skipper: add config to enable ingress validation webhook

Followup on #6341 Signed-off-by: Alexander Yastrebov <[email protected]>
zalando-incubator · Aug 24, 2023 · e758285 · e758285
1 parent 1b0d57e
commit e758285
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
@@ -246,6 +246,9 @@ skipper_serve_status_code_metric: "false"
 # can be one of disabled|provisioned|enabled
 routegroups_validation: "enabled"
 
+# disabled|enabled ingress validation ( skipper webhook )
+ingresses_validation: "disabled"
+
 # tokeninfo
 {{if eq .Cluster.Environment "production"}}
 # production|bridge|disabled

diff --git a/...dmission-control/routegroups-webhook.yaml → ...01-admission-control/skipper-webhook.yaml b/...dmission-control/routegroups-webhook.yaml → ...01-admission-control/skipper-webhook.yaml
@@ -6,7 +6,7 @@ metadata:
     application: skipper-ingress
     component: webhook
 webhooks:
-{{ if eq .Cluster.ConfigItems.routegroups_validation "enabled" }}
+  # {{ if eq .Cluster.ConfigItems.routegroups_validation "enabled" }}
   - name: "routegroup-admitter.teapot.zalan.do"
     rules:
       - operations: ["CREATE", "UPDATE"]
@@ -19,7 +19,8 @@ webhooks:
     admissionReviewVersions: ["v1"]
     sideEffects: None
     timeoutSeconds: 5
-{{ end }}
+  # {{ end }}
+  # {{ if eq .Cluster.ConfigItems.ingresses_validation "enabled" }}
   - name: "ingress-admitter.teapot.zalan.do"
     rules:
       - operations: ["CREATE", "UPDATE"]
@@ -31,4 +32,5 @@ webhooks:
       caBundle: "{{ .ConfigItems.ca_cert_decompressed }}"
     admissionReviewVersions: ["v1"]
     sideEffects: None
-    timeoutSeconds: 5 
+    timeoutSeconds: 5
+  # {{ end }}