projectcontour · sunjayBhatia · Jun 6, 2023 · May 10, 2023 · May 10, 2023 · May 10, 2023
@@ -3,22 +3,22 @@ kind: ValidatingWebhookConfiguration
 metadata:
   name: gateway-api-admission
 webhooks:
-  - name: validate.gateway.networking.k8s.io
-    matchPolicy: Equivalent
-    rules:
-      - operations: [ "CREATE" , "UPDATE" ]
-        apiGroups: [ "gateway.networking.k8s.io" ]
-        apiVersions: [ "v1alpha2", "v1beta1" ]
-        resources: [ "gateways", "gatewayclasses", "httproutes" ]
-    failurePolicy: Fail
-    sideEffects: None
-    admissionReviewVersions:
-      - v1
-    clientConfig:
-      service:
-        name: gateway-api-admission-server
-        namespace: gateway-system
-        path: "/validate"
+- name: validate.gateway.networking.k8s.io
+  matchPolicy: Equivalent
+  rules:
+  - operations: [ "CREATE" , "UPDATE" ]
+    apiGroups: [ "gateway.networking.k8s.io" ]
+    apiVersions: [ "v1alpha2", "v1beta1" ]
+    resources: [ "gateways", "gatewayclasses", "httproutes" ]
+  failurePolicy: Fail
+  sideEffects: None
+  admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: gateway-api-admission-server
+      namespace: gateway-system
+      path: "/validate"
 ---
 apiVersion: v1
 kind: Service
@@ -30,9 +30,9 @@ metadata:
 spec:
   type: ClusterIP
   ports:
-    - name: https-webhook
-      port: 443
-      targetPort: 8443
+  - name: https-webhook
+    port: 443
+    targetPort: 8443
   selector:
     name: gateway-api-admission-server
 ---
@@ -55,32 +55,32 @@ spec:
         name: gateway-api-admission-server
     spec:
       containers:
-        - name: webhook
-          image: gcr.io/k8s-staging-gateway-api/admission-server:v0.6.2
-          imagePullPolicy: Always
-          args:
-            - -logtostderr
-            - --tlsCertFile=/etc/certs/cert
-            - --tlsKeyFile=/etc/certs/key
-            - -v=10
-            - 2>&1
-          ports:
-            - containerPort: 8443
-              name: webhook
-          resources:
-            limits:
-              memory: 50Mi
-              cpu: 100m
-            requests:
-              memory: 50Mi
-              cpu: 100m
-          volumeMounts:
-            - name: webhook-certs
-              mountPath: /etc/certs
-              readOnly: true
-          securityContext:
-            readOnlyRootFilesystem: true
-      volumes:
+      - name: webhook
+        image: registry.k8s.io/gateway-api/admission-server:v0.7.1
+        imagePullPolicy: Always
+        args:
+        - -logtostderr
+        - --tlsCertFile=/etc/certs/cert
+        - --tlsKeyFile=/etc/certs/key
+        - -v=10
+        - 2>&1
+        ports:
+        - containerPort: 8443
+          name: webhook
+        resources:
+          limits:
+            memory: 50Mi
+            cpu: 100m
+          requests:
+            memory: 50Mi
+            cpu: 100m
+        volumeMounts:
         - name: webhook-certs
-          secret:
-            secretName: gateway-api-admission
+          mountPath: /etc/certs
+          readOnly: true
+        securityContext:
+          readOnlyRootFilesystem: true
+      volumes:
+      - name: webhook-certs
+        secret:
+          secretName: gateway-api-admission
@@ -13,13 +13,13 @@ metadata:
   labels:
     name: gateway-api
 rules:
-  - apiGroups:
-      - admissionregistration.k8s.io
-    resources:
-      - validatingwebhookconfigurations
-    verbs:
-      - get
-      - update
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - get
+  - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -33,9 +33,9 @@ roleRef:
   kind: ClusterRole
   name: gateway-api-admission
 subjects:
-  - kind: ServiceAccount
-    name: gateway-api-admission
-    namespace: gateway-system
+- kind: ServiceAccount
+  name: gateway-api-admission
+  namespace: gateway-system
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -46,13 +46,13 @@ metadata:
     name: gateway-api-webhook
   namespace: gateway-system
 rules:
-  - apiGroups:
-      - ''
-    resources:
-      - secrets
-    verbs:
-      - get
-      - create
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  verbs:
+  - get
+  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -67,9 +67,9 @@ roleRef:
   kind: Role
   name: gateway-api-admission
 subjects:
-  - kind: ServiceAccount
-    name: gateway-api-admission
-    namespace: gateway-system
+- kind: ServiceAccount
+  name: gateway-api-admission
+  namespace: gateway-system
 ---
 apiVersion: batch/v1
 kind: Job
@@ -87,19 +87,19 @@ spec:
         name: gateway-api-webhook
     spec:
       containers:
-        - name: create
-          image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
-          imagePullPolicy: IfNotPresent
-          args:
-            - create
-            - --host=gateway-api-admission-server,gateway-api-admission-server.gateway-system.svc
-            - --namespace=gateway-system
-            - --secret-name=gateway-api-admission
-          env:
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
+      - name: create
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
+        imagePullPolicy: IfNotPresent
+        args:
+        - create
+        - --host=gateway-api-admission-server,gateway-api-admission-server.gateway-system.svc
+        - --namespace=gateway-system
+        - --secret-name=gateway-api-admission
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
       restartPolicy: OnFailure
       serviceAccountName: gateway-api-admission
       securityContext:
@@ -121,22 +121,22 @@ spec:
         name: gateway-api-webhook
     spec:
       containers:
-        - name: patch
-          image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
-          imagePullPolicy: IfNotPresent
-          args:
-            - patch
-            - --webhook-name=gateway-api-admission
-            - --namespace=gateway-system
-            - --patch-mutating=false
-            - --patch-validating=true
-            - --secret-name=gateway-api-admission
-            - --patch-failure-policy=Fail
-          env:
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
+      - name: patch
+        image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.1.1
+        imagePullPolicy: IfNotPresent
+        args:
+        - patch
+        - --webhook-name=gateway-api-admission
+        - --namespace=gateway-system
+        - --patch-mutating=false
+        - --patch-validating=true
+        - --secret-name=gateway-api-admission
+        - --patch-failure-policy=Fail
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
       restartPolicy: OnFailure
       serviceAccountName: gateway-api-admission
       securityContext: