feat: webbook name configuration.

Now the controller creates is own root CA and needs to configure the webhooks with the proper CA certificate bundle. Therefore, it's necessary to define in the CLI arguments the webhooks names which the controller must update after creating the root CA. Signed-off-by: José Guilherme Vanz <[email protected]>
kubewarden · Aug 30, 2023 · 2d17a9b · 2d17a9b
1 parent 6ef175e
commit 2d17a9b
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 2 deletions.
diff --git a/charts/kubewarden-controller/chart-values.yaml b/charts/kubewarden-controller/chart-values.yaml
@@ -82,6 +82,10 @@ resources:
       memory: 50Mi
 # Controller replicas
 replicas: 1
+# values to configure the webhook used to validate/mudate custom resources
+webHooks:
+  validatingWebHooks: "kubewarden-controller-validating-webhook-configuration"
+  mutatingWebHooks: "kubewarden-controller-mutating-webhook-configuration"
 auditScanner:
   enable: true
   # The default audit-scanner ServiceAccount is bound to the ClusterRoles:

diff --git a/charts/kubewarden-controller/templates/deployment.yaml b/charts/kubewarden-controller/templates/deployment.yaml
@@ -42,6 +42,9 @@ spec:
         - --enable-metrics
        {{- end }}
         - --always-accept-admission-reviews-on-deployments-namespace
+        - --validating-webhooks={{ .Values.webHooks.validatingWebHooks }}
+        - --mutating-webhooks={{ .Values.webHooks.mutatingWebHooks }}
+        - --controller-webhook-service={{ include "kubewarden-controller.fullname" . }}-webhook-service
         command:
         - /manager
         {{- if .Values.telemetry.enabled }}

diff --git a/charts/kubewarden-controller/templates/webhooks.yaml b/charts/kubewarden-controller/templates/webhooks.yaml
@@ -4,7 +4,7 @@ kind: MutatingWebhookConfiguration
 metadata:
   annotations:
     {{- include "kubewarden-controller.annotations" . | nindent 4 }}
-  name: kubewarden-controller-mutating-webhook-configuration
+  name: {{ .Values.webHooks.mutatingWebHooks }}
   labels:
     {{- include "kubewarden-controller.labels" . | nindent 4 }}
 webhooks:
@@ -78,7 +78,7 @@ kind: ValidatingWebhookConfiguration
 metadata:
   annotations:
     {{- include "kubewarden-controller.annotations" . | nindent 4 }}
-  name: kubewarden-controller-validating-webhook-configuration
+  name: {{ .Values.webHooks.validatingWebHooks }}
   labels:
     {{- include "kubewarden-controller.labels" . | nindent 4 }}
 webhooks:

diff --git a/charts/kubewarden-controller/values.yaml b/charts/kubewarden-controller/values.yaml
@@ -118,6 +118,10 @@ resources:
       memory: 50Mi
 # Controller replicas
 replicas: 1
+# values to configure the webhook used to validate/mudate custom resources
+webHooks:
+  validatingWebHooks: "kubewarden-controller-validating-webhook-configuration"
+  mutatingWebHooks: "kubewarden-controller-mutating-webhook-configuration"
 auditScanner:
   enable: true
   # The default audit-scanner ServiceAccount is bound to the ClusterRoles: