blob: 712f74fdd32031652fab29507b2d4c7d124d1c03 [file] [log] [blame]
Giorgi Lekveishvili725bb392023-05-05 18:24:27 +04001{{- if .Values.controller.admissionWebhooks.enabled -}}
2# before changing this value, check the required kubernetes version
3# https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
4apiVersion: admissionregistration.k8s.io/v1
5kind: ValidatingWebhookConfiguration
6metadata:
7 {{- if .Values.controller.admissionWebhooks.annotations }}
8 annotations: {{ toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
9 {{- end }}
10 labels:
11 {{- include "ingress-nginx.labels" . | nindent 4 }}
12 app.kubernetes.io/component: admission-webhook
13 name: {{ include "ingress-nginx.fullname" . }}-admission
14webhooks:
15 - name: validate.nginx.ingress.kubernetes.io
16 matchPolicy: Equivalent
17 rules:
18 - apiGroups:
19 - networking.k8s.io
20 apiVersions:
21 - v1
22 operations:
23 - CREATE
24 - UPDATE
25 resources:
26 - ingresses
27 failurePolicy: {{ .Values.controller.admissionWebhooks.failurePolicy | default "Fail" }}
28 sideEffects: None
29 admissionReviewVersions:
30 - v1
31 clientConfig:
32 service:
33 namespace: {{ .Release.Namespace | quote }}
34 name: {{ include "ingress-nginx.controller.fullname" . }}-admission
35 path: /networking/v1/ingresses
36 {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
37 timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}
38 {{- end }}
39 {{- if .Values.controller.admissionWebhooks.namespaceSelector }}
40 namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }}
41 {{- end }}
42 {{- if .Values.controller.admissionWebhooks.objectSelector }}
43 objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }}
44 {{- end }}
45{{- end }}