add ingress nginx webhook (#9033)

* add ingress nginx webhook * fix ingress nginx template
2026-03-10 20:29:18 +03:00 · 2022-06-29 02:55:35 +08:00
parent d4de9d096f
commit e8ccbebd6f
16 changed files with 249 additions and 1 deletions
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -65,6 +65,11 @@ spec:
 {% for extra_arg in ingress_nginx_extra_args %}
            - {{ extra_arg }}
 {% endfor %}
+{% if ingress_nginx_webhook_enabled %}
+            - --validating-webhook=:8443
+            - --validating-webhook-certificate=/usr/local/certificates/cert
+            - --validating-webhook-key=/usr/local/certificates/key
+{% endif %}
          securityContext:
            capabilities:
                drop:
@@ -96,6 +101,11 @@ spec:
              containerPort: 10254
 {% if not ingress_nginx_host_network %}
              hostPort: {{ ingress_nginx_metrics_port }}
+{% endif %}
+{% if ingress_nginx_webhook_enabled %}
+            - name: webhook
+              containerPort: 8443
+              protocol: TCP
 {% endif %}
          livenessProbe:
            failureThreshold: 3
@@ -118,3 +128,15 @@ spec:
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 3
+{% if ingress_nginx_webhook_enabled %}
+          volumeMounts:
+            - mountPath: /usr/local/certificates/
+              name: webhook-cert
+              readOnly: true
+{% endif %}
+{% if ingress_nginx_webhook_enabled %}
+      volumes:
+        - name: webhook-cert
+          secret:
+            secretName: ingress-nginx-admission
+{% endif %}