1 {{- if (and .Values.ingressController.admissionWebhook.enabled .Values.ingressController.enabled) }}
2 {{- $certCert := "" -}}
6 {{- if not .Values.ingressController.admissionWebhook.certificate.provided }}
7 {{- $cn := printf "%s.%s.svc" ( include "kong.service.validationWebhook" . ) ( include "kong.namespace" . ) -}}
8 {{- $ca := genCA "kong-admission-ca" 3650 -}}
9 {{- $cert := genSignedCert $cn nil (list $cn) 3650 $ca -}}
10 {{- $certCert = $cert.Cert -}}
11 {{- $certKey = $cert.Key -}}
12 {{- $caCert = $ca.Cert -}}
13 {{- $caKey = $ca.Key -}}
15 {{- $caSecret := (lookup "v1" "Secret" (include "kong.namespace" .) (printf "%s-validation-webhook-ca-keypair" (include "kong.fullname" .))) -}}
16 {{- $certSecret := (lookup "v1" "Secret" (include "kong.namespace" .) (printf "%s-validation-webhook-keypair" (include "kong.fullname" .))) -}}
18 {{- $certCert = (b64dec (get $certSecret.data "tls.crt")) -}}
19 {{- $certKey = (b64dec (get $certSecret.data "tls.key")) -}}
22 {{- $caCert = (b64dec (get $caSecret.data "tls.crt")) -}}
23 {{- $caKey = (b64dec (get $caSecret.data "tls.key")) -}}
26 kind: ValidatingWebhookConfiguration
27 {{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
28 apiVersion: admissionregistration.k8s.io/v1
30 apiVersion: admissionregistration.k8s.io/v1beta1
33 name: {{ template "kong.fullname" . }}-validations
34 namespace: {{ template "kong.namespace" . }}
36 {{- include "kong.metaLabels" . | nindent 4 }}
37 {{- if .Values.ingressController.admissionWebhook.annotations }}
39 {{- range $key, $value := .Values.ingressController.admissionWebhook.annotations }}
40 {{ $key }}: {{ $value | quote }}
44 - name: validations.kong.konghq.com
45 {{- with .Values.ingressController.admissionWebhook.namespaceSelector }}
47 {{- toYaml . | nindent 4 }}
49 {{- with .Values.ingressController.admissionWebhook.timeoutSeconds }}
50 timeoutSeconds: {{ . }}
58 failurePolicy: {{ .Values.ingressController.admissionWebhook.failurePolicy }}
60 admissionReviewVersions: ["v1beta1"]
63 - configuration.konghq.com
72 {{- if (semverCompare ">= 2.0.4" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
75 {{- if (semverCompare ">= 2.8.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
83 {{- if (semverCompare ">= 2.12.1" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
89 {{- if (semverCompare ">= 3.0.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
92 {{- if (semverCompare ">= 2.12.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
103 - gateway.networking.k8s.io
107 {{- if (semverCompare ">= 3.0.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
118 {{- if not .Values.ingressController.admissionWebhook.certificate.provided }}
119 caBundle: {{ b64enc $caCert }}
121 {{- if .Values.ingressController.admissionWebhook.certificate.caBundle }}
122 caBundle: {{ b64enc .Values.ingressController.admissionWebhook.certificate.caBundle }}
126 name: {{ template "kong.service.validationWebhook" . }}
127 namespace: {{ template "kong.namespace" . }}
132 name: {{ template "kong.service.validationWebhook" . }}
133 namespace: {{ template "kong.namespace" . }}
135 {{- include "kong.metaLabels" . | nindent 4 }}
136 {{- if .Values.ingressController.admissionWebhook.service.labels }}
137 {{- toYaml .Values.ingressController.admissionWebhook.service.labels | nindent 4 }}
146 {{- include "kong.metaLabels" . | nindent 4 }}
147 app.kubernetes.io/component: app
148 {{- if not .Values.ingressController.admissionWebhook.certificate.provided }}
153 name: {{ template "kong.fullname" . }}-validation-webhook-ca-keypair
154 namespace: {{ template "kong.namespace" . }}
156 {{- include "kong.metaLabels" . | nindent 4 }}
157 type: kubernetes.io/tls
159 tls.crt: {{ b64enc $caCert }}
160 tls.key: {{ b64enc $caKey }}
165 name: {{ template "kong.fullname" . }}-validation-webhook-keypair
166 namespace: {{ template "kong.namespace" . }}
168 {{- include "kong.metaLabels" . | nindent 4 }}
169 type: kubernetes.io/tls
171 tls.crt: {{ b64enc $certCert }}
172 tls.key: {{ b64enc $certKey }}