42 lines
1.8 KiB
YAML
42 lines
1.8 KiB
YAML
{{- if and .Values.prometheusOperator.admissionWebhooks.enabled }}
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingWebhookConfiguration
|
|
metadata:
|
|
name: {{ template "kube-prometheus-stack.fullname" . }}-admission
|
|
{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}
|
|
annotations:
|
|
certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
|
cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }}
|
|
{{- end }}
|
|
labels:
|
|
app: {{ template "kube-prometheus-stack.name" $ }}-admission
|
|
{{- include "kube-prometheus-stack.labels" $ | indent 4 }}
|
|
webhooks:
|
|
- name: prometheusrulemutate.monitoring.coreos.com
|
|
{{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }}
|
|
failurePolicy: Ignore
|
|
{{- else }}
|
|
failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }}
|
|
{{- end }}
|
|
rules:
|
|
- apiGroups:
|
|
- monitoring.coreos.com
|
|
apiVersions:
|
|
- "*"
|
|
resources:
|
|
- prometheusrules
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
clientConfig:
|
|
service:
|
|
namespace: {{ template "kube-prometheus-stack.namespace" . }}
|
|
name: {{ template "kube-prometheus-stack.operator.fullname" $ }}
|
|
path: /admission-prometheusrules/validate
|
|
{{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }}
|
|
caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }}
|
|
{{- end }}
|
|
admissionReviewVersions: ["v1", "v1beta1"]
|
|
sideEffects: None
|
|
{{- end }}
|