68 lines
1.3 KiB
YAML
68 lines
1.3 KiB
YAML
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: jenkins-webhook-certificate
|
|
namespace: default
|
|
spec:
|
|
duration: 2160h
|
|
renewBefore: 360h
|
|
secretName: jenkins-webhook-certificate
|
|
dnsNames:
|
|
- jenkins-webhook-service.default.svc
|
|
- jenkins-webhook-service.default.svc.cluster.local
|
|
issuerRef:
|
|
kind: Issuer
|
|
name: selfsigned
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: selfsigned
|
|
namespace: default
|
|
spec:
|
|
selfSigned: {}
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingWebhookConfiguration
|
|
metadata:
|
|
name: jenkins-webhook
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: default/jenkins-webhook-certificate
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
- v1beta1
|
|
clientConfig:
|
|
service:
|
|
name: jenkins-webhook-service
|
|
namespace: default
|
|
path: /validate-jenkins-io-v1alpha2-jenkins
|
|
failurePolicy: Fail
|
|
name: vjenkins.kb.io
|
|
timeoutSeconds: 30
|
|
rules:
|
|
- apiGroups:
|
|
- jenkins.io
|
|
apiVersions:
|
|
- v1alpha2
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- jenkins
|
|
scope: "Namespaced"
|
|
sideEffects: None
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: jenkins-webhook-service
|
|
namespace: default
|
|
spec:
|
|
ports:
|
|
- port: 443
|
|
targetPort: 9443
|
|
selector:
|
|
control-plane: controller-manager
|
|
---
|