1apiVersion: cert-manager.io/v1
2kind: Certificate
3metadata:
4 name: tolerator-certificate
5 namespace: tolerator
6spec:
7 dnsNames:
8 - tolerator.tolerator.svc
9 issuerRef:
10 name: selfsigned
11 secretName: tolerator-webhook-certificate
12---
13apiVersion: cert-manager.io/v1
14kind: Issuer
15metadata:
16 name: selfsigned
17 namespace: tolerator
18spec:
19 selfSigned: {}
20---
21apiVersion: admissionregistration.k8s.io/v1
22kind: MutatingWebhookConfiguration
23metadata:
24 name: tolerator-webhook
25 annotations:
26 cert-manager.io/inject-ca-from: tolerator/tolerator-certificate
27webhooks:
28- name: tolerator.tolerator.svc
29 admissionReviewVersions:
30 - v1
31 - v1beta1
32 clientConfig:
33 service:
34 name: tolerator
35 namespace: tolerator
36 port: 443
37 path: /inject
38 failurePolicy: Ignore
39 matchPolicy: Equivalent
40 namespaceSelector:
41 matchExpressions:
42 - key: webhook
43 operator: NotIn
44 values:
45 - tolerator
46 objectSelector: {}
47 reinvocationPolicy: Never
48 rules:
49 - resources:
50 - pods
51 apiGroups:
52 - ""
53 apiVersions:
54 - v1
55 operations:
56 - CREATE
57 - UPDATE
58 scope: '*'
59 sideEffects: None
View as plain text