# Mutating wehbook is used to perform sidecar injection. 
# It calls sidecar-injector-service when the label is matched.
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: cpx-sidecar-injector
  namespace: {{ .Release.Namespace }}
  labels:
    app: cpx-sidecar-injector
    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    release: {{ .Release.Name }}
webhooks:
  - name: cpx-sidecar-injector.citrix.io
    admissionReviewVersions:
    - v1
    clientConfig:
      service:
        name: cpx-sidecar-injector
        namespace: {{ .Release.Namespace }}
        path: "/inject"
      caBundle: ""
    rules:
      - operations: [ "CREATE" ]
        apiGroups: [""]
        apiVersions: ["v1"]
        resources: ["pods"]
        scope: "*"
    sideEffects: None
    failurePolicy: Fail
    namespaceSelector:
      matchLabels:
{{- if .Values.webhook.injectionLabelName }}
        {{ .Values.webhook.injectionLabelName }}: enabled
{{- else }}
        cpx-injection: enabled
{{- end }}
  - name: object.cpx-sidecar-injector.citrix.io
    admissionReviewVersions:
    - v1
    clientConfig:
      service:
        name: cpx-sidecar-injector
        namespace: {{ .Release.Namespace }}
        path: "/inject"
      caBundle: ""
    rules:
      - operations: [ "CREATE" ]
        apiGroups: [""]
        apiVersions: ["v1"]
        resources: ["pods"]
        scope: "*"
    sideEffects: None
    failurePolicy: Fail
    objectSelector:
      matchLabels:
        sidecar.citrix.io/inject: "true"
---