github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/templates/webhook-mutating-webhook.yaml (about) 1 apiVersion: admissionregistration.k8s.io/v1 2 kind: MutatingWebhookConfiguration 3 metadata: 4 name: {{ include "webhook.fullname" . }} 5 labels: 6 app: {{ include "webhook.name" . }} 7 app.kubernetes.io/name: {{ include "webhook.name" . }} 8 app.kubernetes.io/instance: {{ .Release.Name }} 9 app.kubernetes.io/component: "webhook" 10 {{- include "labels" . | nindent 4 }} 11 annotations: 12 cert-manager.io/inject-ca-from-secret: {{ printf "%s/%s-ca" (include "cert-manager.namespace" .) (include "webhook.fullname" .) | quote }} 13 {{- with .Values.webhook.mutatingWebhookConfigurationAnnotations }} 14 {{- toYaml . | nindent 4 }} 15 {{- end }} 16 webhooks: 17 - name: webhook.cert-manager.io 18 rules: 19 - apiGroups: 20 - "cert-manager.io" 21 - "acme.cert-manager.io" 22 apiVersions: 23 - "v1" 24 operations: 25 - CREATE 26 - UPDATE 27 resources: 28 - "*/*" 29 admissionReviewVersions: ["v1"] 30 # This webhook only accepts v1 cert-manager resources. 31 # Equivalent matchPolicy ensures that non-v1 resource requests are sent to 32 # this webhook (after the resources have been converted to v1). 33 matchPolicy: Equivalent 34 timeoutSeconds: {{ .Values.webhook.timeoutSeconds }} 35 failurePolicy: Fail 36 # Only include 'sideEffects' field in Kubernetes 1.12+ 37 sideEffects: None 38 clientConfig: 39 {{- if .Values.webhook.url.host }} 40 url: https://{{ .Values.webhook.url.host }}/mutate 41 {{- else }} 42 service: 43 name: {{ template "webhook.fullname" . }} 44 namespace: {{ include "cert-manager.namespace" . }} 45 path: /mutate 46 {{- end }}