mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-15 19:04:23 -05:00
56 lines
1.8 KiB
YAML
56 lines
1.8 KiB
YAML
|
apiVersion: admissionregistration.k8s.io/v1
|
||
|
kind: ValidatingWebhookConfiguration
|
||
|
metadata:
|
||
|
name: {{ include "webhook.fullname" . }}
|
||
|
labels:
|
||
|
app: {{ include "webhook.name" . }}
|
||
|
app.kubernetes.io/name: {{ include "webhook.name" . }}
|
||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||
|
app.kubernetes.io/component: "webhook"
|
||
|
{{- include "labels" . | nindent 4 }}
|
||
|
annotations:
|
||
|
cert-manager.io/inject-ca-from-secret: {{ printf "%s/%s-ca" (include "cert-manager.namespace" .) (include "webhook.fullname" .) | quote}}
|
||
|
{{- with .Values.webhook.validatingWebhookConfigurationAnnotations }}
|
||
|
{{- toYaml . | nindent 4 }}
|
||
|
{{- end }}
|
||
|
webhooks:
|
||
|
- name: webhook.cert-manager.io
|
||
|
namespaceSelector:
|
||
|
matchExpressions:
|
||
|
- key: "cert-manager.io/disable-validation"
|
||
|
operator: "NotIn"
|
||
|
values:
|
||
|
- "true"
|
||
|
- key: "name"
|
||
|
operator: "NotIn"
|
||
|
values:
|
||
|
- {{ include "cert-manager.namespace" . }}
|
||
|
rules:
|
||
|
- apiGroups:
|
||
|
- "cert-manager.io"
|
||
|
- "acme.cert-manager.io"
|
||
|
apiVersions:
|
||
|
- "v1"
|
||
|
operations:
|
||
|
- CREATE
|
||
|
- UPDATE
|
||
|
resources:
|
||
|
- "*/*"
|
||
|
admissionReviewVersions: ["v1"]
|
||
|
# This webhook only accepts v1 cert-manager resources.
|
||
|
# Equivalent matchPolicy ensures that non-v1 resource requests are sent to
|
||
|
# this webhook (after the resources have been converted to v1).
|
||
|
matchPolicy: Equivalent
|
||
|
timeoutSeconds: {{ .Values.webhook.timeoutSeconds }}
|
||
|
failurePolicy: Fail
|
||
|
sideEffects: None
|
||
|
clientConfig:
|
||
|
{{- if .Values.webhook.url.host }}
|
||
|
url: https://{{ .Values.webhook.url.host }}/validate
|
||
|
{{- else }}
|
||
|
service:
|
||
|
name: {{ template "webhook.fullname" . }}
|
||
|
namespace: {{ include "cert-manager.namespace" . }}
|
||
|
path: /validate
|
||
|
{{- end }}
|