certificate overhaul

k8s/admission.yaml

@@ -0,0 +1,19 @@
+---
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: deployment-validation
+webhooks:
+  - name: deployment-validation.default.svc
+    clientConfig:
+      service:
+        name: admission-server
+        namespace: default
+        path: "/validate/deployments"
+      caBundle: "${CA_BUNDLE}"
+    rules:
+      - operations: ["CREATE","DELETE"]
+        apiGroups: ["apps"]
+        apiVersions: ["v1"]
+        resources: ["deployments"]
+    failurePolicy: Ignore