From 1b356361c71ded5d9c4c3d8b447ca74231af5df1 Mon Sep 17 00:00:00 2001
From: Arjun Naik <arjunrn@users.noreply.github.com>
Date: Thu, 14 Dec 2023 14:39:15 +0100
Subject: [PATCH] [stable/field-exporter] add validating webhook configuration

---
 stable/field-exporter/README.md               |  57 ++++---
 .../field-exporter/templates/deployment.yaml  |  21 ++-
 .../templates/leader-election-rbac.yaml       |   2 +-
 .../templates/manager-rbac.yaml               |  16 +-
 .../templates/metrics-reader-rbac.yaml        |  14 ++
 .../templates/metrics-service.yaml            |  17 ++
 .../field-exporter/templates/proxy-rbac.yaml  |  40 +++++
 .../templates/resourcefieldexport-crd.yaml    | 152 ++++++++++++++++++
 .../templates/selfsigned-issuer.yaml          |   8 +
 .../templates/serviceaccount.yaml             |   2 +-
 .../templates/serving-cert.yaml               |  16 ++
 .../validating-webhook-configuration.yaml     |  29 ++++
 .../templates/webhook-service.yaml            |  16 ++
 stable/field-exporter/values.yaml             |  11 +-
 14 files changed, 357 insertions(+), 44 deletions(-)
 create mode 100644 stable/field-exporter/templates/metrics-reader-rbac.yaml
 create mode 100644 stable/field-exporter/templates/metrics-service.yaml
 create mode 100644 stable/field-exporter/templates/proxy-rbac.yaml
 create mode 100644 stable/field-exporter/templates/resourcefieldexport-crd.yaml
 create mode 100644 stable/field-exporter/templates/selfsigned-issuer.yaml
 create mode 100644 stable/field-exporter/templates/serving-cert.yaml
 create mode 100644 stable/field-exporter/templates/validating-webhook-configuration.yaml
 create mode 100644 stable/field-exporter/templates/webhook-service.yaml

diff --git a/stable/field-exporter/README.md b/stable/field-exporter/README.md
index b8dc004a..9e57b502 100644
--- a/stable/field-exporter/README.md
+++ b/stable/field-exporter/README.md
@@ -2,7 +2,9 @@
 
 ![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.1.0](https://img.shields.io/badge/AppVersion-v1.1.0-informational?style=flat-square)
 
-A chart to install [field-exporter](https://github.com/deliveryhero/field-exporter). This controller is used to fill the gap in [k8s-config-connector](https://github.com/GoogleCloudPlatform/k8s-config-connector) for exporting value from Config Connector managed resources into Secrets and ConfigMaps.
+A chart to install [field-exporter](https://github.com/deliveryhero/field-exporter). This controller is used to fill the
+gap in [k8s-config-connector](https://github.com/GoogleCloudPlatform/k8s-config-connector) for exporting value from
+Config Connector managed resources into Secrets and ConfigMaps.
 
 **Homepage:** <https://github.com/deliveryhero/field-exporter>
 
@@ -44,32 +46,35 @@ helm install my-release deliveryhero/field-exporter -f values.yaml
 
 ## Values
 
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| controllerManager.manager.args[0] | string | `"--health-probe-bind-address=:8081"` |  |
-| controllerManager.manager.args[1] | string | `"--metrics-bind-address=127.0.0.1:8080"` |  |
-| controllerManager.manager.args[2] | string | `"--leader-elect"` |  |
-| controllerManager.manager.containerSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
-| controllerManager.manager.containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
-| controllerManager.manager.image.repository | string | `"europe-docker.pkg.dev/dp-common-infra-5780/developer-platform-public/deliveryhero/field-exporter"` |  |
-| controllerManager.manager.image.tag | string | `"v1.1.0"` |  |
-| controllerManager.manager.resources.limits.cpu | string | `"500m"` |  |
-| controllerManager.manager.resources.limits.memory | string | `"128Mi"` |  |
-| controllerManager.manager.resources.requests.cpu | string | `"10m"` |  |
-| controllerManager.manager.resources.requests.memory | string | `"128Mi"` |  |
-| controllerManager.podLabels | object | `{}` |  |
-| controllerManager.replicas | int | `1` |  |
-| controllerManager.serviceAccount.annotations | object | `{}` |  |
-| kubernetesClusterDomain | string | `"cluster.local"` |  |
-| metricsService.ports[0].name | string | `"https"` |  |
-| metricsService.ports[0].port | int | `8443` |  |
-| metricsService.ports[0].protocol | string | `"TCP"` |  |
-| metricsService.ports[0].targetPort | string | `"https"` |  |
-| metricsService.type | string | `"ClusterIP"` |  |
+| Key                                                                         | Type   | Default                                                                                              | Description |
+|-----------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------|-------------|
+| controllerManager.manager.args[0]                                           | string | `"--leader-elect"`                                                                                   |             |
+| controllerManager.manager.containerSecurityContext.allowPrivilegeEscalation | bool   | `false`                                                                                              |             |
+| controllerManager.manager.containerSecurityContext.capabilities.drop[0]     | string | `"ALL"`                                                                                              |             |
+| controllerManager.manager.image.repository                                  | string | `"europe-docker.pkg.dev/dp-common-infra-5780/developer-platform-public/deliveryhero/field-exporter"` |             |
+| controllerManager.manager.image.tag                                         | string | `"v1.1.0"`                                                                                           |             |
+| controllerManager.manager.resources.limits.cpu                              | string | `"500m"`                                                                                             |             |
+| controllerManager.manager.resources.limits.memory                           | string | `"128Mi"`                                                                                            |             |
+| controllerManager.manager.resources.requests.cpu                            | string | `"10m"`                                                                                              |             |
+| controllerManager.manager.resources.requests.memory                         | string | `"128Mi"`                                                                                            |             |
+| controllerManager.podLabels                                                 | object | `{}`                                                                                                 |             |
+| controllerManager.replicas                                                  | int    | `1`                                                                                                  |             |
+| controllerManager.serviceAccount.annotations                                | object | `{}`                                                                                                 |             |
+| kubernetesClusterDomain                                                     | string | `"cluster.local"`                                                                                    |             |
+| metricsService.ports[0].name                                                | string | `"https"`                                                                                            |             |
+| metricsService.ports[0].port                                                | int    | `8443`                                                                                               |             |
+| metricsService.ports[0].protocol                                            | string | `"TCP"`                                                                                              |             |
+| metricsService.ports[0].targetPort                                          | string | `"https"`                                                                                            |             |
+| metricsService.type                                                         | string | `"ClusterIP"`                                                                                        |             |
+| webhookService.ports[0].name                                                | string | `"https"`                                                                                            |             |
+| webhookService.ports[0].port                                                | int    | `443`                                                                                                |             |
+| webhookService.ports[0].protocol                                            | string | `"TCP"`                                                                                              |             |
+| webhookService.ports[0].targetPort                                          | string | `"https"`                                                                                            |             |
+| webhookService.type                                                         | string | `"ClusterIP"`                                                                                        |             |
 
 ## Maintainers
 
-| Name | Email | Url |
-| ---- | ------ | --- |
-| vzholudev | <no-reply@deliveryhero.com> | <https://github.com/vzholudev> |
+| Name       | Email                       | Url                             |
+|------------|-----------------------------|---------------------------------|
+| vzholudev  | <no-reply@deliveryhero.com> | <https://github.com/vzholudev>  |
 | mtahaahmed | <no-reply@deliveryhero.com> | <https://github.com/mtahaahmed> |
diff --git a/stable/field-exporter/templates/deployment.yaml b/stable/field-exporter/templates/deployment.yaml
index 6695faf4..9677a0b9 100644
--- a/stable/field-exporter/templates/deployment.yaml
+++ b/stable/field-exporter/templates/deployment.yaml
@@ -15,9 +15,6 @@ spec:
       labels:
         control-plane: controller-manager
       {{- include "field-exporter.selectorLabels" . | nindent 8 }}
-      {{- if .Values.controllerManager.podLabels }}
-{{ toYaml .Values.controllerManager.podLabels | indent 8 }}
-      {{- end }}
       annotations:
         kubectl.kubernetes.io/default-container: manager
     spec:
@@ -28,7 +25,10 @@ spec:
         env:
         - name: KUBERNETES_CLUSTER_DOMAIN
           value: {{ quote .Values.kubernetesClusterDomain }}
-        image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag | default .Chart.AppVersion }}
+        - name: ENABLE_WEBHOOKS
+          value: "true"
+        image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag
+          | default .Chart.AppVersion }}
         livenessProbe:
           httpGet:
             path: /healthz
@@ -36,6 +36,10 @@ spec:
           initialDelaySeconds: 15
           periodSeconds: 20
         name: manager
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
         readinessProbe:
           httpGet:
             path: /readyz
@@ -46,7 +50,16 @@ spec:
           }}
         securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext
           | nindent 10 }}
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
       securityContext:
         runAsNonRoot: true
       serviceAccountName: {{ include "field-exporter.fullname" . }}-controller-manager
       terminationGracePeriodSeconds: 10
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: webhook-server-cert
diff --git a/stable/field-exporter/templates/leader-election-rbac.yaml b/stable/field-exporter/templates/leader-election-rbac.yaml
index d8a90a9d..a2be2226 100644
--- a/stable/field-exporter/templates/leader-election-rbac.yaml
+++ b/stable/field-exporter/templates/leader-election-rbac.yaml
@@ -53,4 +53,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: '{{ include "field-exporter.fullname" . }}-controller-manager'
-  namespace: '{{ .Release.Namespace }}'
+  namespace: '{{ .Release.Namespace }}'
\ No newline at end of file
diff --git a/stable/field-exporter/templates/manager-rbac.yaml b/stable/field-exporter/templates/manager-rbac.yaml
index 11cf1c28..1ea6f246 100644
--- a/stable/field-exporter/templates/manager-rbac.yaml
+++ b/stable/field-exporter/templates/manager-rbac.yaml
@@ -6,23 +6,23 @@ metadata:
   {{- include "field-exporter.labels" . | nindent 4 }}
 rules:
 - apiGroups:
-  - ""
+  - alloydb.cnrm.cloud.google.com
   resources:
-  - configmaps
-  - secrets
+  - '*'
   verbs:
   - get
   - list
-  - patch
-  - update
   - watch
 - apiGroups:
-  - alloydb.cnrm.cloud.google.com
+  - ""
   resources:
-  - '*'
+  - configmaps
+  - secrets
   verbs:
   - get
   - list
+  - patch
+  - update
   - watch
 - apiGroups:
   - gdp.deliveryhero.io
@@ -99,4 +99,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: '{{ include "field-exporter.fullname" . }}-controller-manager'
-  namespace: '{{ .Release.Namespace }}'
+  namespace: '{{ .Release.Namespace }}'
\ No newline at end of file
diff --git a/stable/field-exporter/templates/metrics-reader-rbac.yaml b/stable/field-exporter/templates/metrics-reader-rbac.yaml
new file mode 100644
index 00000000..df10ebbf
--- /dev/null
+++ b/stable/field-exporter/templates/metrics-reader-rbac.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "field-exporter.fullname" . }}-metrics-reader
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: field-exporter
+    app.kubernetes.io/part-of: field-exporter
+  {{- include "field-exporter.labels" . | nindent 4 }}
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
\ No newline at end of file
diff --git a/stable/field-exporter/templates/metrics-service.yaml b/stable/field-exporter/templates/metrics-service.yaml
new file mode 100644
index 00000000..1068a106
--- /dev/null
+++ b/stable/field-exporter/templates/metrics-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "field-exporter.fullname" . }}-controller-manager-metrics-service
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: field-exporter
+    app.kubernetes.io/part-of: field-exporter
+    control-plane: controller-manager
+  {{- include "field-exporter.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.metricsService.type }}
+  selector:
+    control-plane: controller-manager
+  {{- include "field-exporter.selectorLabels" . | nindent 4 }}
+  ports:
+	{{- .Values.metricsService.ports | toYaml | nindent 2 -}}
\ No newline at end of file
diff --git a/stable/field-exporter/templates/proxy-rbac.yaml b/stable/field-exporter/templates/proxy-rbac.yaml
new file mode 100644
index 00000000..5477f827
--- /dev/null
+++ b/stable/field-exporter/templates/proxy-rbac.yaml
@@ -0,0 +1,40 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "field-exporter.fullname" . }}-proxy-role
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: field-exporter
+    app.kubernetes.io/part-of: field-exporter
+  {{- include "field-exporter.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "field-exporter.fullname" . }}-proxy-rolebinding
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: field-exporter
+    app.kubernetes.io/part-of: field-exporter
+  {{- include "field-exporter.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: '{{ include "field-exporter.fullname" . }}-proxy-role'
+subjects:
+- kind: ServiceAccount
+  name: '{{ include "field-exporter.fullname" . }}-controller-manager'
+  namespace: '{{ .Release.Namespace }}'
\ No newline at end of file
diff --git a/stable/field-exporter/templates/resourcefieldexport-crd.yaml b/stable/field-exporter/templates/resourcefieldexport-crd.yaml
new file mode 100644
index 00000000..9d42206b
--- /dev/null
+++ b/stable/field-exporter/templates/resourcefieldexport-crd.yaml
@@ -0,0 +1,152 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: resourcefieldexports.gdp.deliveryhero.io
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ include "field-exporter.fullname"
+      . }}-serving-cert'
+    controller-gen.kubebuilder.io/version: v0.13.0
+  labels:
+  {{- include "field-exporter.labels" . | nindent 4 }}
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          name: '{{ include "field-exporter.fullname" . }}-webhook-service'
+          namespace: '{{ .Release.Namespace }}'
+          path: /convert
+      conversionReviewVersions:
+      - v1
+  group: gdp.deliveryhero.io
+  names:
+    kind: ResourceFieldExport
+    listKind: ResourceFieldExportList
+    plural: resourcefieldexports
+    singular: resourcefieldexport
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ResourceFieldExport is the Schema for the resourcefieldexports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ResourceFieldExportSpec defines the desired state of ResourceFieldExport
+            properties:
+              from:
+                properties:
+                  apiVersion:
+                    description: APIVersion is the group version of the resource
+                    pattern: ^([a-zA-Z0-9.-]+[a-zA-Z0-9-]\/[a-zA-Z0-9]+|[a-zA-Z0-9]+)$
+                    type: string
+                  kind:
+                    type: string
+                  name:
+                    type: string
+                required:
+                - apiVersion
+                - kind
+                - name
+                type: object
+              outputs:
+                items:
+                  properties:
+                    key:
+                      type: string
+                    path:
+                      type: string
+                  required:
+                  - key
+                  - path
+                  type: object
+                type: array
+              requiredFields:
+                properties:
+                  statusConditions:
+                    items:
+                      properties:
+                        status:
+                          type: string
+                        type:
+                          type: string
+                      required:
+                      - status
+                      - type
+                      type: object
+                    type: array
+                type: object
+              to:
+                description: DestinationRef is where the fields should be written.
+                properties:
+                  name:
+                    type: string
+                  type:
+                    description: DestinationType is a ConfigMap or a Secret
+                    enum:
+                    - ConfigMap
+                    - Secret
+                    type: string
+                required:
+                - name
+                - type
+                type: object
+            required:
+            - from
+            - outputs
+            - to
+            type: object
+          status:
+            description: ResourceFieldExportStatus defines the observed state of ResourceFieldExport
+            properties:
+              conditions:
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: The last time the condition transitioned from one
+                        status to another.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human-readable message indicating details about
+                        the transition.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type is the type of the Condition
+                      type: string
+                  required:
+                  - status
+                  - type
+                  type: object
+                type: array
+            required:
+            - conditions
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
\ No newline at end of file
diff --git a/stable/field-exporter/templates/selfsigned-issuer.yaml b/stable/field-exporter/templates/selfsigned-issuer.yaml
new file mode 100644
index 00000000..57cdbd93
--- /dev/null
+++ b/stable/field-exporter/templates/selfsigned-issuer.yaml
@@ -0,0 +1,8 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ include "field-exporter.fullname" . }}-selfsigned-issuer
+  labels:
+  {{- include "field-exporter.labels" . | nindent 4 }}
+spec:
+  selfSigned: {}
\ No newline at end of file
diff --git a/stable/field-exporter/templates/serviceaccount.yaml b/stable/field-exporter/templates/serviceaccount.yaml
index 8568c0e2..30771a32 100644
--- a/stable/field-exporter/templates/serviceaccount.yaml
+++ b/stable/field-exporter/templates/serviceaccount.yaml
@@ -5,4 +5,4 @@ metadata:
   labels:
   {{- include "field-exporter.labels" . | nindent 4 }}
   annotations:
-    {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }}
+    {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }}
\ No newline at end of file
diff --git a/stable/field-exporter/templates/serving-cert.yaml b/stable/field-exporter/templates/serving-cert.yaml
new file mode 100644
index 00000000..c0777aec
--- /dev/null
+++ b/stable/field-exporter/templates/serving-cert.yaml
@@ -0,0 +1,16 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "field-exporter.fullname" . }}-serving-cert
+  labels:
+  {{- include "field-exporter.labels" . | nindent 4 }}
+spec:
+  dnsNames:
+  - '{{ include "field-exporter.fullname" . }}-webhook-service.{{ .Release.Namespace
+    }}.svc'
+  - '{{ include "field-exporter.fullname" . }}-webhook-service.{{ .Release.Namespace
+    }}.svc.{{ .Values.kubernetesClusterDomain }}'
+  issuerRef:
+    kind: Issuer
+    name: '{{ include "field-exporter.fullname" . }}-selfsigned-issuer'
+  secretName: webhook-server-cert
\ No newline at end of file
diff --git a/stable/field-exporter/templates/validating-webhook-configuration.yaml b/stable/field-exporter/templates/validating-webhook-configuration.yaml
new file mode 100644
index 00000000..d5f2ba4c
--- /dev/null
+++ b/stable/field-exporter/templates/validating-webhook-configuration.yaml
@@ -0,0 +1,29 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: {{ include "field-exporter.fullname" . }}-validating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "field-exporter.fullname" . }}-serving-cert
+  labels:
+  {{- include "field-exporter.labels" . | nindent 4 }}
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: '{{ include "field-exporter.fullname" . }}-webhook-service'
+      namespace: '{{ .Release.Namespace }}'
+      path: /validate-gdp-deliveryhero-io-v1alpha1-resourcefieldexport
+  failurePolicy: Fail
+  name: vresourcefieldexport.kb.io
+  rules:
+  - apiGroups:
+    - gdp.deliveryhero.io
+    apiVersions:
+    - v1alpha1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - resourcefieldexports
+  sideEffects: None
\ No newline at end of file
diff --git a/stable/field-exporter/templates/webhook-service.yaml b/stable/field-exporter/templates/webhook-service.yaml
new file mode 100644
index 00000000..ad3ddbfa
--- /dev/null
+++ b/stable/field-exporter/templates/webhook-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "field-exporter.fullname" . }}-webhook-service
+  labels:
+    app.kubernetes.io/component: webhook
+    app.kubernetes.io/created-by: field-exporter
+    app.kubernetes.io/part-of: field-exporter
+  {{- include "field-exporter.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.webhookService.type }}
+  selector:
+    control-plane: controller-manager
+  {{- include "field-exporter.selectorLabels" . | nindent 4 }}
+  ports:
+	{{- .Values.webhookService.ports | toYaml | nindent 2 -}}
\ No newline at end of file
diff --git a/stable/field-exporter/values.yaml b/stable/field-exporter/values.yaml
index 05c06ea7..af62ce40 100644
--- a/stable/field-exporter/values.yaml
+++ b/stable/field-exporter/values.yaml
@@ -1,8 +1,6 @@
 controllerManager:
   manager:
     args:
-    - --health-probe-bind-address=:8081
-    - --metrics-bind-address=127.0.0.1:8080
     - --leader-elect
     containerSecurityContext:
       allowPrivilegeEscalation: false
@@ -11,7 +9,7 @@ controllerManager:
         - ALL
     image:
       repository: europe-docker.pkg.dev/dp-common-infra-5780/developer-platform-public/deliveryhero/field-exporter
-      tag: v1.1.0
+      tag: v1.3.0
     resources:
       limits:
         cpu: 500m
@@ -22,7 +20,6 @@ controllerManager:
   replicas: 1
   serviceAccount:
     annotations: {}
-  podLabels: {}
 kubernetesClusterDomain: cluster.local
 metricsService:
   ports:
@@ -31,3 +28,9 @@ metricsService:
     protocol: TCP
     targetPort: https
   type: ClusterIP
+webhookService:
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 9443
+  type: ClusterIP