1 {{- if .Values.ingressController.admissionWebhook.enabled }}
2 {{- $cn := printf "%s.%s.svc" ( include "kong.service.validationWebhook" . ) .Release.Namespace }}
3 {{- $ca := genCA "kong-admission-ca" 3650 -}}
4 {{- $cert := genSignedCert $cn nil nil 3650 $ca -}}
5 kind: ValidatingWebhookConfiguration
6 {{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
7 apiVersion: admissionregistration.k8s.io/v1
9 apiVersion: admissionregistration.k8s.io/v1beta1
12 name: {{ template "kong.fullname" . }}-validations
14 {{- include "kong.metaLabels" . | nindent 4 }}
16 - name: validations.kong.konghq.com
17 failurePolicy: {{ .Values.ingressController.admissionWebhook.failurePolicy }}
19 admissionReviewVersions: ["v1beta1"]
22 - configuration.konghq.com
32 caBundle: {{ b64enc $ca.Cert }}
34 name: {{ template "kong.service.validationWebhook" . }}
35 namespace: {{ .Release.Namespace }}
40 name: {{ template "kong.service.validationWebhook" . }}
42 {{- include "kong.metaLabels" . | nindent 4 }}
50 {{- include "kong.metaLabels" . | nindent 4 }}
51 app.kubernetes.io/component: app
56 name: {{ template "kong.fullname" . }}-validation-webhook-keypair
58 {{- include "kong.metaLabels" . | nindent 4 }}
59 type: kubernetes.io/tls
61 tls.crt: {{ b64enc $cert.Cert }}
62 tls.key: {{ b64enc $cert.Key }}