andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-charts/charts/rancher-windows-gmsa/1.0.0/templates/validatingwebhook.yaml

35 lines
1.1 KiB
YAML
Raw Normal View History

make charts Signed-off-by: Jamie Phillips <jamie.phillips@suse.com>
2022-02-11 13:43:39 +00:00
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ .Release.Name }}
{{- if .Values.certificates.certManager.enabled }}
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }}
{{- end }}
labels: {{ include "gmsa.chartref" . | nindent 4 }}
webhooks:
- name: admission-webhook.windows-gmsa.sigs.k8s.io
clientConfig:
service:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
path: "/validate"
{{- if not (.Values.certificates.certManager.enabled) }}
caBundle: {{ template "certificates.cabundle" . }}
{{- end }}
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: [""]
apiVersions: ["*"]
resources: ["pods"]
failurePolicy: Fail
admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None
# don't run on ${NAMESPACE}
namespaceSelector:
matchExpressions:
- key: gmsa-webhook
operator: NotIn
values: [disabled]