Fix and unify service port definitions

sysdiglabs · Jul 12, 2023 · ec25175 · ec25175
1 parent ee05217
commit ec25175
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 6 deletions.
diff --git a/charts/admission-controller/templates/webhook/admissionregistration.yaml b/charts/admission-controller/templates/webhook/admissionregistration.yaml
@@ -42,7 +42,7 @@ webhooks:
       namespace: {{ include "admissionController.namespace" . }}
       name: {{ include "admissionController.webhook.fullname" . }}
       path: /validate
-      port: 7443
+      port:  {{ .Values.webhook.v2.service.port }}
     caBundle: {{ $certList._2 }}
 
   admissionReviewVersions: ["v1", "v1beta1"]
@@ -78,6 +78,7 @@ webhooks:
       namespace: {{ include "admissionController.namespace" . }}
       name: {{ include "admissionController.webhook.fullname" . }}
       path: /allow-pod
+      port:  {{ .Values.webhook.service.port }}
     caBundle: {{ $certList._2 }}
   admissionReviewVersions: ["v1", "v1beta1"]
   sideEffects: None
@@ -100,6 +101,7 @@ webhooks:
       namespace: {{ include "admissionController.namespace" . }}
       name: {{ include "admissionController.webhook.fullname" . }}
       path: /k8s-audit
+      port:  {{ .Values.webhook.service.port }}
     caBundle: {{ $certList._2 }}
   admissionReviewVersions: ["v1", "v1beta1"]
   sideEffects: None

diff --git a/charts/admission-controller/templates/webhook/configmap.yaml b/charts/admission-controller/templates/webhook/configmap.yaml
@@ -20,7 +20,7 @@ data:
   DRY_RUN: "{{ .Values.webhook.dryRun }}"
   HTTP_TIMEOUT: "{{ .Values.webhook.timeoutSeconds }}s"
   {{- if .Values.features.kspmAdmissionController}}
-  SERVICE_PORT: "{{.Values.webhook.v2.container.port}}"
+  SERVICE_PORT: "{{ .Values.webhook.v2.http.port }}"
   CERT_LOCATION: /cert
   EXTERNAL_NATS_URL:  {{ include "admissionController.natsUrl" . }}
   NATS_INSECURE: "{{.Values.webhook.v2.nats.insecure}}"

diff --git a/charts/admission-controller/templates/webhook/deployment.yaml b/charts/admission-controller/templates/webhook/deployment.yaml
@@ -64,7 +64,7 @@ spec:
               value: {{ include "webhook.noProxy" . }},{{ include "admissionController.scanner.fullname" . }}
             {{- end }}
           ports:
-            - containerPort: 7443
+            - containerPort: {{ .Values.webhook.v2.http.port }}
               protocol: TCP
               name: vac
           envFrom:

diff --git a/charts/admission-controller/templates/webhook/service.yaml b/charts/admission-controller/templates/webhook/service.yaml
@@ -9,7 +9,7 @@ spec:
   type: {{ .Values.webhook.service.type }}
   ports:
   - name: vac
-    port: 7443
+    port: {{ .Values.webhook.v2.service.port }}
     targetPort: vac
   - name: http
     port: {{ .Values.webhook.service.port }}

diff --git a/charts/admission-controller/values.yaml b/charts/admission-controller/values.yaml
@@ -134,11 +134,18 @@ webhook:
     denyOnError: false
     timeoutSeconds: 5
     nats:
-      insecure: "true"
+      insecure: false
       url: ""
+    service:
+      # Use this type as webhook service
+      type: ClusterIP
+      # Configure port for the V2 webhook service
+      port: 7443
+    http:
+      # HTTP serve port where the requests will be served from
+      port: 7443
     container:
       name: secure-admission-controller
-      port: 7443
       image: quay.io/sysdig/secure-admission-controller:1.26.0-rc
   # Service name for Webhook deployment
   name: webhook