ric-aux/helm/infrastructure/subcharts/kong/templates/admission-webhook.yaml

   1 {{- if .Values.ingressController.admissionWebhook.enabled }}
   2 {{- $cn := printf "%s.%s.svc" ( include "kong.service.validationWebhook" . ) .Release.Namespace }}
   3 {{- $ca := genCA "kong-admission-ca" 3650 -}}
   4 {{- $cert := genSignedCert $cn nil nil 3650 $ca -}}
   5 kind: ValidatingWebhookConfiguration
   6 {{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
   7 apiVersion: admissionregistration.k8s.io/v1
   8 {{- else }}
   9 apiVersion: admissionregistration.k8s.io/v1beta1
  10 {{- end }}
  11 metadata:
  12   name: {{ template "kong.fullname" . }}-validations
  13   labels:
  14     {{- include "kong.metaLabels" . | nindent 4 }}
  15 webhooks:
  16 - name: validations.kong.konghq.com
  17   failurePolicy: {{ .Values.ingressController.admissionWebhook.failurePolicy }}
  18   sideEffects: None
  19   admissionReviewVersions: ["v1beta1"]
  20   rules:
  21   - apiGroups:
  22     - configuration.konghq.com
  23     apiVersions:
  24     - '*'
  25     operations:
  26     - CREATE
  27     - UPDATE
  28     resources:
  29     - kongconsumers
  30     - kongplugins
  31   clientConfig:
  32     caBundle: {{ b64enc $ca.Cert }}
  33     service:
  34       name: {{ template "kong.service.validationWebhook" . }}
  35       namespace: {{ .Release.Namespace }}
  36 ---
  37 apiVersion: v1
  38 kind: Service
  39 metadata:
  40   name: {{ template "kong.service.validationWebhook" . }}
  41   labels:
  42     {{- include "kong.metaLabels" . | nindent 4 }}
  43 spec:
  44   ports:
  45   - name: webhook
  46     port: 443
  47     protocol: TCP
  48     targetPort: webhook
  49   selector:
  50     {{- include "kong.metaLabels" . | nindent 4 }}
  51     app.kubernetes.io/component: app
  52 ---
  53 apiVersion: v1
  54 kind: Secret
  55 metadata:
  56   name: {{ template "kong.fullname" . }}-validation-webhook-keypair
  57   labels:
  58     {{- include "kong.metaLabels" . | nindent 4 }}
  59 type: kubernetes.io/tls
  60 data:
  61   tls.crt: {{ b64enc $cert.Cert }}
  62   tls.key: {{ b64enc $cert.Key }}
  63 {{ end }}