logic855
/
helm-external-secrets
kopia lustrzana https://github.com/external-secrets/external-secrets


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243
							{{- if .Values.webhook.create }}
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: secretstore-validate
  labels:
    external-secrets.io/component: webhook
webhooks:
- name: "validate.secretstore.external-secrets.io"
  rules:
  - apiGroups:   ["external-secrets.io"]
    apiVersions: ["v1beta1"]
    operations:  ["CREATE", "UPDATE", "DELETE"]
    resources:   ["secretstores"]
    scope:       "Namespaced"
  clientConfig:
    service:
      namespace: {{ .Release.Namespace | quote }}
      name: {{ include "external-secrets.fullname" . }}-webhook
      path: /validate-external-secrets-io-v1beta1-secretstore
    # will be set by controller
    caBundle: Cg==
  admissionReviewVersions: ["v1", "v1beta1"]
  sideEffects: None
  timeoutSeconds: 5

- name: "validate.clustersecretstore.external-secrets.io"
  rules:
  - apiGroups:   ["external-secrets.io"]
    apiVersions: ["v1beta1"]
    operations:  ["CREATE", "UPDATE", "DELETE"]
    resources:   ["clustersecretstores"]
    scope:       "Cluster"
  clientConfig:
    service:
      namespace: {{ .Release.Namespace | quote }}
      name: {{ include "external-secrets.fullname" . }}-webhook
      path: /validate-external-secrets-io-v1beta1-clustersecretstore
    caBundle: Cg== # will be set by controller
  admissionReviewVersions: ["v1", "v1beta1"]
  sideEffects: None
  timeoutSeconds: 5
{{- end }}