2021-07-14 16:15:47 +00:00
{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }}
2020-12-18 00:46:15 +00:00
apiVersion : admissionregistration.k8s.io/v1
kind : ValidatingWebhookConfiguration
metadata :
name : {{ template "kube-prometheus-stack.fullname" . }}-admission
2021-02-26 21:25:43 +00:00
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
annotations :
2023-05-13 08:38:33 +00:00
certmanager.k8s.io/inject-ca-from : {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
cert-manager.io/inject-ca-from : {{ printf "%s/%s-admission" (include "kube-prometheus-stack.namespace" .) (include "kube-prometheus-stack.fullname" .) | quote }}
2021-02-26 21:25:43 +00:00
{{- end }}
2020-12-18 00:46:15 +00:00
labels :
app : {{ template "kube-prometheus-stack.name" $ }}-admission
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
webhooks :
- name : prometheusrulemutate.monitoring.coreos.com
2023-04-14 10:44:57 +00:00
{{- if .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
failurePolicy : {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
{{- else if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
2020-12-18 00:46:15 +00:00
failurePolicy : Ignore
{{- else }}
2023-04-14 10:44:57 +00:00
failurePolicy : Fail
2020-12-18 00:46:15 +00:00
{{- end }}
rules :
- apiGroups :
- monitoring.coreos.com
apiVersions :
- "*"
resources :
- prometheusrules
operations :
- CREATE
- UPDATE
clientConfig :
service :
namespace : {{ template "kube-prometheus-stack.namespace" . }}
name : {{ template "kube-prometheus-stack.operator.fullname" $ }}
path : /admission-prometheusrules/validate
2021-02-26 21:25:43 +00:00
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
caBundle : {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
{{- end }}
2022-12-06 20:43:11 +00:00
timeoutSeconds : {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }}
2020-12-18 00:46:15 +00:00
admissionReviewVersions : [ "v1" , "v1beta1" ]
sideEffects : None
2023-05-13 08:38:33 +00:00
{{- if or .Values.prometheusOperator.denyNamespaces .Values.prometheusOperator.namespaces }}
namespaceSelector :
matchExpressions :
{{- if .Values.prometheusOperator.denyNamespaces }}
- key : kubernetes.io/metadata.name
operator : NotIn
values :
{{- range $namespace := mustUniq .Values.prometheusOperator.denyNamespaces }}
- {{ $namespace }}
{{- end }}
{{- else if and .Values.prometheusOperator.namespaces .Values.prometheusOperator.namespaces.additional }}
- key : kubernetes.io/metadata.name
operator : In
values :
{{- if and .Values.prometheusOperator.namespaces.releaseNamespace (default .Values.prometheusOperator.namespaces.releaseNamespace true) }}
{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }}
- {{ $namespace }}
{{- end }}
{{- range $namespace := mustUniq .Values.prometheusOperator.namespaces.additional }}
- {{ $namespace }}
{{- end }}
{{- end }}
{{- end }}
2020-12-18 00:46:15 +00:00
{{- end }}