{{/* Make sure all variables are set properly */}}
{{- include "k8s-ycl.init" . -}}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: {{ include "bjw-s.common.lib.chart.names.fullname" . | quote }}
  {{- with (include "bjw-s.common.lib.metadata.allLabels" $ | fromYaml) }}
  labels: {{- toYaml . | nindent 4 }}
  {{- end }}
  annotations:
    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "k8s-ycl.servingCertificate" . }}"
webhooks:
  - name: "{{ include "bjw-s.common.lib.chart.names.fullname" . }}.svc.cluster.local"
    namespaceSelector:
      matchExpressions:
      - key: kubernetes.io/metadata.name
        operator: NotIn
        values: {{ include "k8s-ycl.ignoredNamespaces" . | nindent  10 }}
    clientConfig:
      service:
        namespace: {{ .Release.Namespace | quote }}
        name: {{ include "bjw-s.common.lib.chart.names.fullname" . }}-webhook
        path: {{ include "k8s-ycl.webhookPath" . }}
        port: {{ include "k8s-ycl.webhookPort" . }}
    failurePolicy: Fail
    admissionReviewVersions: ["v1", "v1beta1"]
    sideEffects: None
    timeoutSeconds: 5
    rules:
      - apiGroups:
        - ""
        apiVersions:
        - v1
        operations:
        - CREATE
        - UPDATE
        resources:
        - pods