logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
							{{- if .Values.webhook.create }}
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: secretstore-validate
  labels:
    {{- include "external-secrets-webhook.labels" . | nindent 4 }}
    external-secrets.io/component: webhook
  {{- if or .Values.webhook.annotations (and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations) }}
  annotations:
    {{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
    cert-manager.io/inject-ca-from: {{ template "external-secrets.namespace" . }}/{{ include "external-secrets.fullname" . }}-webhook
    {{- end }}
    {{- if .Values.webhook.annotations }}
    {{- toYaml .Values.webhook.annotations | nindent 4 }}
    {{- end }}
  {{- end }}
webhooks:
- name: "validate.secretstore.external-secrets.io"
  rules:
  - apiGroups:   ["external-secrets.io"]
    apiVersions: ["v1beta1"]
    operations:  ["CREATE", "UPDATE", "DELETE"]
    resources:   ["secretstores"]
    scope:       "Namespaced"
  clientConfig:
    service:
      namespace: {{ template "external-secrets.namespace" . }}
      name: {{ include "external-secrets.fullname" . }}-webhook
      path: /validate-external-secrets-io-v1beta1-secretstore
  admissionReviewVersions: ["v1", "v1beta1"]
  sideEffects: None
  timeoutSeconds: 5

- name: "validate.clustersecretstore.external-secrets.io"
  rules:
  - apiGroups:   ["external-secrets.io"]
    apiVersions: ["v1beta1"]
    operations:  ["CREATE", "UPDATE", "DELETE"]
    resources:   ["clustersecretstores"]
    scope:       "Cluster"
  clientConfig:
    service:
      namespace: {{ template "external-secrets.namespace" . }}
      name: {{ include "external-secrets.fullname" . }}-webhook
      path: /validate-external-secrets-io-v1beta1-clustersecretstore
  admissionReviewVersions: ["v1", "v1beta1"]
  sideEffects: None
  timeoutSeconds: 5
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: externalsecret-validate
  labels:
    {{- include "external-secrets-webhook.labels" . | nindent 4 }}
    external-secrets.io/component: webhook
  {{- if or .Values.webhook.annotations (and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations) }}
  annotations:
    {{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }}
    cert-manager.io/inject-ca-from: {{ template "external-secrets.namespace" . }}/{{ include "external-secrets.fullname" . }}-webhook
    {{- end }}
    {{- if .Values.webhook.annotations }}
    {{- toYaml .Values.webhook.annotations | nindent 4 }}
    {{- end }}
  {{- end }}
webhooks:
- name: "validate.externalsecret.external-secrets.io"
  rules:
  - apiGroups:   ["external-secrets.io"]
    apiVersions: ["v1beta1"]
    operations:  ["CREATE", "UPDATE", "DELETE"]
    resources:   ["externalsecrets"]
    scope:       "Namespaced"
  clientConfig:
    service:
      namespace: {{ template "external-secrets.namespace" . }}
      name: {{ include "external-secrets.fullname" . }}-webhook
      path: /validate-external-secrets-io-v1beta1-externalsecret
  admissionReviewVersions: ["v1", "v1beta1"]
  sideEffects: None
  timeoutSeconds: 5
  failurePolicy: {{ .Values.webhook.failurePolicy}}
{{- end }}