| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 1 | {{- if and .Values.controller.admissionWebhooks.enabled .Values.controller.admissionWebhooks.patch.enabled (not .Values.controller.admissionWebhooks.certManager.enabled) -}} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 2 | apiVersion: batch/v1 |
| 3 | kind: Job |
| 4 | metadata: |
| 5 | name: {{ include "ingress-nginx.fullname" . }}-admission-patch |
| 6 | namespace: {{ .Release.Namespace }} |
| 7 | annotations: |
| 8 | "helm.sh/hook": post-install,post-upgrade |
| 9 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 10 | {{- with .Values.controller.admissionWebhooks.annotations }} |
| 11 | {{- toYaml . | nindent 4 }} |
| 12 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 13 | labels: |
| 14 | {{- include "ingress-nginx.labels" . | nindent 4 }} |
| 15 | app.kubernetes.io/component: admission-webhook |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 16 | {{- with .Values.controller.admissionWebhooks.patch.labels }} |
| 17 | {{- toYaml . | nindent 4 }} |
| 18 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 19 | spec: |
| 20 | {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} |
| 21 | # Alpha feature since k8s 1.12 |
| 22 | ttlSecondsAfterFinished: 0 |
| 23 | {{- end }} |
| 24 | template: |
| 25 | metadata: |
| 26 | name: {{ include "ingress-nginx.fullname" . }}-admission-patch |
| 27 | {{- if .Values.controller.admissionWebhooks.patch.podAnnotations }} |
| 28 | annotations: {{ toYaml .Values.controller.admissionWebhooks.patch.podAnnotations | nindent 8 }} |
| 29 | {{- end }} |
| 30 | labels: |
| 31 | {{- include "ingress-nginx.labels" . | nindent 8 }} |
| 32 | app.kubernetes.io/component: admission-webhook |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 33 | {{- with .Values.controller.admissionWebhooks.patch.labels }} |
| 34 | {{- toYaml . | nindent 8 }} |
| 35 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 36 | spec: |
| 37 | {{- if .Values.controller.admissionWebhooks.patch.priorityClassName }} |
| 38 | priorityClassName: {{ .Values.controller.admissionWebhooks.patch.priorityClassName }} |
| 39 | {{- end }} |
| 40 | {{- if .Values.imagePullSecrets }} |
| 41 | imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }} |
| 42 | {{- end }} |
| 43 | containers: |
| 44 | - name: patch |
| 45 | {{- with .Values.controller.admissionWebhooks.patch.image }} |
| 46 | image: "{{- if .repository -}}{{ .repository }}{{ else }}{{ .registry }}/{{ .image }}{{- end -}}:{{ .tag }}{{- if (.digest) -}} @{{.digest}} {{- end -}}" |
| 47 | {{- end }} |
| 48 | imagePullPolicy: {{ .Values.controller.admissionWebhooks.patch.image.pullPolicy }} |
| 49 | args: |
| 50 | - patch |
| 51 | - --webhook-name={{ include "ingress-nginx.fullname" . }}-admission |
| 52 | - --namespace=$(POD_NAMESPACE) |
| 53 | - --patch-mutating=false |
| 54 | - --secret-name={{ include "ingress-nginx.fullname" . }}-admission |
| 55 | - --patch-failure-policy={{ .Values.controller.admissionWebhooks.failurePolicy }} |
| 56 | env: |
| 57 | - name: POD_NAMESPACE |
| 58 | valueFrom: |
| 59 | fieldRef: |
| 60 | fieldPath: metadata.namespace |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 61 | {{- if .Values.controller.admissionWebhooks.extraEnvs }} |
| 62 | {{- toYaml .Values.controller.admissionWebhooks.extraEnvs | nindent 12 }} |
| 63 | {{- end }} |
| 64 | {{- if .Values.controller.admissionWebhooks.patchWebhookJob.securityContext }} |
| 65 | securityContext: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.securityContext | nindent 12 }} |
| 66 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 67 | {{- if .Values.controller.admissionWebhooks.patchWebhookJob.resources }} |
| 68 | resources: {{ toYaml .Values.controller.admissionWebhooks.patchWebhookJob.resources | nindent 12 }} |
| 69 | {{- end }} |
| 70 | restartPolicy: OnFailure |
| 71 | serviceAccountName: {{ include "ingress-nginx.fullname" . }}-admission |
| 72 | {{- if .Values.controller.admissionWebhooks.patch.nodeSelector }} |
| 73 | nodeSelector: {{ toYaml .Values.controller.admissionWebhooks.patch.nodeSelector | nindent 8 }} |
| 74 | {{- end }} |
| 75 | {{- if .Values.controller.admissionWebhooks.patch.tolerations }} |
| 76 | tolerations: {{ toYaml .Values.controller.admissionWebhooks.patch.tolerations | nindent 8 }} |
| 77 | {{- end }} |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 78 | {{- if .Values.controller.admissionWebhooks.patch.securityContext }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 79 | securityContext: |
| Giorgi Lekveishvili | cccf72f | 2023-05-19 16:13:22 +0400 | [diff] [blame] | 80 | {{- toYaml .Values.controller.admissionWebhooks.patch.securityContext | nindent 8 }} |
| 81 | {{- end }} |
| Giorgi Lekveishvili | 725bb39 | 2023-05-05 18:24:27 +0400 | [diff] [blame] | 82 | {{- end }} |