From d7ae8d8bc38667ba0f19fab2e9cce9ff56cdf5b1 Mon Sep 17 00:00:00 2001
From: Md Soharab Ansari <soharab.ansari@infracloud.io>
Date: Fri, 17 May 2024 12:37:13 +0530
Subject: [PATCH] Added validating webhook template for serviceexport object

Signed-off-by: Md Soharab Ansari <soharab.ansari@infracloud.io>
---
 .../kubeslice-worker/templates/webhook.yaml   | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/charts/kubeslice-worker/templates/webhook.yaml b/charts/kubeslice-worker/templates/webhook.yaml
index 39de641..cbee59a 100644
--- a/charts/kubeslice-worker/templates/webhook.yaml
+++ b/charts/kubeslice-worker/templates/webhook.yaml
@@ -74,3 +74,49 @@ webhooks:
       - spire
       - {{ .Release.Namespace | quote }}
       - {{ .Values.controllerNamespace | quote }}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  creationTimestamp: null
+  name: kubeslice-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    caBundle: {{ $ca.Cert | b64enc }}
+    service:
+      name: kubeslice-webhook-service
+      namespace: {{ .Release.Namespace }}
+      path: /validate-webhook
+  failurePolicy: Fail
+  name: webhook.kubeslice.io
+  rules:
+  - apiGroups:
+    - networking.kubeslice.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - serviceexports
+  sideEffects: NoneOnDryRun
+  namespaceSelector:
+    matchExpressions:
+    - key: kubeslice.io/slice
+      operator: Exists
+    - key: name
+      operator: NotIn
+      values:
+      - kube-system
+      - spire
+      - {{ .Release.Namespace | quote}}
+      - {{ .Values.controllerNamespace | quote }}
+    - key: kubernetes.io/metadata.name
+      operator: NotIn
+      values:
+      - kube-system
+      - spire
+      - {{ .Release.Namespace | quote }}
+      - {{ .Values.controllerNamespace | quote }}
\ No newline at end of file