github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/cert-manager/templates/webhook-validating-webhook.yaml (about)

     1  apiVersion: admissionregistration.k8s.io/v1
     2  kind: ValidatingWebhookConfiguration
     3  metadata:
     4    name: {{ include "webhook.fullname" . }}
     5    labels:
     6      app: {{ include "webhook.name" . }}
     7      app.kubernetes.io/name: {{ include "webhook.name" . }}
     8      app.kubernetes.io/instance: {{ .Release.Name }}
     9      app.kubernetes.io/component: "webhook"
    10      {{- include "labels" . | nindent 4 }}
    11    annotations:
    12      cert-manager.io/inject-ca-from-secret: {{ printf "%s/%s-ca" (include "cert-manager.namespace" .) (include "webhook.fullname" .) | quote}}
    13      {{- with .Values.webhook.validatingWebhookConfigurationAnnotations }}
    14      {{- toYaml . | nindent 4 }}
    15      {{- end }}
    16  webhooks:
    17    - name: webhook.cert-manager.io
    18      namespaceSelector:
    19        matchExpressions:
    20        - key: "cert-manager.io/disable-validation"
    21          operator: "NotIn"
    22          values:
    23          - "true"
    24        - key: "name"
    25          operator: "NotIn"
    26          values:
    27          - {{ include "cert-manager.namespace" . }}
    28      rules:
    29        - apiGroups:
    30            - "cert-manager.io"
    31            - "acme.cert-manager.io"
    32          apiVersions:
    33            - "v1"
    34          operations:
    35            - CREATE
    36            - UPDATE
    37          resources:
    38            - "*/*"
    39      admissionReviewVersions: ["v1"]
    40      # This webhook only accepts v1 cert-manager resources.
    41      # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
    42      # this webhook (after the resources have been converted to v1).
    43      matchPolicy: Equivalent
    44      timeoutSeconds: {{ .Values.webhook.timeoutSeconds }}
    45      failurePolicy: Fail
    46      sideEffects: None
    47      clientConfig:
    48        {{- if .Values.webhook.url.host }}
    49        url: https://{{ .Values.webhook.url.host }}/validate
    50        {{- else }}
    51        service:
    52          name: {{ template "webhook.fullname" . }}
    53          namespace: {{ include "cert-manager.namespace" . }}
    54          path: /validate
    55        {{- end }}