diff options
Diffstat (limited to 'kud/deployment_infra/helm/sdewan_controllers/templates/webhook.yaml')
-rw-r--r-- | kud/deployment_infra/helm/sdewan_controllers/templates/webhook.yaml | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/sdewan_controllers/templates/webhook.yaml b/kud/deployment_infra/helm/sdewan_controllers/templates/webhook.yaml new file mode 100644 index 00000000..c7d16598 --- /dev/null +++ b/kud/deployment_infra/helm/sdewan_controllers/templates/webhook.yaml @@ -0,0 +1,80 @@ +#/* Copyright 2020 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ + +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: sdewan-system/sdewan-serving-cert + creationTimestamp: null + name: sdewan-validating-webhook-configuration +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: sdewan-webhook-service + namespace: {{ .Values.namespace }} + path: /validate-sdewan-bucket-permission + failurePolicy: Fail + name: validate-sdewan-bucket.akraino.org + rules: + - apiGroups: + - batch.sdewan.akraino.org + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - mwan3policies + - mwan3rules + - firewallzones + - firewallforwardings + - firewallrules + - firewallsnats + - firewalldnats + - ipsecproposals + - ipsechosts + - ipsecsites +- clientConfig: + caBundle: Cg== + service: + name: sdewan-webhook-service + namespace: {{ .Values.namespace }} + path: /validate-label + failurePolicy: Fail + name: validate-label.akraino.org + rules: + - apiGroups: + - apps + - batch.sdewan.akraino.org + apiVersions: + - v1 + - v1alpha1 + operations: + - UPDATE + resources: + - deployments + - mwan3policies + - mwan3rules + - firewallzones + - firewallforwardings + - firewallrules + - firewallsnats + - firewalldnats + - ipsecproposals + - ipsechosts |