helm: add field for webhook namespace selector (kubernetes-sigs#2724)

Signed-off-by: Ismayil Mirzali <ismayilmirzeli@gmail.com>
adammw · Nov 9, 2023 · c7a1e7d · c7a1e7d
1 parent a6413b7
commit c7a1e7d
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 0 deletions.
diff --git a/helm/aws-load-balancer-controller/README.md b/helm/aws-load-balancer-controller/README.md
@@ -208,6 +208,7 @@ The default values set by the application itself can be confirmed [here](https:/
 | `webhookTLS.caCert`                            | TLS CA certificate for webhook (auto-generated if not provided)                                          | ""                                                                                 |
 | `webhookTLS.cert`                              | TLS certificate for webhook (auto-generated if not provided)                                             | ""                                                                                 |
 | `webhookTLS.key`                               | TLS private key for webhook (auto-generated if not provided)                                             | ""                                                                                 |
+| `webhookNamespaceSelectors`                    | Namespace selectors for the wekbook | None
 | `keepTLSSecret`                                | Reuse existing TLS Secret during chart upgrade                                                           | `true`                                                                             |
 | `serviceAnnotations`                           | Annotations to be added to the provisioned webhook service resource                                      | `{}`                                                                               |
 | `serviceMaxConcurrentReconciles`               | Maximum number of concurrently running reconcile loops for service                                       | None                                                                               |

diff --git a/helm/aws-load-balancer-controller/templates/webhook.yaml b/helm/aws-load-balancer-controller/templates/webhook.yaml
@@ -25,10 +25,14 @@ webhooks:
   - v1beta1
   namespaceSelector:
     matchExpressions:
+    {{ if .Values.webhookNamespaceSelector }}
+    {{ toYaml .Values.webhookNamespaceSelectors | nindent 4 }}
+    {{ else }}
     - key: elbv2.k8s.aws/pod-readiness-gate-inject
       operator: In
       values:
       - enabled
+    {{ end }}
   objectSelector:
     matchExpressions:
     - key: app.kubernetes.io/name

diff --git a/helm/aws-load-balancer-controller/values.yaml b/helm/aws-load-balancer-controller/values.yaml
@@ -173,6 +173,13 @@ webhookTLS:
   cert:
   key:
 
+# array of namespace selectors for the webhook
+webhookNamespaceSelector:
+# - key: elbv2.k8s.aws/pod-readiness-gate-inject
+#   operator: In
+#   values:
+#   - enabled
+
 # keepTLSSecret specifies whether to reuse existing TLS secret for chart upgrade
 keepTLSSecret: true