Add configurable failurePolicy for injector's webhook

Fixes #399
hashicorp · Oct 12, 2020 · 8fbf1ae · 8fbf1ae
1 parent 5242cfe
commit 8fbf1ae
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/templates/injector-mutating-webhook.yaml b/templates/injector-mutating-webhook.yaml
@@ -24,4 +24,7 @@ webhooks:
     namespaceSelector:
 {{ toYaml .Values.injector.namespaceSelector | indent 6}}
 {{ end }}
+{{- with .Values.injector.failurePolicy }}
+    failurePolicy: {{.}}
+{{ end }}
 {{ end }}
diff --git a/values.yaml b/values.yaml
@@ -70,6 +70,12 @@ injector:
   #      sidecar-injector: enabled
   namespaceSelector: {}
 
+  # Configures failurePolicy of the webhook. By default webhook failures are ignored. 
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  # failurePolcy: Fail
+
   certs:
     # secretName is the name of the secret that has the TLS certificate and
     # private key to serve the injector webhook. If this is null, then the