0RJRlAwS1RXY29kVTN5V2JxaU9TM2UKajJmSGJlaXpmRXZsUWdsOStTdUwvNjdjK2RLTHBSbTJva0JSS1FJREFRQUJBb0lCQURkdVhZa3JTZEEwOUF4UwpJNVhFVndGZytLRFJndjRNWmlHNWlpZlZLY3B2K0p1WEZ3K1plajl2WGl5NWxvSVFGOWtwdVdsWVhxMFR2VmdmCjJwaVc1VGl1RHNLcDBRY1dGVFFWZTZxU3FoV2ppSTVwUkV3YWw1WjdPbWx0ZWVWK3REMjVQQmxzamNoeG94NHIKL01qaHJFRnZ2S3JsS3BDTThjd3F4YWZWY3dQL1BUdzFwUkVxRnpTRkxjamplK2xCNWZUWFdxV2RqMFpkQzdjQwpyVTVQNXZMZEVSRUZnU1dLY3FMd0RRL3MyclNqTEEzREdSSzJQa0hDblJ6cm52ZmIxNWVxNHhCQ253eTQ4WlByCnAzekxZV29BSXlMendObHNTdW5ETU01T1VjRE9wYk84a3RFVHZKZVErUGkvSVBpMXNHUUQ4MEdyS1NuazBkZHQKbWpBNWtXRUNnWUVBL3kxSm5KWUl1anExOGFsZGY4d0R6SWN4RVRLNUxIcW5ZRjhJZ2NLcDQ3WXdGK0d1c2c5cApia2lIdnBqY3pvNVVmZUNvMUhoSGw3L2NRUTIza2E0MW1aRnByYzhna0dINlFTd0h3RERHeHBjZXJRY2hOeVdpCkJPL2dYdC9nRUlSTWN6cE1IVTMrSTVBQm9uamZJUFdLTDVXYXFUellHV1FrZUU1cEVlRXEvUjBDZ1lFQTQ3SkEKTGxDSnZ6dFN0cE5DNXkrZTJkQ2NubG1NR014SVMxQXcwdFNZSVR1ajM2bnBVSEJ1cDBMTmdZZ2RBaDhwc05lYwo2N2ZDVHlucHFsN0tNQS90MEF1K250UWErYllOYmNHT1Y5SWZyL0F3K2VrRnZ6d2J4bm5kd1BSNnhicndIRmNxCkVpaWxKS0V5UXZ1dW9uVkZmSDBGNEtmdUtua2xubk5VQXkrQ2duMENnWUJpRktBa3BhNTVGalAwelNwNUFvdTcKUTROaW51SjU3RE1GWWNHOVRudEtZUzZmSDBtc2V5d0ZEYS9QWEtZU1pyYW5JNEVCR2JJNjY2M1crMVRCay9wYQpLb0E2SkZEWjdpN29lZW9JdnpiSUFqSHlRN2xLbnhabFcyWWNVV1NvTkpIR0FIUmRGeXRGdEFaTTByVEEwRi9xCjVrL3FHTTdmQTVUWkFScDFtdHlSS1FLQmdRQ2QrKy9NTXRWZ2Vpakp4U09HaE9RUy9VdXVFelBCZ1B3b1JWdWEKN1NjZzUrQ3NMNWhTMTYvdkhjcTVOVmZyUVBRTVg0M2hmMzZ5cnNJU0UvTDFwaGU3WW1yQWlTcXVXRUs1QkxOZQorOHhBcHNkVW52bjkxaGJ2ZjE3OW9xUU16Y2dMNGU2dTZzU3F4YTI2RENiL1VaOEU0VHBTeGpIYUJuU3puQkdPCnBFaEpnUUtCZ1FEb1NVNDJQbnl4djlOM2JMYmc1SE1rTHp5cDVHdVhOVTdRZjN2dEw0TzB5M2gxcDN0N1c1QnEKM2tuTzI4SS8yR3hibTE5RllOdnlHMnpvaG5ReHFUR2dGTmx2aGMyKzMxaGRpMVZyZndGVENlbzNPbTRuWm04ZApBdEE0Z0x0aE55K3hDWHZieHZuT0x4WkU3UWh4aE1UdWkyYW4rY1I4L0xHdHNaNXc1R09jK2c9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lRQTZSWVVlb1BUQzRuc2dOQ3JWQXZBekFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dNekV4TUM4R0ExVUVBeE1vCkwwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdGJ5QkRRVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0wyMWJ5RXUrT3o3OFU5dEE4WTNmWFQweDRTS29sNQpobnJEdzhHdExWSVQwVG45U3B0b0JjVytZdWlNaXdPbi8rUmpORGkyRTNqTEdUeUNLN1BrZEk2NERNNkdGcm5XCkNVK3BQcG4ycTRaSGoyN3VlMTRmZUtUWTVKakYzZkxFUGYvbFNZVGJUQTByZHZYWWNqWUkrWTVnNUxFK0xSRUsKc0ljUC9iMFJHRjIwVFpPTWYvOXAwdGhuTDhWbFJPMTJMSU16UFUxaXJveGpKZ29icnIrMXhhY1NnSjJFSmR6awpCTDJoRCtQNUwzdGwwWlh2am5GNXBzOHNTNUtGTmJEZ1V5NjE0OVRQRnN4eE4yOUpEcVZobHBJVmUrNkF5QlQ5CkNrMW5LSFZOOGxtNm9qa3QzbzlueDIzb3MzeEw1VUlKZmZrcmkvK3UzUG5TaTZVWnRxSkFVU2tDQXdFQUFhTmgKTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjRApBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFSU3FISWVWN3k5cGlDdDRYYXpNYjVIMEI0CnpEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFvblpOQ0NlU1lkSmZuTHhXWGM4T1pkcDJudWFxVUFEU2M0M0gKSFhsSzk5c3hlUWRZUEVyaGxLTHhyNmNaT0lXZTRjSVNVdnEzL3B1bktieCsva3FiQU5TRWhaQ1hkMjhIbWtoMgpIc0hXRjFlWkZDR0FEMDZ6TlJzUHNhTllIUHlyN3lGbmlTc0hOME81YUxWT2FDaVYzZHJCRmRReG5LemVrbnlkClVmaURNUExyazNveENCYnBpMlIyS3hQckU4T1hTcWtoem9RbzdtQys5M1dHdXJHckNyWnoyRUEyL0ZSdll6Uk8KVU43Q0haU1c1UGFRWGtIQlozTzFRTTZKdmhjdTNEM3VnZVhFN2d1NW5qYWVWL1hyWW04M09kUDBTY3AwSytsTwpOT1JNUmlGakJmcHliQ2NVR205THNEamF4UExEY2RHVnIrNWF6SVBNckx2VlhLdS9jZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: webhook-server-tls
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
namespace: datree
annotations:
self-signed-cert: "true"
type: kubernetes.io/tls
data:
tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBeXNsMEEra2R6dVkyTm1JaUliOGJLVEhYWUJrbDhsU0M2YU5pbUVFQkc0ZGdPbkluClhiSXlMU0tMRG9lcU9MdU9kcnVWcHNJTTRoeldPcGN3MVRQSi91MjBFVVVvUlB3QXFrUk1jV1RqNnlDU3VkRmEKa05IaE00U2Y4QTMzekJEbVVLWWZFcVpxMktFcWRVbkc0SGluTTNNVTRxYnM5b01FbVY0TG9KbGFDL2FkYlQvdAo4bCtDb0RPYytnWERQWDhXd3IvcEROS1JocVQ5Q1VzUFJHNWlZSGR4S0VuQmtiaG1ZTlVwcVhaVEtRWEkzNVdqCmd6R3M0TXBiVGZHVVBFS2ZIZjdPNEJRdmhtK3JsWGM5UnRPc2xESS8zVnJuRDVEVE5VZVRxRlFHT29IeDVGbUgKaU94MFRnN1l3cm1abkZrTUNLcjJqUkNnSjY1UklzWWFMRzQ1RXdJREFRQUJBb0lCQVFDekJGcWRwU3JDWHFxWApJZFNkMC9ablRHK2tqeTdYbWRHajdhOTVWMUZoK3dWeE14c2JkTmNrenl6UkcrU2locmlDaXFEWEFOR2N2dlpECjdQcVlERXNTK01jUXcrdUQwcS9IbjltWDlRZmJwdnJBZlZlbEp4TFdod3NtUVQ1eThLeFJvQVVvVXE5YUpCUzIKUy9YOGJhYTFIYS9mVXBzNEYzdDA1UGdBdzhBaGMvYXZVRE5id3p3RTZONmR1RmVFTkJ0MWNwNkI3a3Y1RzJrUgo3SGxMMEdKU0tEdlk0K0lwQTdvSDNVTW5nT3ZmR3g4d1kxKzZxTm1JV1lOZkRQdVRvWFl5Qmg3VEo3SC9sdFdECnZDOUdBZ29tWFNTdXE2UVFkZVVVN0hET0JVQ09wMUFWYVVmcWs1Tk04WVNDQ20vanVtazZRYVRSTUJ4TkY1MkgKVy9MMHQ0b0pBb0dCQVBDVDNLNDl1TXJFS2FQZG1pNm9rWDB5ajhWMzZXeDMzK0cwVnpMRDNjc3d5TzNoQmNCeApRZkNCMTVDazYrYUJnYWxZRkRYQlU2T01nWnBvaDJKK2FSSXdST1Ztb2ZUYXhHbWhZakdIeVpDd3lYYTJDb29kCkVzM0lQS1FTb0J1dS9leE1EZ1hsdk9XYmtLTHZWVVllcEs4V2QxWEQ5QnRYRCt6OUFlUFU4cUJIQW9HQkFOZkoKWjliQXNFdG4yeVI4T2pZVDVHU3FndHVBdGsyNFoyZStRZDdkSWxxQ240YWE5b1ZDQXpKNlYzQ2RqQ1lCeXNLZgpiK2ZpRmlrVG9lYjh1M1E0Nndydi84dGU4cWZPOGRWbm9UbXFvcFdXZHRiQm8xNi9hWE82dzFOQnpHYVp3NnBzCkJ1N1d6ZEFhYURpZGlHWGFlOHZCT2xxQWZ0UDg2cE5iUGo1ME56TFZBb0dCQU9HOGZGZHFSdGpMMDU2VXNyV1IKS21MbGJJNEhoQmxwS2NPbzZpRVNOQzBTYTViNWkrSVU0NkIrMVB3K0k3TzRWU2ZISTcrRTFhd2lqUUdMajIxVgoyOVZiUVdwWE1TU0ZtY0xiMFQxVWdrZW4rb0hQTW5pQjYwRDM0QjY3ODB2R21UQjk5TEtIN1FVdFFUd0JnbXczCkdLUEpXdFE0OS9ZbmJTUWNDd2Z5cW03RkFvR0JBTmMvSzFwM21TT090SFUvaWQxNW1FQ21LYVFGVDFSVmxxaFEKaTJwZzBTelIwWWsydUtPU2hwZnFtNkJWTjRDT0Z4QnVjL1V0ZkFkN2N1dHp2UlVnMWF4eVhJa2o3QTlpQ2E5agpFTnJ5RC80Qk9nZmMzamJiM3JlM1c3R0lGL2xjZG1aZ0hjWk85THdhSzA0V0xnSFRuOXRPb3dPMTIwMWdveWxjClFjbVFxYU1GQW9HQkFLQlhoVWorWE9zWXoyOVFxMU9DTWZvU1hEQlFYQWtLNnROYjk3Ym9VZ3BmYlNLSkl1bEgKT01CVWpkZ09DSzBZOGw0TTRaYWVGY25uL3RJMlhMQ1V2Q24yUEViOUovS05hWEhxL25xR1BiYnd3NWl4ZXdzZQpJQlBoYkJjM3NtMzBQOXJ4R2FWNGNYdUpDN08yaG1yQlFsZHdtOGRGMDdXbmRabHhzNnlMT2tqeAotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRV3BOb0FoT1FNTmw2M3owalF3RXVmakFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlzbDBBK2tkenVZMk5tSWlJYjhiS1RIWFlCa2w4bFNDNmFOaQptRUVCRzRkZ09uSW5YYkl5TFNLTERvZXFPTHVPZHJ1VnBzSU00aHpXT3BjdzFUUEovdTIwRVVVb1JQd0Fxa1JNCmNXVGo2eUNTdWRGYWtOSGhNNFNmOEEzM3pCRG1VS1lmRXFacTJLRXFkVW5HNEhpbk0zTVU0cWJzOW9NRW1WNEwKb0psYUMvYWRiVC90OGwrQ29ET2MrZ1hEUFg4V3dyL3BETktSaHFUOUNVc1BSRzVpWUhkeEtFbkJrYmhtWU5VcApxWFpUS1FYSTM1V2pnekdzNE1wYlRmR1VQRUtmSGY3TzRCUXZobStybFhjOVJ0T3NsREkvM1ZybkQ1RFROVWVUCnFGUUdPb0h4NUZtSGlPeDBUZzdZd3JtWm5Ga01DS3IyalJDZ0o2NVJJc1lhTEc0NUV3SURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUVJTcUhJZVY3eTlwaUN0NFhhek1iNUgwQjR6REFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFoQ25WWjF5aktXOGhoc2x1ZmRZdzZ0b3ZXSjdrRFhHUVNrL3cxbjhGUFZKQQpHZm90NzZGSzZHckQ5YlV1MWlXUWQzUTFVUE1Bb1A5ajRFYUxBeWdZUG1SVDZHOFJvRzM3bWVlaVU2Mmo2THQyCmVZUWdKT0xNMWlzMGdLdXJvSzBBMjN6RzZHMldIeHphODBpVVN1Ky9OM1U2NHZKVDQ4NHNpOW1uNjc0OUNkNFAKYUVmWXZCY0dHZmwzNW9WazJkMzhZeThPd1gyd2ovTXRmakc0eDdweElJMUQ4TVV5TWY5M2liOFpKSS9RVUx5MQpYRVFIeFZ5bzJBTTEyYWNRQjBkZnlac24rRzBpZXVTYTQ2czdRSFVjSnRsOG5ieGJLMEhET25DVWxBeUl4RjFLClRzNDBKMXJiMFJFUlJMYlkvczMvOU1hYlNrWHhtSURLb2FybkFZVHZNUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-scan-job-role
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "get"
- "list"
---
# Source: datree-admission-webhook/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: datree-webhook-server-read
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
rules:
- apiGroups:
- ""
resources:
- "nodes"
- "namespaces"
verbs:
- "get"
- "list"
---
# Source: datree-admission-webhook/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: datree-namespaces-update
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- update
- patch
resourceNames:
- kube-system
- datree
---
# Source: datree-admission-webhook/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: datree-validationwebhook-delete
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
rules:
- apiGroups:
- "admissionregistration.k8s.io"
resources:
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
resourceNames:
- datree-webhook
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-scan-job-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-scan-job-role
subjects:
- kind: ServiceAccount
name: cluster-scan-job-service-account
namespace: datree
---
# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: datree-webhook-server-read
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: datree-webhook-server-read # datree-webhook-server-read
subjects:
- kind: ServiceAccount
name: datree-webhook-server # datree-webhook-server
namespace: datree
---
# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: datree-namespaces-update
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: datree-namespaces-update
subjects:
- kind: ServiceAccount
name: "datree-label-namespaces-hook-post-install"
namespace: "datree"
- kind: ServiceAccount
name: "datree-cleanup-namespaces-hook-pre-delete"
namespace: "datree"
---
# Source: datree-admission-webhook/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: datree-validationwebhook-delete
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: datree-validationwebhook-delete
subjects:
- kind: ServiceAccount
name: "datree-cleanup-namespaces-hook-pre-delete"
namespace: "datree"
---
# Source: datree-admission-webhook/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: datree-pods-reader
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
rules:
- apiGroups:
- ""
resources:
- "pods"
- "jobs"
verbs:
- "get"
- "list"
- "watch"
---
# Source: datree-admission-webhook/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: datree-pods-reader
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: datree-pods-reader
subjects:
- kind: ServiceAccount
name: datree-wait-server-ready-hook-post-install
namespace: "datree"
---
# Source: datree-admission-webhook/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: datree-webhook-server
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
spec:
selector:
app: "datree-webhook-server"
ports:
- port: 443
targetPort: webhook-api
---
# Source: datree-admission-webhook/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: datree-webhook-server
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
owner: datree
app: "datree-webhook-server"
spec:
replicas: 2
selector:
matchLabels:
app: "datree-webhook-server"
template:
metadata:
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
app: "datree-webhook-server"
spec:
serviceAccountName: datree-webhook-server
containers:
- name: server
# caution: don't change the order of the environment variables
# changing the order will harm resource patching
env:
- name: DATREE_TOKEN
value: "ef7088eb-3096-4533-97d8-f16fb3a5b0c1"
- name: DATREE_POLICY
value: Starter
- name: DATREE_VERBOSE
value: ""
- name: DATREE_OUTPUT
value: ""
- name: DATREE_NO_RECORD
value: ""
- name: DATREE_ENFORCE
value: "true"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 25000
livenessProbe:
httpGet:
path: /health
port: 8443
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8443
scheme: HTTPS
initialDelaySeconds: 5
periodSeconds: 10
resources:
{}
image: "datree/admission-webhook:0.1.41"
imagePullPolicy: Always
ports:
- containerPort: 8443
name: webhook-api
volumeMounts:
- name: webhook-tls-certs
mountPath: /run/secrets/tls
readOnly: true
- name: webhook-config
mountPath: /config
readOnly: true
volumes:
- name: webhook-tls-certs
secret:
secretName: webhook-server-tls
- name: webhook-config
configMap:
name: webhook-scanning-filters
optional: true
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: scan-job
namespace: datree
spec:
backoffLimit: 4
template:
spec:
serviceAccountName: cluster-scan-job-service-account
restartPolicy: Never
containers:
- name: scan-job
env:
- name: DATREE_TOKEN
value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
- name: DATREE_POLICY
value: Starter
- name: CLUSTER_NAME
value: kind-datree
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 25000
seccompProfile:
type: RuntimeDefault
image: "datree/scan-job:0.0.13"
imagePullPolicy: Always
resources:
{}
volumeMounts:
- name: webhook-config
mountPath: /config
readOnly: true
volumes:
- name: webhook-config
configMap:
name: webhook-scanning-filters
optional: true
---
# Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: scan-cronjob
namespace: datree
spec:
# get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression
# if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc.
schedule: "57 * * * *" # every hour, starting 55 minutes after helm installation
jobTemplate:
spec:
backoffLimit: 4
template:
spec:
serviceAccountName: cluster-scan-job-service-account
restartPolicy: Never
containers:
- name: scan-job
env:
- name: DATREE_TOKEN
value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
- name: DATREE_POLICY
value: Starter
- name: CLUSTER_NAME
value: kind-datree
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 25000
seccompProfile:
type: RuntimeDefault
image: "datree/scan-job:0.0.13"
imagePullPolicy: Always
resources:
{}
volumeMounts:
- name: webhook-config
mountPath: /config
readOnly: true
volumes:
- name: webhook-config
configMap:
name: webhook-scanning-filters
optional: true
---
# Source: datree-admission-webhook/templates/namespace-post-delete.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: datree-cleanup-namespaces-hook-pre-delete
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
namespace: datree
annotations:
"helm.sh/hook": pre-delete, pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
spec:
template:
metadata:
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
spec:
restartPolicy: OnFailure
serviceAccount: datree-cleanup-namespaces-hook-pre-delete
nodeSelector:
kubernetes.io/os: linux
containers:
- name: kubectl-label
image: "clastix/kubectl:v1.25"
imagePullPolicy: IfNotPresent
command:
- sh
- "-c"
- >-
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io datree-webhook -n datree;
kubectl label ns kube-system datree datree.io/skip-;
---
# Source: datree-admission-webhook/templates/namespace-post-install.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: datree-label-namespaces-hook-post-install
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
annotations:
"helm.sh/hook": post-install, post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
spec:
template:
metadata:
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
spec:
serviceAccount: datree-label-namespaces-hook-post-install
restartPolicy: OnFailure
nodeSelector:
kubernetes.io/os: linux
containers:
- name: kubectl-label
image: "clastix/kubectl:v1.25"
imagePullPolicy: IfNotPresent
args:
- label
- ns
- kube-system
- datree
- admission.datree/validate=skip
- --overwrite
---
# Source: datree-admission-webhook/templates/wait-server-ready-post-install.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: datree-wait-server-ready-hook-post-install
namespace: datree
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
annotations:
"helm.sh/hook": post-install, post-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded, hook-failed
spec:
template:
metadata:
name: datree-wait-server-ready-hook-post-install
labels:
app.kubernetes.io/name: datree-admission-webhook
app.kubernetes.io/managed-by: "Helm"
app.kubernetes.io/instance: "datree-webhook"
app.kubernetes.io/version: 0.1.41
app.kubernetes.io/part-of: "datree"
meta.helm.sh/release-name: "datree-admission-webhook"
meta.helm.sh/release-namespace: "datree"
helm.sh/chart: datree-admission-webhook-0.3.22
spec:
serviceAccountName: datree-wait-server-ready-hook-post-install
restartPolicy: Never
containers:
- name: kubectl-client
image: "clastix/kubectl:v1.25"
imagePullPolicy: IfNotPresent
command:
- sh
- "-c"
- >-
kubectl wait --for=condition=ready pod -l app=datree-webhook-server --timeout="180s"
---
# Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: datree-webhook
annotations:
"helm.sh/hook": post-install, post-upgrade
"helm.sh/hook-weight": "-5"
webhooks:
- name: webhook-server.datree.svc
sideEffects: None
timeoutSeconds: 30
failurePolicy: Ignore
admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: datree-webhook-server
namespace: datree
path: "/validate"
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lRQTZSWVVlb1BUQzRuc2dOQ3JWQXZBekFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4TXpBeE1ESXdNbG9YRFRJNE1ERXhOREF4TURJd01sb3dNekV4TUM4R0ExVUVBeE1vCkwwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdGJ5QkRRVENDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBT0wyMWJ5RXUrT3o3OFU5dEE4WTNmWFQweDRTS29sNQpobnJEdzhHdExWSVQwVG45U3B0b0JjVytZdWlNaXdPbi8rUmpORGkyRTNqTEdUeUNLN1BrZEk2NERNNkdGcm5XCkNVK3BQcG4ycTRaSGoyN3VlMTRmZUtUWTVKakYzZkxFUGYvbFNZVGJUQTByZHZYWWNqWUkrWTVnNUxFK0xSRUsKc0ljUC9iMFJHRjIwVFpPTWYvOXAwdGhuTDhWbFJPMTJMSU16UFUxaXJveGpKZ29icnIrMXhhY1NnSjJFSmR6awpCTDJoRCtQNUwzdGwwWlh2am5GNXBzOHNTNUtGTmJEZ1V5NjE0OVRQRnN4eE4yOUpEcVZobHBJVmUrNkF5QlQ5CkNrMW5LSFZOOGxtNm9qa3QzbzlueDIzb3MzeEw1VUlKZmZrcmkvK3UzUG5TaTZVWnRxSkFVU2tDQXdFQUFhTmgKTUY4d0RnWURWUjBQQVFIL0JBUURBZ0trTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjRApBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlFSU3FISWVWN3k5cGlDdDRYYXpNYjVIMEI0CnpEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFvblpOQ0NlU1lkSmZuTHhXWGM4T1pkcDJudWFxVUFEU2M0M0gKSFhsSzk5c3hlUWRZUEVyaGxLTHhyNmNaT0lXZTRjSVNVdnEzL3B1bktieCsva3FiQU5TRWhaQ1hkMjhIbWtoMgpIc0hXRjFlWkZDR0FEMDZ6TlJzUHNhTllIUHlyN3lGbmlTc0hOME81YUxWT2FDaVYzZHJCRmRReG5LemVrbnlkClVmaURNUExyazNveENCYnBpMlIyS3hQckU4T1hTcWtoem9RbzdtQys5M1dHdXJHckNyWnoyRUEyL0ZSdll6Uk8KVU43Q0haU1c1UGFRWGtIQlozTzFRTTZKdmhjdTNEM3VnZVhFN2d1NW5qYWVWL1hyWW04M09kUDBTY3AwSytsTwpOT1JNUmlGakJmcHliQ2NVR205THNEamF4UExEY2RHVnIrNWF6SVBNckx2VlhLdS9jZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
namespaceSelector:
matchExpressions:
- key: admission.datree/validate
operator: DoesNotExist
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["*"]
apiVersions: ["*"]
resources: ["*"]
Reference in New Issue View Git Blame Copy Permalink