Skip to content

Commit

Permalink
Resync access and admin related examples files
Browse files Browse the repository at this point in the history
  • Loading branch information
@mengjiao-liu @moreirayokoyama
mengjiao-liu authored and moreirayokoyama committed Sep 19, 2024
1 parent cffeffe commit dc8cbfe
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 19 deletions.
2 changes: 1 addition & 1 deletion content/zh-cn/examples/access/deployment-replicas-policy.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: admissionregistration.k8s.io/v1alpha1
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
name: "deploy-replica-policy.example.com"
Expand Down
2 changes: 1 addition & 1 deletion content/zh-cn/examples/access/image-matches-namespace-environment.policy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
# 例如,如果命名空间的标签为 {"environment": "staging"},则所有容器镜像必须是
# staging.example.com/* 或根本不包含 “example.com”,除非 Deployment 有
# {"exempt": "true"} 标签。
apiVersion: admissionregistration.k8s.io/v1beta1
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
name: "image-matches-namespace-environment.policy.example.com"
Expand Down
8 changes: 5 additions & 3 deletions content/zh-cn/examples/access/validating-admission-policy-audit-annotation.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: admissionregistration.k8s.io/v1alpha1
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
name: "demo-policy.example.com"
Expand All @@ -11,6 +11,8 @@ spec:
operations: ["CREATE", "UPDATE"]
resources: ["deployments"]
validations:
- key: "high-replica-count"
expression: "object.spec.replicas > 50"
- expression: "object.spec.replicas > 50"
messageExpression: "'Deployment spec.replicas set to ' + string(object.spec.replicas)"
auditAnnotations:
- key: "high-replica-count"
valueExpression: "'Deployment spec.replicas set to ' + string(object.spec.replicas)"
2 changes: 1 addition & 1 deletion content/zh-cn/examples/access/validating-admission-policy-match-conditions.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
apiVersion: admissionregistration.k8s.io/v1alpha1
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionPolicy
metadata:
name: "demo-policy.example.com"
Expand Down
1 change: 1 addition & 0 deletions content/zh-cn/examples/admin/resource/limit-range-pod-3.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ spec:
containers:
- name: busybox-cnt01
image: busybox:1.28
command: ["sleep", "3600"]
resources:
limits:
memory: "300Mi"
Expand Down
40 changes: 27 additions & 13 deletions content/zh-cn/examples/admin/sched/my-scheduler.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,33 @@ roleRef:
name: system:kube-scheduler
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: my-scheduler-as-volume-scheduler
subjects:
- kind: ServiceAccount
name: my-scheduler
namespace: kube-system
roleRef:
kind: ClusterRole
name: system:volume-scheduler
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: my-scheduler-extension-apiserver-authentication-reader
namespace: kube-system
roleRef:
kind: Role
name: extension-apiserver-authentication-reader
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: my-scheduler
namespace: kube-system
---
apiVersion: v1
kind: ConfigMap
metadata:
Expand All @@ -31,19 +58,6 @@ data:
leaderElection:
leaderElect: false
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: my-scheduler-as-volume-scheduler
subjects:
- kind: ServiceAccount
name: my-scheduler
namespace: kube-system
roleRef:
kind: ClusterRole
name: system:volume-scheduler
apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down

0 comments on commit dc8cbfe

Please sign in to comment.