Michal.Wrobel/openbao-helm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add objectSelector to webhookconfiguration (#456)

Browse source
This commit is contained in:
guru1306 2021-02-20 09:32:04 +05:30 committed by GitHub
parent 84a1dd9fbe
commit 690ee410ef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 36 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
templates/injector-mutating-webhook.yaml
View file

@ -32,6 +32,10 @@ webhooks:
namespaceSelector:
{{ toYaml .Values.injector.namespaceSelector | indent 6}}
{{ end }}
{{- if .Values.injector.objectSelector }}
objectSelector:
{{ toYaml .Values.injector.objectSelector | indent 6}}
{{ end }}
{{- with .Values.injector.failurePolicy }}
failurePolicy: {{.}}
{{ end }}

23
test/unit/injector-mutating-webhook.bats
View file

@ -76,6 +76,29 @@ load _helpers
[ "${actual}" = "true" ]
}
@test "injector/MutatingWebhookConfiguration: objectSelector empty by default" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-mutating-webhook.yaml \
--set 'injector.enabled=true' \
--namespace foo \
. | tee /dev/stderr |
yq '.webhooks[0].objectSelector' | tee /dev/stderr)
[ "${actual}" = "null" ]
}
@test "injector/MutatingWebhookConfiguration: can set objectSelector" {
cd `chart_dir`
local actual=$(helm template \
--show-only templates/injector-mutating-webhook.yaml \
--set 'injector.enabled=true' \
--set 'injector.objectSelector.matchLabels.injector=true' \
. | tee /dev/stderr |
yq '.webhooks[0].objectSelector.matchLabels.injector' | tee /dev/stderr)
[ "${actual}" = "true" ]
}
@test "injector/MutatingWebhookConfiguration: failurePolicy 'Ignore' by default" {
cd `chart_dir`
local actual=$(helm template \

9
values.yaml
View file

@ -80,6 +80,15 @@ injector:
# matchLabels:
# sidecar-injector: enabled
namespaceSelector: {}
# objectSelector is the selector for restricting the webhook to only
# specific labels.
# See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
# for more details.
# Example:
# objectSelector:
# matchLabels:
# vault-sidecar-injector: enabled
objectSelector: {}
# Configures failurePolicy of the webhook. The "unspecified" default behaviour deoends on the
# API Version of the WebHook.