diff --git a/templates/injector-mutating-webhook.yaml b/templates/injector-mutating-webhook.yaml index 141798686..db8c337d7 100644 --- a/templates/injector-mutating-webhook.yaml +++ b/templates/injector-mutating-webhook.yaml @@ -24,4 +24,7 @@ webhooks: namespaceSelector: {{ toYaml .Values.injector.namespaceSelector | indent 6}} {{ end }} +{{- with .Values.injector.failurePolicy }} + failurePolicy: {{.}} +{{ end }} {{ end }} diff --git a/values.yaml b/values.yaml index 538cb3a4f..11a7315d4 100644 --- a/values.yaml +++ b/values.yaml @@ -70,6 +70,12 @@ injector: # sidecar-injector: enabled namespaceSelector: {} + # Configures failurePolicy of the webhook. By default webhook failures are ignored. + # To block pod creation while webhook is unavailable, set the policy to `Fail` below. + # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy + # + # failurePolcy: Fail + certs: # secretName is the name of the secret that has the TLS certificate and # private key to serve the injector webhook. If this is null, then the