open-cluster-management.io/governance-policy-propagator@v0.13.0/deploy/webhook.yaml (about) 1 apiVersion: v1 2 kind: Service 3 metadata: 4 name: propagator-webhook-service 5 namespace: open-cluster-management 6 spec: 7 ports: 8 - port: 443 9 protocol: TCP 10 targetPort: 9443 11 selector: 12 webhook-origin: governance-policy-propagator 13 --- 14 apiVersion: cert-manager.io/v1 15 kind: Certificate 16 metadata: 17 name: propagator-webhook-serving-cert 18 namespace: open-cluster-management 19 spec: 20 dnsNames: 21 - propagator-webhook-service.open-cluster-management.svc 22 - propagator-webhook-service.open-cluster-management.svc.cluster.local 23 issuerRef: 24 kind: Issuer 25 name: propagator-webhook-selfsigned-issuer 26 secretName: propagator-webhook-server-cert 27 --- 28 apiVersion: cert-manager.io/v1 29 kind: Issuer 30 metadata: 31 name: propagator-webhook-selfsigned-issuer 32 namespace: open-cluster-management 33 spec: 34 selfSigned: {} 35 --- 36 apiVersion: admissionregistration.k8s.io/v1 37 kind: ValidatingWebhookConfiguration 38 metadata: 39 annotations: 40 cert-manager.io/inject-ca-from: open-cluster-management/propagator-webhook-serving-cert 41 name: propagator-webhook-validating-configuration 42 webhooks: 43 - admissionReviewVersions: 44 - v1 45 clientConfig: 46 service: 47 name: propagator-webhook-service 48 namespace: open-cluster-management 49 path: /validate-policy-open-cluster-management-io-v1-policy 50 failurePolicy: Ignore 51 name: policy.open-cluster-management.io.webhook 52 rules: 53 - apiGroups: 54 - policy.open-cluster-management.io 55 apiVersions: 56 - v1 57 operations: 58 - CREATE 59 - UPDATE 60 resources: 61 - policies 62 sideEffects: None