X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=helm%2Finfrastructure%2Fsubcharts%2Fkong%2Ftemplates%2Fadmission-webhook.yaml;fp=helm%2Finfrastructure%2Fsubcharts%2Fkong%2Ftemplates%2Fadmission-webhook.yaml;h=8e37eeb5b450f8d1e21d02344567f43ba0f609a6;hb=7a43fbd4642448783aaf708d07ca883bf9bc5afd;hp=0000000000000000000000000000000000000000;hpb=282e7af25ec053ae6d1c5a399c91c2c323f705cd;p=ric-plt%2Fric-dep.git

diff --git a/helm/infrastructure/subcharts/kong/templates/admission-webhook.yaml b/helm/infrastructure/subcharts/kong/templates/admission-webhook.yaml
new file mode 100755
index 0000000..8e37eeb
--- /dev/null
+++ b/helm/infrastructure/subcharts/kong/templates/admission-webhook.yaml
@@ -0,0 +1,63 @@
+{{- if .Values.ingressController.admissionWebhook.enabled }}
+{{- $cn := printf "%s.%s.svc" ( include "kong.service.validationWebhook" . ) .Release.Namespace }}
+{{- $ca := genCA "kong-admission-ca" 3650 -}}
+{{- $cert := genSignedCert $cn nil nil 3650 $ca -}}
+kind: ValidatingWebhookConfiguration
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+metadata:
+  name: {{ template "kong.fullname" . }}-validations
+  labels:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+webhooks:
+- name: validations.kong.konghq.com
+  failurePolicy: {{ .Values.ingressController.admissionWebhook.failurePolicy }}
+  sideEffects: None
+  admissionReviewVersions: ["v1beta1"]
+  rules:
+  - apiGroups:
+    - configuration.konghq.com
+    apiVersions:
+    - '*'
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kongconsumers
+    - kongplugins
+  clientConfig:
+    caBundle: {{ b64enc $ca.Cert }}
+    service:
+      name: {{ template "kong.service.validationWebhook" . }}
+      namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "kong.service.validationWebhook" . }}
+  labels:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+spec:
+  ports:
+  - name: webhook
+    port: 443
+    protocol: TCP
+    targetPort: webhook
+  selector:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+    app.kubernetes.io/component: app
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "kong.fullname" . }}-validation-webhook-keypair
+  labels:
+    {{- include "kong.metaLabels" . | nindent 4 }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ b64enc $cert.Cert }}
+  tls.key: {{ b64enc $cert.Key }}
+{{ end }}