add conversionWebhookService

Signed-off-by: Jan-Otto Kröpke <[email protected]>
prometheus-community · May 9, 2024 · 49a53a1 · 49a53a1
1 parent 9a3007f
commit 49a53a1
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 25 deletions.
diff --git a/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml b/charts/kube-prometheus-stack/templates/prometheus-operator/service.yaml
@@ -2,41 +2,39 @@
 apiVersion: v1
 kind: Service
 metadata:
+  {{- if .Values.prometheusOperator.service.annotations }}
+  annotations:
+    {{- toYaml .Values.prometheusOperator.service.annotations | nindent 4 }}
+  {{- end }}
   name: {{ template "kube-prometheus-stack.operator.fullname" . }}
   namespace: {{ template "kube-prometheus-stack.namespace" . }}
   labels:
     {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
-{{- if .Values.prometheusOperator.service.labels }}
-{{ toYaml .Values.prometheusOperator.service.labels | indent 4 }}
-{{- end }}
-{{- if .Values.prometheusOperator.service.annotations }}
-  annotations:
-{{ toYaml .Values.prometheusOperator.service.annotations | indent 4 }}
-{{- end }}
+    {{- with .Values.prometheusOperator.service.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
-{{- if .Values.prometheusOperator.service.clusterIP }}
-  clusterIP: {{ .Values.prometheusOperator.service.clusterIP }}
-{{- end }}
-{{- if .Values.prometheusOperator.service.ipDualStack.enabled }}
+  {{- with .Values.prometheusOperator.service.clusterIP }}
+  clusterIP: {{ . }}
+  {{- end }}
+  {{- if .Values.prometheusOperator.service.ipDualStack.enabled }}
   ipFamilies: {{ toYaml .Values.prometheusOperator.service.ipDualStack.ipFamilies | nindent 4 }}
   ipFamilyPolicy: {{ .Values.prometheusOperator.service.ipDualStack.ipFamilyPolicy }}
-{{- end }}
-{{- if .Values.prometheusOperator.service.externalIPs }}
+  {{- end }}
+  {{- with .Values.prometheusOperator.service.externalIPs }}
   externalIPs:
-{{ toYaml .Values.prometheusOperator.service.externalIPs | indent 4 }}
-{{- end }}
-{{- if .Values.prometheusOperator.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.prometheusOperator.service.loadBalancerIP }}
-{{- end }}
-{{- if .Values.prometheusOperator.service.loadBalancerSourceRanges }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.prometheusOperator.service.loadBalancerIP }}
+  loadBalancerIP: {{ . }}
+  {{- end }}
+  {{- with .Values.prometheusOperator.service.loadBalancerSourceRanges }}
   loadBalancerSourceRanges:
-  {{- range $cidr := .Values.prometheusOperator.service.loadBalancerSourceRanges }}
-    - {{ $cidr }}
+    {{- toYaml . | nindent 4 }}
   {{- end }}
-{{- end }}
-{{- if ne .Values.prometheusOperator.service.type "ClusterIP" }}
+  {{- if ne .Values.prometheusOperator.service.type "ClusterIP" }}
   externalTrafficPolicy: {{ .Values.prometheusOperator.service.externalTrafficPolicy }}
-{{- end }}
+  {{- end }}
   ports:
   {{- if not .Values.prometheusOperator.tls.enabled }}
   - name: http
@@ -58,4 +56,35 @@ spec:
     app: {{ template "kube-prometheus-stack.name" . }}-operator
     release: {{ $.Release.Name | quote }}
   type: "{{ .Values.prometheusOperator.service.type }}"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  {{- with .Values.prometheusOperator.conversionWebhookService.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  name: prometheus-operator-admission-webhook
+  namespace: {{ template "kube-prometheus-stack.namespace" . }}
+  labels:
+    {{- include "kube-prometheus-stack.prometheus-operator.labels" . | nindent 4 }}
+  {{- with .Values.prometheusOperator.conversionWebhookService.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.prometheusOperator.conversionWebhookService.clusterIP }}
+  clusterIP: {{ . }}
+  {{- end }}
+  {{- if .Values.prometheusOperator.conversionWebhookService.ipDualStack.enabled }}
+  ipFamilies: {{ toYaml .Values.prometheusOperator.conversionWebhookService.ipDualStack.ipFamilies | nindent 4 }}
+  ipFamilyPolicy: {{ .Values.prometheusOperator.conversionWebhookService.ipDualStack.ipFamilyPolicy }}
+  {{- end }}
+  ports:
+    - name: https
+      port: 8443
+      targetPort: https
+  selector:
+    app: {{ template "kube-prometheus-stack.name" . }}-operator{{ if .Values.prometheusOperator.admissionWebhooks.deployment.enabled }}-webhook{{ end }}
+    release: {{ $.Release.Name | quote }}
+  type: ClusterIP
 {{- end }}
diff --git a/charts/kube-prometheus-stack/values.yaml b/charts/kube-prometheus-stack/values.yaml
@@ -2482,7 +2482,7 @@ prometheusOperator:
           drop:
           - ALL
 
-      # Security context for patch job container
+    # Security context for patch job container
     patchWebhookJob:
       securityContext:
         allowPrivilegeEscalation: false
@@ -2503,6 +2503,15 @@ prometheusOperator:
       #   name: "issuer"
       #   kind: "ClusterIssuer"
 
+  conversionWebhookService:
+    annotations: { }
+    labels: { }
+    clusterIP: ""
+    ipDualStack:
+      enabled: false
+      ipFamilies: [ "IPv6", "IPv4" ]
+      ipFamilyPolicy: "PreferDualStack"
+
   ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list).
   ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration
   ##