diff --git a/README.md b/README.md index 7744265..f48a66f 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ the container image. You can use digester to deploy container images by digest. Alternatively, you can download the latest version using these commands: ```sh - VERSION=v0.1.11 + VERSION=v0.1.12 curl -Lo digester "https://github.com/google/k8s-digester/releases/download/${VERSION}/digester_$(uname -s)_$(uname -m)" chmod +x digester ``` @@ -106,7 +106,7 @@ The digester webhook requires Kubernetes v1.16 or later. 2. Install the digester webhook in your Kubernetes cluster: ```sh - VERSION=v0.1.11 + VERSION=v0.1.12 kubectl apply -k "https://github.com/google/k8s-digester.git/manifests/?ref=${VERSION}" ``` diff --git a/docs/authentication.md b/docs/authentication.md index 8313aa0..1f2a5e5 100644 --- a/docs/authentication.md +++ b/docs/authentication.md @@ -109,7 +109,7 @@ and you do not need a credential helper, you can run digester in a container. Mount your Docker config file in the container using the `--mount` flag: ```sh -VERSION=v0.1.11 +VERSION=v0.1.12 kpt fn eval [manifest directory] \ --as-current-user \ --env DOCKER_CONFIG=/.docker \ @@ -135,7 +135,7 @@ OFFLINE=false kpt fn eval [manifest directory] --exec ./digester If you want to run the KRM function in a container, mount your kubeconfig file: ```sh -VERSION=v0.1.11 +VERSION=v0.1.12 kpt fn eval [manifest directory] \ --as-current-user \ --env KUBECONFIG=/.kube/config \ diff --git a/manifests/README.md b/manifests/README.md index feffeb4..54f6dee 100644 --- a/manifests/README.md +++ b/manifests/README.md @@ -34,7 +34,7 @@ If you use a private GKE cluster, see additional steps for 2. Apply this package: ```sh - VERSION=v0.1.11 + VERSION=v0.1.12 kustomize build "https://github.com/google/k8s-digester.git/manifests?ref=$VERSION" | kubectl apply -f - ``` @@ -52,7 +52,7 @@ If you use a private GKE cluster, see additional steps for 3. Fetch this package: ```sh - VERSION=v0.1.11 + VERSION=v0.1.12 kpt pkg get "https://github.com/google/k8s-digester.git/manifests@${VERSION}" manifests ``` diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml index 9d5d026..8957277 100644 --- a/manifests/deployment.yaml +++ b/manifests/deployment.yaml @@ -1,28 +1,14 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - apiVersion: apps/v1 kind: Deployment metadata: - name: digester-controller-manager - namespace: digester-system labels: control-plane: controller-manager digester/operation: webhook digester/system: "yes" + name: digester-controller-manager + namespace: digester-system spec: - replicas: 3 # kpt-set: ${replicas} + replicas: 3 selector: matchLabels: control-plane: controller-manager @@ -30,41 +16,26 @@ spec: digester/system: "yes" template: metadata: + annotations: + prometheus.io/port: "8888" labels: control-plane: controller-manager digester/operation: webhook digester/system: "yes" - annotations: - prometheus.io/port: "8888" # kpt-set: ${metrics-port} spec: - serviceAccountName: digester-admin - nodeSelector: - kubernetes.io/os: linux containers: - - name: manager - image: k8s-digester # kpt-set: ${image} - args: + - args: - webhook - - --cert-dir=/certs # kpt-set: --cert-dir=${cert-dir} - - --disable-cert-rotation=false # kpt-set: --disable-cert-rotation=${disable-cert-rotation} - - --dry-run=false # kpt-set: --dry-run=${dry-run} - - --health-addr=:9090 # kpt-set: --health-addr=:${health-port} - - --metrics-addr=:8888 # kpt-set: --metrics-addr=:${metrics-port} - - --offline=false # kpt-set: --offline=${offline} - - --port=8443 # kpt-set: --port=${port} - ports: - - name: webhook-server - protocol: TCP - containerPort: 8443 # kpt-set: ${port} - - name: metrics - protocol: TCP - containerPort: 8888 # kpt-set: ${metrics-port} - - name: healthz - protocol: TCP - containerPort: 9090 # kpt-set: ${health-port} + - --cert-dir=/certs + - --disable-cert-rotation=false + - --dry-run=false + - --health-addr=:9090 + - --metrics-addr=:8888 + - --offline=false + - --port=8443 env: - name: DEBUG - value: "false" # kpt-set: ${debug} + value: "false" - name: POD_NAME valueFrom: fieldRef: @@ -74,23 +45,31 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - resources: - requests: - cpu: 100m # kpt-set: ${request-cpu} - ephemeral-storage: 256Mi # kpt-set: ${request-ephemeral-storage} - memory: 256Mi # kpt-set: ${request-memory} - volumeMounts: - - name: cert - readOnly: true - mountPath: /certs # kpt-set: ${cert-dir} + image: ghcr.io/google/k8s-digester:v0.1.12@sha256:1bdd3e2442f3f4087502bf525537f32bdf02e595f47c6ae9ed32771d2455b3cb livenessProbe: httpGet: - port: healthz path: /healthz + port: healthz + name: manager + ports: + - containerPort: 8443 + name: webhook-server + protocol: TCP + - containerPort: 8888 + name: metrics + protocol: TCP + - containerPort: 9090 + name: healthz + protocol: TCP readinessProbe: httpGet: - port: healthz path: /readyz + port: healthz + resources: + requests: + cpu: 100m + ephemeral-storage: 256Mi + memory: 256Mi securityContext: allowPrivilegeEscalation: false capabilities: @@ -100,6 +79,13 @@ spec: runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 + volumeMounts: + - mountPath: /certs + name: cert + readOnly: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: digester-admin volumes: - name: cert secret: