[helm] Support custom spec.namespaceSelector for webhooks

Signed-off-by: Jan-Otto Kröpke <mail@jkroepke.de>

deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml

@@ -42,3 +42,7 @@ webhooks:
         namespace: {{ include "cert-manager.namespace" . }}
         path: /mutate
       {{- end }}
+    namespaceSelector:
+    {{- with .Values.webhook.webhookConfigurationNamespaceSelector }}
+    {{- toYaml . | nindent 6 }}
+    {{- end }}

deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml

@@ -16,11 +16,17 @@ metadata:
 webhooks:
   - name: webhook.cert-manager.io
     namespaceSelector:
+      {{- with (omit .Values.webhook.webhookConfigurationNamespaceSelector "matchExpressions") }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
       matchExpressions:
       - key: "cert-manager.io/disable-validation"
         operator: "NotIn"
         values:
         - "true"
+      {{- with .Values.webhook.webhookConfigurationNamespaceSelector.matchExpressions }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
     rules:
       - apiGroups:
           - "cert-manager.io"

deploy/charts/cert-manager/values.yaml

@@ -401,6 +401,17 @@ webhook:
   # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
   # validatingWebhookConfigurationAnnotations: {}
 
+  # Configure spec.namespaceSelector for mutating and validating webhooks.
+  webhookConfigurationNamespaceSelector: {}
+  #  matchLabels:
+  #    key: value
+  #  matchExpressions:
+  #    - key: kubernetes.io/metadata.name
+  #      operator: NotIn
+  #      values:
+  #        - kube-system
+
+
   # Additional command line flags to pass to cert-manager webhook binary.
   # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook:<version> --help
   extraArgs: []