From ebacbbb0ebf48a76cb5f2c743c6b8d8b638f382e Mon Sep 17 00:00:00 2001
From: Nicolas Degory <nicolas.degory@gmail.com>
Date: Tue, 21 Mar 2023 10:35:50 -0700
Subject: [PATCH] feat: annotations for the validating webhook configuration

Signed-off-by: Nicolas Degory <nicolas.degory@gmail.com>
---
 stable/anchore-admission-controller/ci/fake-values.yaml    | 6 ++++++
 stable/anchore-admission-controller/templates/webhook.yaml | 3 +++
 stable/anchore-admission-controller/values.yaml            | 1 +
 3 files changed, 10 insertions(+)

diff --git a/stable/anchore-admission-controller/ci/fake-values.yaml b/stable/anchore-admission-controller/ci/fake-values.yaml
index 3d1c6db8..4da60fb0 100644
--- a/stable/anchore-admission-controller/ci/fake-values.yaml
+++ b/stable/anchore-admission-controller/ci/fake-values.yaml
@@ -1,3 +1,9 @@
+---
+apiService:
+  webhook:
+    annotations:
+      cert-manager.io/inject-ca-from: anchore/webhook-certificate
+      kustomize.toolkit.fluxcd.io/ssa: merge
 credentials:
   users:
   - username: user1
diff --git a/stable/anchore-admission-controller/templates/webhook.yaml b/stable/anchore-admission-controller/templates/webhook.yaml
index 10260308..dc4536d5 100644
--- a/stable/anchore-admission-controller/templates/webhook.yaml
+++ b/stable/anchore-admission-controller/templates/webhook.yaml
@@ -4,6 +4,9 @@ kind: ValidatingWebhookConfiguration
 metadata:
   name: {{ template "anchore-admission-controller.name" . }}-admission.anchore.io
   labels: {{- include "anchore-admission-controller.labels" . | nindent 4 }}
+  {{- with .Values.apiService.webhook.annotations }}
+  annotations: {{ toYaml . | nindent 4 }}
+  {{- end }}
 webhooks:
 - name: {{ template "anchore-admission-controller.name" . }}-admission.anchore.io
   clientConfig:
diff --git a/stable/anchore-admission-controller/values.yaml b/stable/anchore-admission-controller/values.yaml
index 3d1ca196..2b37c651 100644
--- a/stable/anchore-admission-controller/values.yaml
+++ b/stable/anchore-admission-controller/values.yaml
@@ -48,6 +48,7 @@ apiService:
       - key: exclude.admission.anchore.io
         operator: NotIn
         values: ["true"]
+  annotations: {}
 
 anchoreEndpoint: ""
 policySelectors: