{{- if .Values.webhook.create }} apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: secretstore-validate labels: external-secrets.io/component: webhook webhooks: - name: "validate.secretstore.external-secrets.io" rules: - apiGroups: ["external-secrets.io"] apiVersions: ["v1beta1"] operations: ["CREATE", "UPDATE", "DELETE"] resources: ["secretstores"] scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace | quote }} name: {{ include "external-secrets.fullname" . }}-webhook path: /validate-external-secrets-io-v1beta1-secretstore admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None timeoutSeconds: 5 - name: "validate.clustersecretstore.external-secrets.io" rules: - apiGroups: ["external-secrets.io"] apiVersions: ["v1beta1"] operations: ["CREATE", "UPDATE", "DELETE"] resources: ["clustersecretstores"] scope: "Cluster" clientConfig: service: namespace: {{ .Release.Namespace | quote }} name: {{ include "external-secrets.fullname" . }}-webhook path: /validate-external-secrets-io-v1beta1-clustersecretstore admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None timeoutSeconds: 5 --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: externalsecret-validate labels: external-secrets.io/component: webhook webhooks: - name: "validate.externalsecret.external-secrets.io" rules: - apiGroups: ["external-secrets.io"] apiVersions: ["v1beta1"] operations: ["CREATE", "UPDATE", "DELETE"] resources: ["externalsecrets"] scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace | quote }} name: {{ include "external-secrets.fullname" . }}-webhook path: /validate-external-secrets-io-v1beta1-externalsecret admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None timeoutSeconds: 5 failurePolicy: {{ .Values.webhook.failurePolicy}} {{- end }}