mirror of https://git.rancher.io/charts
35 lines
1.1 KiB
YAML
35 lines
1.1 KiB
YAML
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: MutatingWebhookConfiguration
|
|
metadata:
|
|
name: {{ .Release.Name }}
|
|
{{- if .Values.certificates.certManager.enabled }}
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Release.Name }}
|
|
{{- end }}
|
|
labels: {{ include "gmsa.chartref" . | nindent 4 }}
|
|
webhooks:
|
|
- name: admission-webhook.windows-gmsa.sigs.k8s.io
|
|
clientConfig:
|
|
service:
|
|
name: {{ .Release.Name }}
|
|
namespace: {{.Release.Namespace}}
|
|
path: "/mutate"
|
|
{{- if not (.Values.certificates.certManager.enabled) }}
|
|
caBundle: {{ template "certificates.cabundle" . }}
|
|
{{- end }}
|
|
rules:
|
|
- operations: ["CREATE"]
|
|
apiGroups: [""]
|
|
apiVersions: ["*"]
|
|
resources: ["pods"]
|
|
failurePolicy: Fail
|
|
admissionReviewVersions: ["v1", "v1beta1"]
|
|
sideEffects: None
|
|
# don't run on ${NAMESPACE}
|
|
namespaceSelector:
|
|
matchExpressions:
|
|
- key: gmsa-webhook
|
|
operator: NotIn
|
|
values: [disabled]
|
|
|