apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: {{ include "webhook.fullname" . }} labels: app: {{ include "webhook.name" . }} app.kubernetes.io/name: {{ include "webhook.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/component: "webhook" helm.sh/chart: {{ include "webhook.chart" . }} annotations: cert-manager.io/inject-ca-from-secret: "{{ .Release.Namespace }}/{{ template "webhook.fullname" . }}-ca" {{- if .Values.webhook.validatingWebhookConfigurationAnnotations }} {{ toYaml .Values.webhook.validatingWebhookConfigurationAnnotations | indent 4 }} {{- end }} webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - key: "cert-manager.io/disable-validation" operator: "NotIn" values: - "true" - key: "name" operator: "NotIn" values: - {{ .Release.Namespace }} rules: - apiGroups: - "cert-manager.io" - "acme.cert-manager.io" apiVersions: - "*" operations: - CREATE - UPDATE resources: - "*/*" admissionReviewVersions: ["v1", "v1beta1"] timeoutSeconds: {{ .Values.webhook.timeoutSeconds }} failurePolicy: Fail sideEffects: None clientConfig: service: name: {{ template "webhook.fullname" . }} namespace: {{ .Release.Namespace | quote }} path: /validate