Merge pull request #6638 from jkroepke/webhooks

[helm] Support custom spec.namespaceSelector for webhooks
2024-01-13 15:35:31 +00:00 · 2024-01-13 15:35:31 +00:00 · c002cd53c8
commit c002cd53c8
parent 7e94b735ca 7fdea152eb
3 changed files with 29 additions and 6 deletions
--- a/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
@ -15,6 +15,10 @@ metadata:
    {{- end }}
 webhooks:
  - name: webhook.cert-manager.io
+    {{- with .Values.webhook.mutatingWebhookConfiguration.namespaceSelector }}
+    namespaceSelector:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
    rules:
      - apiGroups:
          - "cert-manager.io"
@ -41,4 +45,4 @@ webhooks:
        name: {{ template "webhook.fullname" . }}
        namespace: {{ include "cert-manager.namespace" . }}
        path: /mutate
-      {{- end }}
+      {{- end }}
--- a/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml
+++ b/deploy/charts/cert-manager/templates/webhook-validating-webhook.yaml
@ -15,12 +15,10 @@ metadata:
    {{- end }}
 webhooks:
  - name: webhook.cert-manager.io
+    {{- with .Values.webhook.validatingWebhookConfiguration.namespaceSelector }}
    namespaceSelector:
-      matchExpressions:
-      - key: "cert-manager.io/disable-validation"
-        operator: "NotIn"
-        values:
-        - "true"
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
    rules:
      - apiGroups:
          - "cert-manager.io"
--- a/deploy/charts/cert-manager/values.yaml
+++ b/deploy/charts/cert-manager/values.yaml
@ -401,6 +401,27 @@ webhook:
  # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration
  # validatingWebhookConfigurationAnnotations: {}

+  validatingWebhookConfiguration:
+    # Configure spec.namespaceSelector for validating webhooks.
+    namespaceSelector:
+      matchExpressions:
+        - key: "cert-manager.io/disable-validation"
+          operator: "NotIn"
+          values:
+            - "true"
+
+  mutatingWebhookConfiguration:
+    # Configure spec.namespaceSelector for mutating webhooks.
+    namespaceSelector: {}
+    #  matchLabels:
+    #    key: value
+    #  matchExpressions:
+    #    - key: kubernetes.io/metadata.name
+    #      operator: NotIn
+    #      values:
+    #        - kube-system
+
+
  # Additional command line flags to pass to cert-manager webhook binary.
  # To see all available flags run docker run quay.io/jetstack/cert-manager-webhook:<version> --help
  extraArgs: []