{{ $tls := fromYaml ( include "aws-sigv4-proxy-admission-controller.gen-certs" . ) }} --- {{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }} apiVersion: admissionregistration.k8s.io/v1 {{- else }} apiVersion: admissionregistration.k8s.io/v1beta1 {{- end }} kind: MutatingWebhookConfiguration metadata: name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-config labels: app: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }} {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} webhooks: - name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}.k8s.aws clientConfig: service: name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-service namespace: {{ .Release.Namespace }} path: "/mutate" caBundle: {{ $tls.caCert }} rules: - operations: [ "CREATE" ] apiGroups: ["apps", ""] apiVersions: ["v1"] resources: ["pods"] sideEffects: None admissionReviewVersions: - v1beta1 --- apiVersion: v1 kind: Secret metadata: name: {{ template "aws-sigv4-proxy-admission-controller.fullname" . }}-webhook-certs namespace: {{ .Release.Namespace }} labels: {{ include "aws-sigv4-proxy-admission-controller.labels" . | indent 4 }} type: Opaque data: cert.pem: {{ $tls.clientCert }} key.pem: {{ $tls.clientKey }}