chore: add webhook configuration to dev kustomizations (Kong#5168)

config/components/manager_dev_webhook/kustomization.yaml

@@ -0,0 +1,12 @@
+# This is a kustomize Component which deploys KIC's admission webhook configuration
+# with a static certificate and key for ease of use.
+# This is not meant to be used in production!
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+resources:
+- ./validating_webhook_configuration.yaml
+- ./manager_webhook_secret.yaml
+
+patches:
+- path: manager_webhook_listen_patch.yaml

config/components/manager_dev_webhook/manager_webhook_listen_patch.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: ingress-kong
+  name: ingress-kong
+  namespace: kong
+spec:
+  template:
+    spec:
+      containers:
+      - name: ingress-controller
+        env:
+        - name: CONTROLLER_ADMISSION_WEBHOOK_LISTEN
+          value: :8080
+        volumeMounts:
+        - mountPath: /admission-webhook
+          name: validation-webhook
+      volumes:
+      - name: validation-webhook
+        secret:
+          secretName: kong-validation-webhook

config/components/manager_dev_webhook/manager_webhook_secret.yaml

@@ -0,0 +1,10 @@
+# This file contains static certificate and key for KIC's admission webhook.
+# This is provided for ease of use and is not meant to be used in production.
+apiVersion: v1
+data:
+  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURWRENDQWp5Z0F3SUJBZ0lVTUw1UEVFakNkdkg1VjdrQjRueXIySVNISVFRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0t6RXBNQ2NHQTFVRUF3d2dhMjl1WnkxMllXeHBaR0YwYVc5dUxYZGxZbWh2YjJzdWEyOXVaeTV6ZG1NdwpIaGNOTWpNeE1URTFNVEl5TXpNeldoY05NalF4TVRFME1USXlNek16V2pBck1Ta3dKd1lEVlFRRERDQnJiMjVuCkxYWmhiR2xrWVhScGIyNHRkMlZpYUc5dmF5NXJiMjVuTG5OMll6Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFJbmc4VEdvL0ZGU3NoWitidWltY1Y1Vk9xMnYrT2xGRFFlMGVUSEp4Uk04QUtodAo0NmNTMkpQVjA1MFlLc3JzajN1M3EwMU1wZ3NzdENsS1ptWk0rYjhjcllyOUhhcE5GTmx1TUxCb1BDR1ZBcUcxCjBQVWJFTzRhUUxoeDhiQTJ4OFFYSkhLWEpzVVFqYzF3MkhmV2xPUXNJYzJBU3Vqd2t5TWJGcUNQNHRramhXWWEKU3VYNktOOXZ5RG1HZG5zWWc2dm02dEJmeWVkUWdMdmlXQ3FPN0VEMjJTd2tycFV1bWg2dzJWQ2FwTnlTQW82RAozT0QrWUFyT2p4ajF1L3g2N28xSXVnVVBFa25zakFmcTVGWGNEcWlYUldGU2tGOThVL1BEQ2V3RGp4WXgyWHhmCkJ3OFRnaW8zekhJaThOeStkQmpDOHRpQzBPVW4xcjNvREhDVytvOENBd0VBQWFOd01HNHdLd1lEVlIwUkJDUXcKSW9JZ2EyOXVaeTEyWVd4cFpHRjBhVzl1TFhkbFltaHZiMnN1YTI5dVp5NXpkbU13Q3dZRFZSMFBCQVFEQWdlQQpNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUIwR0ExVWREZ1FXQkJTWnF3dHFzZFVoZ3F2b2ViNnRmelN0Cm5FUk1EakFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWk83eDd3YU51TDZZRlFoT09pQUFJL2VGdGNqZGFEbisKcENqdWRtSEpUNllTK2l2NitWemVDMEZ2cmVqdGhlak1pV3orYTVLaUE2d2tZUXBvRzNYVkQ4azlCR25hMmFaSQpBaWtGT0MvM09uWHpwd0FZcFNNVTRIM3cvK0M1bGY3eVdoUE1jMExHNDRNMm96SHhhR21paDB6ZHpEcitObnF2CjJwdG8vVW9BelBXcVBrV2FnTUliRzVHSkFFZCtvaUthRU9xSVQ3R0lsbkhzQTI4STlBQThzMzNqL25XQ2VyY0sKZ3NqeWR5SVFmTVljY0c1L2E0T0FHeUFTcXd3TGo2Mys1TzB1V29JYzYwcy9aemZ3bkt0VDlLNmN5Ymh4T25ZZwpmVEhCdkx0emNxQjZZTldqUTk2ZFNmak4vVlkzLzZnaG5wYWVSSTNPWjVzWEU4MWpNSU9SNlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ0o0UEV4cVB4UlVySVcKZm03b3BuRmVWVHF0ci9qcFJRMEh0SGt4eWNVVFBBQ29iZU9uRXRpVDFkT2RHQ3JLN0k5N3Q2dE5US1lMTExRcApTbVptVFBtL0hLMksvUjJxVFJUWmJqQ3dhRHdobFFLaHRkRDFHeER1R2tDNGNmR3dOc2ZFRnlSeWx5YkZFSTNOCmNOaDMxcFRrTENITmdFcm84Sk1qR3hhZ2orTFpJNFZtR2tybCtpamZiOGc1aG5aN0dJT3I1dXJRWDhublVJQzcKNGxncWp1eEE5dGtzSks2Vkxwb2VzTmxRbXFUY2tnS09nOXpnL21BS3pvOFk5YnY4ZXU2TlNMb0ZEeEpKN0l3SAo2dVJWM0E2b2wwVmhVcEJmZkZQend3bnNBNDhXTWRsOFh3Y1BFNElxTjh4eUl2RGN2blFZd3ZMWWd0RGxKOWE5CjZBeHdsdnFQQWdNQkFBRUNnZ0VBQlRodTc5bzNoUmNrUnFpT2RIcWRwWFllcWFZVmNnRTdHbmd1UVBRa01lYlgKNXJ2ZzBjQnJoYWlqOUxsYTdXN1BJL2cvdXNhSCtoL3dML1drTW9QTXpwWFYvUnc1aUxnd2JiUHE5NSs5NitoagpjYmhvYXpYSWlvVDZ2NDNmVFdlNytwZFJ1aXFZSTh6TlFhOTVoZkdxTUZWNm92aEhrUVVjZHE4M1NFOEtYLzNqCmZCakFtbG5weVFLZEZKRFBZSTQwaFdkSlppd05HNnl1WVd0RjR2Zjk5Y3hHaHBreFhYZVRRZ2hTcGNVbFNrVzgKK2M0VVNxeU9rem10bFUxRzh1dzdIK0h0QmY4dlZwVDR5U1oxaHFEeWhBSkdxcDIrN1g2MTZDZmw0STYxckZEeQpZMG5ZdWxFTmsvNWhZSmllZkhFUlhRNE5aUGFLK3UyTW1EbkhDZGNpdVFLQmdRQytYZlZ1N1FsL2VCaWNyeXdQCnVDMmR5SjdiSUgwb1pDclhqUlRIS1JZTHZYajFtdTE5U0RjQVIzenAvL1UyWWpscW56SGc3VUJNVnlZWmxCN0oKb0ZMcGJwNnJIME9kK0llcisvZGl5MnBjTnZaMmZjVkdJTjZsZmk1T1FVWmJxOGt4K1NhRDZOcmJZeWQwL3JNWAp2NmppaEVldDQ0ZTVUTnljc2Vsa0xZRVl0UUtCZ1FDNWFrczA2YTRRTlM0NVRoMVZCU2NwSEdUdFkxbXkyaU9jCnl0bEdmbXV0ekNqSWwzU1BkMEJjeVFlVnpCamo5cGtoVVpKRXEyQXdmTVIxTmlNZTAwRktpak55SWRaZ1RvNVAKaEZmV3hNOE1mamNvSTlMMFhSdTdQc2NqS0svNHV6VWtjZUtTY1VtNTY3Rk9mNWNsZmh1WDF3WGhWalpneTVpVworNWdQa254a3N3S0JnUUM4eTZweGpKdnkwMFIxZ0RVT2tmYUxtVUFTeWpIV01TRmNEUXNpU2RrWFk1M20xdlBaCllCbE1LWm4wNkdoa3V4MStaTXV1Nnh6dG1UQ3NCWDVUTUxHSjJLOTd2dEhzaFdMb2FrZDZyNHFZVWRvMHdaODQKWWJqdUlDb0VhakJCRWluRGFmbU1zUTc4cldXZ1hrbDNzQmpxTFk1NUlrS2t2MW03L2FZZU9CTGtVUUtCZ0VoQwpnWjdVZDA2L3V3MEFRWFF4OXVvUnM4L0VTVi9ubmJ0c1hyTVhiOVdpM0Q0WXNJZDgvU3RyK1RYSy9lUlI1YW5UCmhZS1htM3dxRTlKdVQ4K2lteTUybjhnYUlkY1VwbWVjOXpLdkx0WDZsbnBoUThTU1NNMTNrTnBGOEJhcXR2SkcKSS92WWhOZ2RYOU5zN0RYamFOT0xMREoraStDN1YvTjNoL0tCcjFMN0FvR0FEbzBMVC9XRWhZTnRuWnQrdkFlNwo3SEw0Y3ZrTXlBR3pPdEtSQmNna2kxQTNYWHpBUndUWkNxR2lXeDNTMXRqdURURmxHUzRONDJjdDN1VVRmRVpSCjZCZ2MzU1RqVGMvalNFbzFuZis0SnhlanJFWHFHV1dyOWJEY3pmUFcxS1lwdDF3UktHcXh3MUdUazBqL0FxZTUKMjltbFMzYlJ6T0c1NlBPZThCSWYrMjA9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+kind: Secret
+metadata:
+  name: kong-validation-webhook
+type: kubernetes.io/tls

config/components/manager_dev_webhook/validating_webhook_configuration.yaml

@@ -0,0 +1,65 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: kong-controller-validations
+webhooks:
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
+    service:
+      name: kong-controller-validation-webhook
+      namespace: kong
+      port: 443
+  failurePolicy: Ignore
+  matchPolicy: Equivalent
+  name: validations.kong.konghq.com
+  rules:
+  - apiGroups:
+    - configuration.konghq.com
+    apiVersions:
+    - '*'
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - kongconsumers
+    - kongplugins
+    - kongclusterplugins
+    - kongingresses
+    scope: '*'
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - secrets
+    - services
+    scope: '*'
+  - apiGroups:
+    - networking.k8s.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - ingresses
+    scope: '*'
+  - apiGroups:
+    - gateway.networking.k8s.io
+    apiVersions:
+    - v1alpha2
+    - v1beta1
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - gateways
+    - httproutes
+    scope: '*'
+  sideEffects: None
+  timeoutSeconds: 10

config/variants/multi-gw-postgres/dev/kustomization.yaml

@@ -6,6 +6,9 @@ namespace: kong
 resources:
 - ../base/
 
+components:
+- ../../../components/manager_dev_webhook
+
 patches:
 - patch: |-
     apiVersion: apps/v1

config/variants/multi-gw/dev/kustomization.yaml

@@ -6,5 +6,8 @@ namespace: kong
 resources:
 - ../base/
 
-patchesStrategicMerge:
-- manager.yaml
+components:
+- ../../../components/manager_dev_webhook
+
+patches:
+- path: manager.yaml