rancher-partner-charts/charts/trilio/k8s-triliovault-operator/3.0.1/templates/validating-webhook.yaml

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
  labels:
    app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
    app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
    app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-validating-webhook-configuration
    app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
    service:
      name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
      namespace: {{ .Release.Namespace }}
      path: /validate-triliovault-trilio-io-v1-triliovaultmanager
  failurePolicy: Fail
  name: v1-tvm-validation.trilio.io
  rules:
  - apiGroups:
    - triliovault.trilio.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - triliovaultmanagers
  sideEffects: None
  admissionReviewVersions:
    - v1
- clientConfig:
    service:
      name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
      namespace: {{ .Release.Namespace }}
      path: /validate-core-v1-secret
  failurePolicy: Fail
  name: v1-encryption-secret-validation.trilio.io
  objectSelector:
    matchExpressions:
      - key: triliovault.trilio.io/master-secret
        operator: Exists
  rules:
    - apiGroups:
        - "*"
      apiVersions:
        - v1
      operations:
        - DELETE
        - UPDATE
      resources:
        - secrets
  sideEffects: None
  admissionReviewVersions:
    - v1
{{- if .Values.observability.enabled }}
- clientConfig:
    service:
      name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
      namespace: {{ .Release.Namespace }}
      path: /validate-core-v1-secret
  failurePolicy: Fail
  name: v1-observability-secret-validation.trilio.io
  objectSelector:
    matchExpressions:
      - key: triliovault.trilio.io/observability
        operator: Exists
  rules:
    - apiGroups:
        - "*"
      apiVersions:
        - v1
      operations:
        - DELETE
        - UPDATE
      resources:
        - secrets
  sideEffects: None
  admissionReviewVersions:
    - v1
{{- end }}