| Giorgi Lekveishvili | d1234c1 | 2023-06-19 10:37:06 +0400 | [diff] [blame] | 1 | apiVersion: admissionregistration.k8s.io/v1 |
| 2 | kind: MutatingWebhookConfiguration |
| 3 | metadata: |
| 4 | name: {{ include "webhook.fullname" . }} |
| 5 | labels: |
| 6 | app: {{ include "webhook.name" . }} |
| 7 | app.kubernetes.io/name: {{ include "webhook.name" . }} |
| 8 | app.kubernetes.io/instance: {{ .Release.Name }} |
| 9 | app.kubernetes.io/component: "webhook" |
| 10 | {{- include "labels" . | nindent 4 }} |
| 11 | annotations: |
| 12 | cert-manager.io/inject-ca-from-secret: {{ printf "%s/%s-ca" (include "cert-manager.namespace" .) (include "webhook.fullname" .) | quote }} |
| 13 | {{- with .Values.webhook.mutatingWebhookConfigurationAnnotations }} |
| 14 | {{- toYaml . | nindent 4 }} |
| 15 | {{- end }} |
| 16 | webhooks: |
| 17 | - name: webhook.cert-manager.io |
| 18 | rules: |
| 19 | - apiGroups: |
| 20 | - "cert-manager.io" |
| 21 | - "acme.cert-manager.io" |
| 22 | apiVersions: |
| 23 | - "v1" |
| 24 | operations: |
| 25 | - CREATE |
| 26 | - UPDATE |
| 27 | resources: |
| 28 | - "*/*" |
| 29 | admissionReviewVersions: ["v1"] |
| 30 | # This webhook only accepts v1 cert-manager resources. |
| 31 | # Equivalent matchPolicy ensures that non-v1 resource requests are sent to |
| 32 | # this webhook (after the resources have been converted to v1). |
| 33 | matchPolicy: Equivalent |
| 34 | timeoutSeconds: {{ .Values.webhook.timeoutSeconds }} |
| 35 | failurePolicy: Fail |
| 36 | # Only include 'sideEffects' field in Kubernetes 1.12+ |
| 37 | sideEffects: None |
| 38 | clientConfig: |
| 39 | {{- if .Values.webhook.url.host }} |
| 40 | url: https://{{ .Values.webhook.url.host }}/mutate |
| 41 | {{- else }} |
| 42 | service: |
| 43 | name: {{ template "webhook.fullname" . }} |
| 44 | namespace: {{ include "cert-manager.namespace" . }} |
| 45 | path: /mutate |
| 46 | {{- end }} |