From ec8df6d6df5dcd9ec0698820e4e33e51144902c7 Mon Sep 17 00:00:00 2001
From: James Munnelly <james@munnelly.eu>
Date: Sun, 18 Aug 2019 12:02:13 +0100
Subject: [PATCH] Add mutating webhook definition

Signed-off-by: James Munnelly <james@munnelly.eu>
---
 .../templates/webhook-mutating-webhook.yaml   | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml

diff --git a/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
new file mode 100644
index 000000000..a89d75df9
--- /dev/null
+++ b/deploy/charts/cert-manager/templates/webhook-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- if .Values.webhook.enabled -}}
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ include "webhook.fullname" . }}
+  labels:
+    app: {{ include "webhook.name" . }}
+    app.kubernetes.io/name: {{ include "webhook.name" . }}
+    app.kubernetes.io/instance:  {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "webhook.chart" . }}
+  annotations:
+{{- if .Values.webhook.injectAPIServerCA }}
+    certmanager.k8s.io/inject-apiserver-ca: "true"
+{{- end }}
+webhooks:
+  - name: webhook.certmanager.k8s.io
+    rules:
+      - apiGroups:
+          - "certmanager.k8s.io"
+        apiVersions:
+          - v1alpha1
+        operations:
+          - CREATE
+          - UPDATE
+        resources:
+          - certificates
+          - issuers
+          - clusterissuers
+          - orders
+          - challenges
+          - certificaterequests
+    failurePolicy: Fail
+    clientConfig:
+      service:
+        name: kubernetes
+        namespace: default
+        path: /apis/webhook.certmanager.k8s.io/v1beta1/mutations
+{{- end -}}