github.com/SamarSidharth/kpt@v0.0.0-20231122062228-c7d747ae3ace/package-examples/cert-manager-basic/webhook/validatingwebhookconfiguration-cert-manager-webhook.yaml (about)

     1  # Source: cert-manager/templates/webhook-validating-webhook.yaml
     2  apiVersion: admissionregistration.k8s.io/v1
     3  kind: ValidatingWebhookConfiguration
     4  metadata:
     5    name: cert-manager-webhook
     6    labels:
     7      app: webhook
     8      app.kubernetes.io/name: webhook
     9      app.kubernetes.io/instance: cert-manager
    10      app.kubernetes.io/component: "webhook"
    11      app.kubernetes.io/version: "v1.8.2"
    12    annotations:
    13      cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca"
    14  webhooks:
    15    - name: webhook.cert-manager.io
    16      namespaceSelector:
    17        matchExpressions:
    18        - key: "cert-manager.io/disable-validation"
    19          operator: "NotIn"
    20          values:
    21          - "true"
    22        - key: "name"
    23          operator: "NotIn"
    24          values:
    25          - cert-manager
    26      rules:
    27        - apiGroups:
    28            - "cert-manager.io"
    29            - "acme.cert-manager.io"
    30          apiVersions:
    31            - "v1"
    32          operations:
    33            - CREATE
    34            - UPDATE
    35          resources:
    36            - "*/*"
    37      admissionReviewVersions: ["v1"]
    38      # This webhook only accepts v1 cert-manager resources.
    39      # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
    40      # this webhook (after the resources have been converted to v1).
    41      matchPolicy: Equivalent
    42      timeoutSeconds: 10
    43      failurePolicy: Fail
    44      sideEffects: None
    45      clientConfig:
    46        service:
    47          name: cert-manager-webhook
    48          namespace: "cert-manager"
    49          path: /validate
    50