andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-partner-charts/charts/confluent/confluent-for-kubernetes/templates/validatingwebhookconfigurat...

183 lines
4.9 KiB
YAML
Raw Blame History

{{- if (.Values.webhooks.enabled) }}
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
app: {{ include "confluent-operator.name" . }}
app.kubernetes.io/name: {{ include "confluent-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: "confluent-operator"
helm.sh/chart: {{ include "confluent-operator.chart" . }}
name: confluent-operator-{{ .Release.Namespace }}.webhook.platform.confluent.io
webhooks:
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: confluent-operator
namespace: {{ .Release.Namespace }}
path: /confluent-operator/validate
port: {{ .Values.webhooks.port }}
failurePolicy: Fail
name: cfk-resources.webhooks.platform.confluent.io
namespaceSelector:
matchExpressions:
- key: confluent-operator.webhooks.platform.confluent.io/disable
operator: NotIn
values: [ "true" ]
{{- if .Values.namespaced }}
- key: kubernetes.io/metadata.name
operator: In
values:
{{- if empty .Values.namespaceList }}
- {{ .Release.Namespace }}
{{- else }}
{{- range $i, $v := .Values.namespaceList }}
- {{ trim $v }}
{{- end }}
{{- end }}
{{- end }}
objectSelector:
matchExpressions:
- key: confluent-operator.webhooks.platform.confluent.io/disable
operator: NotIn
values: [ "true" ]
rules:
- apiGroups:
- platform.confluent.io
apiVersions:
- v1beta1
operations:
- DELETE
resources:
- zookeepers
- kafkas
- ksqldbs
- controlcenters
scope: Namespaced
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: confluent-operator
namespace: {{ .Release.Namespace }}
path: /confluent-operator/validate
port: {{ .Values.webhooks.port }}
failurePolicy: Fail
name: core-resources.webhooks.platform.confluent.io
namespaceSelector:
matchExpressions:
- key: confluent-operator.webhooks.platform.confluent.io/disable
operator: NotIn
values: [ "true" ]
{{- if .Values.namespaced }}
- key: kubernetes.io/metadata.name
operator: In
values:
{{- if empty .Values.namespaceList }}
- {{ .Release.Namespace }}
{{- else }}
{{- range $i, $v := .Values.namespaceList }}
- {{ trim $v }}
{{- end }}
{{- end }}
{{- end }}
objectSelector:
matchLabels:
confluent-platform: "true"
rules:
- apiGroups:
- apps
apiVersions:
- v1
operations:
- DELETE
resources:
- statefulsets
scope: Namespaced
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: confluent-operator
namespace: {{ .Release.Namespace }}
path: /confluent-operator/validate
port: {{ .Values.webhooks.port }}
failurePolicy: Fail
name: kafka-pods.webhooks.platform.confluent.io
namespaceSelector:
matchExpressions:
- key: confluent-operator.webhooks.platform.confluent.io/disable
operator: NotIn
values: [ "true" ]
{{- if .Values.namespaced }}
- key: kubernetes.io/metadata.name
operator: In
values:
{{- if empty .Values.namespaceList }}
- {{ .Release.Namespace }}
{{- else }}
{{- range $i, $v := .Values.namespaceList }}
- {{ trim $v }}
{{- end }}
{{- end }}
{{- end }}
objectSelector:
matchLabels:
confluent-platform: "true"
platform.confluent.io/type: kafka
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- DELETE
resources:
- pods
scope: Namespaced
sideEffects: None
timeoutSeconds: 30
- admissionReviewVersions:
- v1beta1
clientConfig:
service:
name: confluent-operator
namespace: {{ .Release.Namespace }}
path: /confluent-operator/validate
port: {{ .Values.webhooks.port }}
failurePolicy: Fail
name: evictions.webhooks.platform.confluent.io
namespaceSelector:
matchExpressions:
{{- if .Values.namespaced }}
- key: kubernetes.io/metadata.name
operator: In
values:
{{- if empty .Values.namespaceList }}
- {{ .Release.Namespace }}
{{- else }}
{{- range $i, $v := .Values.namespaceList }}
- {{ trim $v }}
{{- end }}
{{- end }}
{{- end }}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods/eviction
scope: Namespaced
sideEffects: None
timeoutSeconds: 30
{{- end }}
Reference in New Issue View Git Blame Copy Permalink