From 7fdea152eb5a305893c268dbaa9ad637f21d1242 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Sat, 13 Jan 2024 16:21:49 +0100 Subject: [PATCH] [helm] Move cert-manager.io/disable-validation to values MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jan-Otto Kröpke --- .../templates/webhook-mutating-webhook.yaml | 10 +++---- .../templates/webhook-validating-webhook.yaml | 12 ++------ deploy/charts/cert-manager/values.yaml | 28 +++++++++++++------ 3 files changed, 26 insertions(+), 24 deletions(-) diff --git a/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml index 8eed00102..9ea29777d 100644 --- a/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml +++ b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml @@ -15,6 +15,10 @@ metadata: {{- end }} webhooks: - name: webhook.cert-manager.io + {{- with .Values.webhook.mutatingWebhookConfiguration.namespaceSelector }} + namespaceSelector: + {{- toYaml . | nindent 6 }} + {{- end }} rules: - apiGroups: - "cert-manager.io" @@ -41,8 +45,4 @@ webhooks: name: {{ template "webhook.fullname" . }} namespace: {{ include "cert-manager.namespace" . }} path: /mutate - {{- end }} - namespaceSelector: - {{- with .Values.webhook.webhookConfigurationNamespaceSelector }} - {{- toYaml . | nindent 6 }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml b/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml index c01212b30..76235fdee 100644 --- a/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml +++ b/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml @@ -15,18 +15,10 @@ metadata: {{- end }} webhooks: - name: webhook.cert-manager.io + {{- with .Values.webhook.validatingWebhookConfiguration.namespaceSelector }} namespaceSelector: - {{- with (omit .Values.webhook.webhookConfigurationNamespaceSelector "matchExpressions") }} {{- toYaml . | nindent 6 }} - {{- end }} - matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - {{- with .Values.webhook.webhookConfigurationNamespaceSelector.matchExpressions }} - {{- toYaml . | nindent 6 }} - {{- end }} + {{- end }} rules: - apiGroups: - "cert-manager.io" diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 17c419dcc..7bf2cd66a 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -401,15 +401,25 @@ webhook: # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration # validatingWebhookConfigurationAnnotations: {} - # Configure spec.namespaceSelector for mutating and validating webhooks. - webhookConfigurationNamespaceSelector: {} - # matchLabels: - # key: value - # matchExpressions: - # - key: kubernetes.io/metadata.name - # operator: NotIn - # values: - # - kube-system + validatingWebhookConfiguration: + # Configure spec.namespaceSelector for validating webhooks. + namespaceSelector: + matchExpressions: + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + + mutatingWebhookConfiguration: + # Configure spec.namespaceSelector for mutating webhooks. + namespaceSelector: {} + # matchLabels: + # key: value + # matchExpressions: + # - key: kubernetes.io/metadata.name + # operator: NotIn + # values: + # - kube-system # Additional command line flags to pass to cert-manager webhook binary.