1
0
Fork 0
distrust-stack/kustomizations/ingress-nginx/webhook/resources.yaml

50 lines
1.1 KiB
YAML

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ingress-nginx-admission
spec:
dnsNames:
- ingress-nginx-controller-admission
- ingress-nginx-controller-admission.default.svc
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: ingress-nginx-admission
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: ingress-nginx-admission
annotations:
cert-manager.io/inject-ca-from: default/ingress-nginx-admission
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: ingress-nginx-controller-admission
namespace: default
path: /networking/v1/ingresses
failurePolicy: Fail
matchPolicy: Equivalent
name: validate.nginx.ingress.kubernetes.io
rules:
- apiGroups:
- networking.k8s.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- ingresses
sideEffects: None
timeoutSeconds: 29