104 lines
2.7 KiB
YAML
104 lines
2.7 KiB
YAML
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingWebhookConfiguration
|
|
metadata:
|
|
name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
|
|
labels:
|
|
{{- include "k8s-triliovault-operator.labels" . | nindent 4 }}
|
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-validating-webhook-configuration
|
|
webhooks:
|
|
- clientConfig:
|
|
service:
|
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
|
namespace: {{ .Release.Namespace }}
|
|
path: /validate-triliovault-trilio-io-v1-triliovaultmanager
|
|
failurePolicy: Fail
|
|
name: v1-tvm-validation.trilio.io
|
|
rules:
|
|
- apiGroups:
|
|
- triliovault.trilio.io
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- triliovaultmanagers
|
|
sideEffects: None
|
|
admissionReviewVersions:
|
|
- v1
|
|
- clientConfig:
|
|
service:
|
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
|
namespace: {{ .Release.Namespace }}
|
|
path: /validate-core-v1-secret
|
|
failurePolicy: Fail
|
|
name: v1-encryption-secret-validation.trilio.io
|
|
objectSelector:
|
|
matchExpressions:
|
|
- key: triliovault.trilio.io/master-secret
|
|
operator: Exists
|
|
rules:
|
|
- apiGroups:
|
|
- "*"
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- DELETE
|
|
- UPDATE
|
|
resources:
|
|
- secrets
|
|
sideEffects: None
|
|
admissionReviewVersions:
|
|
- v1
|
|
- clientConfig:
|
|
service:
|
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
|
namespace: {{ .Release.Namespace }}
|
|
path: /validate-core-v1-namespace
|
|
failurePolicy: Fail
|
|
name: v1-tvm-ns-validation.trilio.io
|
|
namespaceSelector:
|
|
matchExpressions:
|
|
- key: trilio-operator-label
|
|
operator: In
|
|
values:
|
|
- {{ .Release.Namespace }}
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- DELETE
|
|
resources:
|
|
- namespaces
|
|
scope: '*'
|
|
sideEffects: None
|
|
admissionReviewVersions:
|
|
- v1
|
|
{{- if .Values.observability.enabled }}
|
|
- clientConfig:
|
|
service:
|
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
|
namespace: {{ .Release.Namespace }}
|
|
path: /validate-core-v1-secret
|
|
failurePolicy: Ignore
|
|
name: v1-observability-secret-validation.trilio.io
|
|
objectSelector:
|
|
matchExpressions:
|
|
- key: triliovault.trilio.io/observability
|
|
operator: Exists
|
|
rules:
|
|
- apiGroups:
|
|
- "*"
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- DELETE
|
|
- UPDATE
|
|
resources:
|
|
- secrets
|
|
sideEffects: None
|
|
admissionReviewVersions:
|
|
- v1
|
|
{{- end }} |