{{ $tls := fromYaml ( include "aws-gateway-controller.webhookTLS" . ) }} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: aws-appnet-gwc-mutating-webhook webhooks: - admissionReviewVersions: - v1 clientConfig: caBundle: {{ $tls.caCert }} service: name: webhook-service namespace: {{ .Release.Namespace }} path: /mutate-pod failurePolicy: Fail name: mpod.gwc.k8s.aws rules: - apiGroups: - "" apiVersions: - v1 operations: - CREATE resources: - pods sideEffects: None namespaceSelector: matchExpressions: - key: application-networking.k8s.aws/pod-readiness-gate-inject operator: In values: - enabled objectSelector: matchExpressions: - key: app.kubernetes.io/name operator: NotIn values: - gateway-api-controller --- apiVersion: v1 kind: Service metadata: name: webhook-service namespace: {{ .Release.Namespace }} spec: ports: - port: 443 targetPort: webhook-server selector: control-plane: gateway-api-controller --- apiVersion: v1 kind: Secret metadata: name: webhook-cert namespace: {{ .Release.Namespace }} type: kubernetes.io/tls data: ca.crt: {{ $tls.caCert }} tls.crt: {{ $tls.cert }} tls.key: {{ $tls.key }}