From 0f2048422a81519aa7cfc8363f408a68c02938d8 Mon Sep 17 00:00:00 2001 From: Martijn van der Ploeg <73637849+martijnvdp@users.noreply.github.com> Date: Tue, 16 Jul 2024 02:25:55 +0200 Subject: [PATCH] fix: only set matchConditions on webhook when not empty (#3412) Signed-off-by: martijnvdp Co-authored-by: Rita Zhang --- cmd/build/helmify/main.go | 4 ++-- ...ng-webhook-configuration-mutatingwebhookconfiguration.yaml | 2 ++ ...-webhook-configuration-validatingwebhookconfiguration.yaml | 2 ++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cmd/build/helmify/main.go b/cmd/build/helmify/main.go index b64858f876b..a42754628dd 100644 --- a/cmd/build/helmify/main.go +++ b/cmd/build/helmify/main.go @@ -109,14 +109,14 @@ func (ks *kindSet) Write() error { if name == "validation.gatekeeper.sh" { matchConditions := " matchConditions: {{ toYaml .Values.validatingWebhookMatchConditions | nindent 4 }}" - replace := fmt.Sprintf(" {{- if ge (int .Capabilities.KubeVersion.Minor) 28 }}\n%s\n {{- end }}", matchConditions) + replace := fmt.Sprintf(" {{- if .Values.validatingWebhookMatchConditions }}\n {{- if ge (int .Capabilities.KubeVersion.Minor) 28 }}\n%s\n {{- end }}\n {{- end }}", matchConditions) obj = "{{- if not .Values.disableValidatingWebhook }}\n" + strings.Replace(obj, matchConditions, replace, 1) + end + "\n" fileName = fmt.Sprintf("gatekeeper-validating-webhook-configuration-%s.yaml", strings.ToLower(kind)) } if name == "mutation.gatekeeper.sh" { matchConditions := " matchConditions: {{ toYaml .Values.mutatingWebhookMatchConditions | nindent 4 }}" - replace := fmt.Sprintf(" {{- if ge (int .Capabilities.KubeVersion.Minor) 28 }}\n%s\n {{- end }}", matchConditions) + replace := fmt.Sprintf(" {{- if .Values.mutatingWebhookMatchConditions }}\n {{- if ge (int .Capabilities.KubeVersion.Minor) 28 }}\n%s\n {{- end }}\n {{- end }}", matchConditions) obj = "{{- if not .Values.disableMutation }}\n" + strings.Replace(obj, matchConditions, replace, 1) + end + "\n" fileName = fmt.Sprintf("gatekeeper-mutating-webhook-configuration-%s.yaml", strings.ToLower(kind)) } diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml index 7ed48331776..e23dc839773 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml @@ -24,9 +24,11 @@ webhooks: path: /v1/mutate {{- end }} failurePolicy: {{ .Values.mutatingWebhookFailurePolicy }} + {{- if .Values.mutatingWebhookMatchConditions }} {{- if ge (int .Capabilities.KubeVersion.Minor) 28 }} matchConditions: {{ toYaml .Values.mutatingWebhookMatchConditions | nindent 4 }} {{- end }} + {{- end }} matchPolicy: Exact name: mutation.gatekeeper.sh namespaceSelector: diff --git a/manifest_staging/charts/gatekeeper/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/manifest_staging/charts/gatekeeper/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml index c8dbc8f0daa..3e89b14a5d4 100644 --- a/manifest_staging/charts/gatekeeper/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml +++ b/manifest_staging/charts/gatekeeper/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml @@ -24,9 +24,11 @@ webhooks: path: /v1/admit {{- end }} failurePolicy: {{ .Values.validatingWebhookFailurePolicy }} + {{- if .Values.validatingWebhookMatchConditions }} {{- if ge (int .Capabilities.KubeVersion.Minor) 28 }} matchConditions: {{ toYaml .Values.validatingWebhookMatchConditions | nindent 4 }} {{- end }} + {{- end }} matchPolicy: Exact name: validation.gatekeeper.sh namespaceSelector: