feat(webhook): add namespaceSelector from values (#794)

* feat(webhook): add namespaceSelector from values Signed-off-by: Matias Charriere <[email protected]> * docs: update changelog and readme Signed-off-by: Matias Charriere <[email protected]> * docs: add link in Readme Signed-off-by: Matias Charriere <[email protected]> --------- Signed-off-by: Matias Charriere <[email protected]>
Kong · May 11, 2023 · c378aa9 · c378aa9
1 parent 06d9501
commit c378aa9
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 0 deletions.
diff --git a/charts/kong/CHANGELOG.md b/charts/kong/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## Unreleased
+
+### Improvements
+
+* Customize Admission Webhook namespaceSelectors and compose them from values.
+ [#794](https:/Kong/charts/pull/794)
+
 ## 2.20.2
 
 ### Fixed 

diff --git a/charts/kong/README.md b/charts/kong/README.md
@@ -736,6 +736,7 @@ section of `values.yaml` file:
 | admissionWebhook.certificate.provided | Use a provided certificate. When set to false, the chart will automatically generate a certificate. | false |
 | admissionWebhook.certificate.secretName | Name of the TLS secret for the provided webhook certificate | |
 | admissionWebhook.certificate.caBundle | PEM encoded CA bundle which will be used to validate the provided webhook certificate | |
+| admissionWebhook.namespaceSelector | Add namespaceSelector to the webhook. Please go to [Kubernetes doc for the specs](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector) | |
 | userDefinedVolumes | Create volumes. Please go to Kubernetes doc for the spec of the volumes | |
 | userDefinedVolumeMounts | Create volumeMounts. Please go to Kubernetes doc for the spec of the volumeMounts | |
 | terminationGracePeriodSeconds | Sets the [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution) for Deployment pod | 30 |

diff --git a/charts/kong/templates/admission-webhook.yaml b/charts/kong/templates/admission-webhook.yaml
@@ -42,6 +42,10 @@ metadata:
  {{- end }}
 webhooks:
 - name: validations.kong.konghq.com
+ {{- with .Values.ingressController.admissionWebhook.namespaceSelector }}
+ namespaceSelector:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
  objectSelector:
  matchExpressions:
  - key: owner

diff --git a/charts/kong/values.yaml b/charts/kong/values.yaml
@@ -533,6 +533,7 @@ ingressController:
  port: 8080
  certificate:
  provided: false
+ namespaceSelector: {}
  # Specifiy the secretName when the certificate is provided via a TLS secret
  # secretName: ""
  # Specifiy the CA bundle of the provided certificate.