You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
55 lines
1.8 KiB
55 lines
1.8 KiB
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingWebhookConfiguration
|
|
metadata:
|
|
name: {{ include "webhook.fullname" . }}
|
|
labels:
|
|
app: {{ include "webhook.name" . }}
|
|
app.kubernetes.io/name: {{ include "webhook.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/component: "webhook"
|
|
{{- include "labels" . | nindent 4 }}
|
|
annotations:
|
|
cert-manager.io/inject-ca-from-secret: "{{ .Release.Namespace }}/{{ template "webhook.fullname" . }}-ca"
|
|
{{- with .Values.webhook.validatingWebhookConfigurationAnnotations }}
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
webhooks:
|
|
- name: webhook.cert-manager.io
|
|
namespaceSelector:
|
|
matchExpressions:
|
|
- key: "cert-manager.io/disable-validation"
|
|
operator: "NotIn"
|
|
values:
|
|
- "true"
|
|
- key: "name"
|
|
operator: "NotIn"
|
|
values:
|
|
- {{ .Release.Namespace }}
|
|
rules:
|
|
- apiGroups:
|
|
- "cert-manager.io"
|
|
- "acme.cert-manager.io"
|
|
apiVersions:
|
|
- "v1"
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- "*/*"
|
|
admissionReviewVersions: ["v1"]
|
|
# This webhook only accepts v1 cert-manager resources.
|
|
# Equivalent matchPolicy ensures that non-v1 resource requests are sent to
|
|
# this webhook (after the resources have been converted to v1).
|
|
matchPolicy: Equivalent
|
|
timeoutSeconds: {{ .Values.webhook.timeoutSeconds }}
|
|
failurePolicy: Fail
|
|
sideEffects: None
|
|
clientConfig:
|
|
{{- if .Values.webhook.url.host }}
|
|
url: https://{{ .Values.webhook.url.host }}/validate
|
|
{{- else }}
|
|
service:
|
|
name: {{ template "webhook.fullname" . }}
|
|
namespace: {{ .Release.Namespace | quote }}
|
|
path: /validate
|
|
{{- end }}
|
|
|