Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / refs/heads/main / . / charts / cert-manager / templates / webhook-validating-webhook.yaml
blob: a5d168e29c807919d410b01e2c643069e6fa1387 [file] [log] [blame]
Giorgi Lekveishvilid1234c12023-06-19 10:37:06 +0400[diff] [blame]1apiVersion: admissionregistration.k8s.io/v1
2kind: ValidatingWebhookConfiguration
3metadata:
4 name: {{ include "webhook.fullname" . }}
5 labels:
6 app: {{ include "webhook.name" . }}
7 app.kubernetes.io/name: {{ include "webhook.name" . }}
8 app.kubernetes.io/instance: {{ .Release.Name }}
9 app.kubernetes.io/component: "webhook"
10 {{- include "labels" . | nindent 4 }}
11 annotations:
12 cert-manager.io/inject-ca-from-secret: {{ printf "%s/%s-ca" (include "cert-manager.namespace" .) (include "webhook.fullname" .) | quote}}
13 {{- with .Values.webhook.validatingWebhookConfigurationAnnotations }}
14 {{- toYaml . | nindent 4 }}
15 {{- end }}
16webhooks:
17 - name: webhook.cert-manager.io
18 namespaceSelector:
19 matchExpressions:
20 - key: "cert-manager.io/disable-validation"
21 operator: "NotIn"
22 values:
23 - "true"
24 - key: "name"
25 operator: "NotIn"
26 values:
27 - {{ include "cert-manager.namespace" . }}
28 rules:
29 - apiGroups:
30 - "cert-manager.io"
31 - "acme.cert-manager.io"
32 apiVersions:
33 - "v1"
34 operations:
35 - CREATE
36 - UPDATE
37 resources:
38 - "*/*"
39 admissionReviewVersions: ["v1"]
40 # This webhook only accepts v1 cert-manager resources.
41 # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
42 # this webhook (after the resources have been converted to v1).
43 matchPolicy: Equivalent
44 timeoutSeconds: {{ .Values.webhook.timeoutSeconds }}
45 failurePolicy: Fail
46 sideEffects: None
47 clientConfig:
48 {{- if .Values.webhook.url.host }}
49 url: https://{{ .Values.webhook.url.host }}/validate
50 {{- else }}
51 service:
52 name: {{ template "webhook.fullname" . }}
53 namespace: {{ include "cert-manager.namespace" . }}
54 path: /validate
55 {{- end }}