github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml

github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml (about)

     1  {{- if .Values.controller.admissionWebhooks.enabled -}}
     2  # before changing this value, check the required kubernetes version
     3  # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
     4  apiVersion: admissionregistration.k8s.io/v1
     5  kind: ValidatingWebhookConfiguration
     6  metadata:
     7    annotations:
     8    {{- if .Values.controller.admissionWebhooks.certManager.enabled }}
     9      certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }}
    10      cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "ingress-nginx.fullname" .) | quote }}
    11    {{- end }}
    12    {{- if .Values.controller.admissionWebhooks.annotations }}
    13      {{- toYaml .Values.controller.admissionWebhooks.annotations | nindent 4 }}
    14    {{- end }}
    15    labels:
    16      {{- include "ingress-nginx.labels" . | nindent 4 }}
    17      app.kubernetes.io/component: admission-webhook
    18      {{- with .Values.controller.admissionWebhooks.labels }}
    19      {{- toYaml . | nindent 4 }}
    20      {{- end }}
    21    name: {{ include "ingress-nginx.fullname" . }}-admission
    22  webhooks:
    23    - name: validate.nginx.ingress.kubernetes.io
    24      matchPolicy: Equivalent
    25      rules:
    26        - apiGroups:
    27            - networking.k8s.io
    28          apiVersions:
    29            - v1
    30          operations:
    31            - CREATE
    32            - UPDATE
    33          resources:
    34            - ingresses
    35      failurePolicy: {{ .Values.controller.admissionWebhooks.failurePolicy | default "Fail" }}
    36      sideEffects: None
    37      admissionReviewVersions:
    38        - v1
    39      clientConfig:
    40        service:
    41          namespace: {{ .Release.Namespace | quote }}
    42          name: {{ include "ingress-nginx.controller.fullname" . }}-admission
    43          path: /networking/v1/ingresses
    44      {{- if .Values.controller.admissionWebhooks.timeoutSeconds }}
    45      timeoutSeconds: {{ .Values.controller.admissionWebhooks.timeoutSeconds }}
    46      {{- end }}
    47      {{- if .Values.controller.admissionWebhooks.namespaceSelector }}
    48      namespaceSelector: {{ toYaml .Values.controller.admissionWebhooks.namespaceSelector | nindent 6 }}
    49      {{- end }}
    50      {{- if .Values.controller.admissionWebhooks.objectSelector }}
    51      objectSelector: {{ toYaml .Values.controller.admissionWebhooks.objectSelector | nindent 6 }}
    52      {{- end }}
    53  {{- end }}