openbao-helm/templates/injector-mutating-webhook.yaml

{{- if and (eq (.Values.injector.enabled | toString) "true" ) (eq (.Values.global.enabled | toString) "true") }}
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
  name: {{ template "vault.fullname" . }}-agent-injector-cfg
  labels:
    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
  - name: vault.hashicorp.com
    clientConfig:
      service:
        name: {{ template "vault.fullname" . }}-agent-injector-svc
        namespace: {{ .Release.Namespace }}
        path: "/mutate"
      caBundle: {{ .Values.injector.certs.caBundle | quote }}
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: [""]
        apiVersions: ["v1"]
        resources: ["pods"]
{{- if .Values.injector.namespaceSelector }}
    namespaceSelector:
{{ toYaml .Values.injector.namespaceSelector | indent 6}}
{{ end }}
{{ end }}
Add vault agent injector (#150) * Add vault agent injector * Fix bug with agent image env * Fix terraform GKE code * Cleanup label * Improve test reliablity * Lower sleep times in tests * Standardize image values * Update values * Update vault tag 2019-12-19 15:57:51 +00:00			`{{- if and (eq (.Values.injector.enabled \| toString) "true" ) (eq (.Values.global.enabled \| toString) "true") }}`
			`apiVersion: admissionregistration.k8s.io/v1beta1`
			`kind: MutatingWebhookConfiguration`
			`metadata:`
			`name: {{ template "vault.fullname" . }}-agent-injector-cfg`
			`labels:`
			`app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector`
			`app.kubernetes.io/instance: {{ .Release.Name }}`
			`app.kubernetes.io/managed-by: {{ .Release.Service }}`
			`webhooks:`
			`- name: vault.hashicorp.com`
			`clientConfig:`
			`service:`
			`name: {{ template "vault.fullname" . }}-agent-injector-svc`
			`namespace: {{ .Release.Namespace }}`
			`path: "/mutate"`
Force caBundle to always be quoted (#352) This fixes issues when you do not provide a value for caBundle that causes validation issues. 2020-07-14 13:53:33 +00:00			`caBundle: {{ .Values.injector.certs.caBundle \| quote }}`
Add vault agent injector (#150) * Add vault agent injector * Fix bug with agent image env * Fix terraform GKE code * Cleanup label * Improve test reliablity * Lower sleep times in tests * Standardize image values * Update values * Update vault tag 2019-12-19 15:57:51 +00:00			`rules:`
			`- operations: ["CREATE", "UPDATE"]`
			`apiGroups: [""]`
			`apiVersions: ["v1"]`
			`resources: ["pods"]`
			`{{- if .Values.injector.namespaceSelector }}`
			`namespaceSelector:`
			`{{ toYaml .Values.injector.namespaceSelector \| indent 6}}`
			`{{ end }}`
			`{{ end }}`