deploy/timescaledb/stackgres-operator/templates/mutating-webhook-configuration.yaml

{{- $cert := "Cg==" }}
{{- $certSecret := lookup "v1" "Secret" .Release.Namespace (include "cert-name" .) }}
{{- if $certSecret }}
{{- if (index $certSecret.data "tls.crt") }}
{{- $cert = (index $certSecret.data "tls.crt") }}
{{- end }}
{{- end }}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
{{- with .Values.clusterOwnerRefereces }}
  ownerReferences:
    {{- toYaml . | nindent 4 }}
{{- end }}
  name: {{ .Release.Name }}
  namespace: {{ .Release.Namespace }}
  {{- with (.Values.webhooks).annotations }}
  annotations:
    {{ toYaml . | nindent 4 }}
  {{- end }}
webhooks:
  - name: sgcluster.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgclusters"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgcluster'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgpgconfig.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgpgconfigs"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgpgconfig'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgpoolconfig.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgpoolconfigs"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgpoolconfig'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sginstanceprofile.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sginstanceprofiles"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sginstanceprofile'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgbackupconfig.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgbackupconfigs"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgbackupconfig'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgbackup.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgbackups"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgbackup'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgdistributedlogs.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgdistributedlogs"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgdistributedlogs'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgdbops.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgdbops"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgdbops'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgobjectstorage.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgobjectstorages"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgobjectstorage'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgscripts.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgscripts"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgscript'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgshardedclusters.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgshardedclusters"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgshardedcluster'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgshardedbackups.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgshardedbackups"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgshardedbackup'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgshardeddbops.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgshardeddbops"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgshardeddbops'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}
  - name: sgstreams.mutating-webhook.stackgres.io
    sideEffects: None
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["stackgres.io"]
        apiVersions: ["*"]
        resources: ["sgstreams"]
    failurePolicy: Fail
    clientConfig:
      service:
        namespace: {{ .Release.Namespace }}
        name: {{ .Release.Name }}
        path: '/stackgres/mutation/sgstreams'
      caBundle: {{ $cert }}
    admissionReviewVersions: ["v1"]
    {{- if .Values.allowedNamespaces }}
    namespaceSelector:
      matchLabels:
        stackgres.io/scope: {{ .Release.Namespace }}.{{ .Release.Name }}
    {{- else if .Values.allowedNamespaceLabelSelector }}
    namespaceSelector:
      matchLabels:
        {{ toYaml .Values.allowedNamespaceLabelSelector | nindent 8 }}
    {{- end }}