More configuration options for the validatingwebhookconfiguration (#64)

* chore: complete validatingwebhookconfiguration The validating webhook configuration is missing some fields, which are automatically completed by k8s. Those missing fields can sometimes mess up gitops operators, which strictly check which fields are present or not Signed-off-by: Bruno Bressi <[email protected]> * chore: added more fields & default values Signed-off-by: Bruno Bressi <[email protected]> * fix: readded objectSelector in the correct place Signed-off-by: Bruno Bressi <[email protected]> * chore: bumped to stable Signed-off-by: Bruno Bressi <[email protected]> * chore: removed unneeded docker variables Signed-off-by: Bruno Bressi <[email protected]> --------- Signed-off-by: Bruno Bressi <[email protected]>
eumel8 · Nov 14, 2024 · 712208a · 712208a
1 parent 4e18454
commit 712208a
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 8 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,3 @@
-# build stage
 FROM golang:1.23 AS build-env
 WORKDIR /app
 COPY  . /app

diff --git a/Makefile b/Makefile
@@ -74,3 +74,16 @@ e2e-cleanup:
 	@k3d cluster delete cosign-tests || echo "Deleting cosign tests k3d cluster failed. Continuing..."
 	@rm -f cosign.pub cosign.key second.pub second.key || echo "Removing files failed. Continuing..."
 	@echo "Done."
+
+#############
+### CHART ###
+#############
+
+.PHONY: chart-lint chart
+chart-lint:
+	@echo "Linting chart..."
+	@helm lint chart
+
+chart:
+	@echo "Packaging chart..."
+	@helm package chart
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -2,12 +2,12 @@ apiVersion: v2
 name: cosignwebhook
 description: A Helm chart for Cosign Webhook Admission Controller
 type: application
-version: 4.1.0
+version: 4.1.1
 appVersion: "4.3.0"
 maintainers:
-  - name: eumel8
-    email: [email protected]
-    url: https://www.telekom.com
-  - name: puffitos
-    email: [email protected]
-    url: https://www.telekom.com
+- name: eumel8
+  email: [email protected]
+  url: https://www.telekom.com
+- name: puffitos
+  email: [email protected]
+  url: https://www.telekom.com
diff --git a/chart/templates/admission.yaml b/chart/templates/admission.yaml
@@ -21,6 +21,7 @@ webhooks:
   - admissionReviewVersions:
     - v1
     name: {{ .Values.admission.webhook.name }}
+    matchPolicy: {{ .Values.admission.matchPolicy }}
     namespaceSelector:
       matchExpressions:
         - key: kubernetes.io/metadata.name
@@ -31,11 +32,15 @@ webhooks:
         name: {{ include "cosignwebhook.fullname" . }}
         namespace: {{ .Release.Namespace | default "default" }}
         path: "/validate"
+        port: 443
       caBundle: {{ $ca.Cert | b64enc }}
     rules:
       - operations: ["CREATE","UPDATE"]
         apiGroups: [""]
         apiVersions: ["v1"]
         resources: ["pods"]
+        scope: "*"
+    objectSelector: {}
     failurePolicy: {{ .Values.admission.failurePolicy }}
     sideEffects: {{ .Values.admission.sideEffects }}
+    timeoutSeconds: {{ .Values.admission.timeoutSeconds }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -25,6 +25,9 @@ admission:
     name: webhook.example.com
   # list of excluded namespaces, comma-separated
   # exclude: default, kube-system, cattle-system
+  exclude: ""
+  matchPolicy: Equivalent
+  timeoutSeconds: 10
 
 podAnnotations: {}