Skip to content

Commit

Permalink
Cherry-pick: Fix the requirement for VAP
Browse files Browse the repository at this point in the history 
Signed-off-by: Varsha Prasad Narsing <[email protected]>
  • Loading branch information
@varshaprasad96
varshaprasad96 committed Jan 15, 2025
1 parent 3c49a16 commit 123a4ee
Show file tree
Hide file tree
Showing 41 changed files with 3,123 additions and 12 deletions.
9 changes: 0 additions & 9 deletions config/components/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,15 +78,6 @@ rules:
- list
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingadmissionpolicies
- validatingadmissionpolicybindings
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling.x-k8s.io
resources:
Expand Down
2 changes: 0 additions & 2 deletions pkg/util/cert/cert.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,6 @@ const (
// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;update
// +kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=mutatingwebhookconfigurations,verbs=get;list;watch;update
// +kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=validatingwebhookconfigurations,verbs=get;list;watch;update
// +kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=validatingadmissionpolicies,verbs=get;list;watch
// +kubebuilder:rbac:groups="admissionregistration.k8s.io",resources=validatingadmissionpolicybindings,verbs=get;list;watch

// ManageCerts creates all certs for webhooks. This function is called from main.go.
func ManageCerts(mgr ctrl.Manager, cfg config.Configuration, setupFinished chan struct{}) error {
Expand Down
14 changes: 13 additions & 1 deletion pkg/visibility/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ import (
"os"
"strings"

validatingadmissionpolicy "k8s.io/apiserver/pkg/admission/plugin/policy/validating"
"k8s.io/apiserver/pkg/admission/plugin/resourcequota"
mutatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating"
validatingwebhook "k8s.io/apiserver/pkg/admission/plugin/webhook/validating"
openapinamer "k8s.io/apiserver/pkg/endpoints/openapi"
genericapiserver "k8s.io/apiserver/pkg/server"
genericoptions "k8s.io/apiserver/pkg/server/options"
Expand All @@ -41,6 +45,14 @@ import (

var (
setupLog = ctrl.Log.WithName("visibility-server")
// Admission plugins that are enabled by default in the kubeapi server
// but are not required for the visibility server.
disabledPlugins = []string{
validatingadmissionpolicy.PluginName,
resourcequota.PluginName,
validatingwebhook.PluginName,
mutatingwebhook.PluginName,
}
)

// +kubebuilder:rbac:groups=flowcontrol.apiserver.k8s.io,resources=prioritylevelconfigurations,verbs=list;watch
Expand Down Expand Up @@ -81,7 +93,7 @@ func applyVisibilityServerOptions(config *genericapiserver.RecommendedConfig) er
o.SecureServing.BindPort = 8082
// The directory where TLS certs will be created
o.SecureServing.ServerCert.CertDirectory = "/tmp"

o.Admission.DisablePlugins = disabledPlugins
if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil {
return fmt.Errorf("error creating self-signed certificates: %v", err)
}
Expand Down
171 changes: 171 additions & 0 deletions vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/admission.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

9 changes: 9 additions & 0 deletions vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/OWNERS
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/doc.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

42 changes: 42 additions & 0 deletions ...k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/install/install.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

51 changes: 51 additions & 0 deletions vendor/k8s.io/apiserver/pkg/admission/plugin/resourcequota/apis/resourcequota/register.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 123a4ee

Please sign in to comment.