https://github.com/krateoplatformops/finops-webhook-template-chart

https://github.com/krateoplatformops/finops-webhook-template-chart

finops

Last synced: 26 days ago
JSON representation

• Host: GitHub
• URL: https://github.com/krateoplatformops/finops-webhook-template-chart
• Owner: krateoplatformops
• License: apache-2.0
• Created: 2025-05-16T13:27:42.000Z (5 months ago)
• Default Branch: main
• Last Pushed: 2025-06-04T15:03:39.000Z (4 months ago)
• Last Synced: 2025-07-24T08:03:20.125Z (2 months ago)
• Topics: finops
• Language: Smarty
• Homepage:
• Size: 25.4 KB
• Stars: 0
• Watchers: 4
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: readme.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# FinOps Webhook Template Chart

This chart is a template that can be imported into a composition chart to include the webhook for the FinOps optimization components. See the composition definition [krateo-v2-template-finops-example-pricing-vm-azure](https://github.com/krateoplatformops/krateo-v2-template-finops-example-pricing-vm-azure) for more details.

## Usage

Include the chart as a dependency, then configure the webhook through the following fields in the values file:

```yaml

# Webhook configuration, the certificare and the service should match the OPA install

# Default values match the krateo-installer

webhook:

  fullnameOverride: mutating-webhook-finopsexamplepricingvmazures

  # To set annotations on all admissionController resources (Secret/Certificate/Issuer/AdmissionController)

  # annotations:

  #   example: value

  # Adds a namespace selector to the admission controller webhook

  namespaceSelector:

    matchExpressions:

    - key: openpolicyagent.org/webhook

      operator: NotIn

      values: 

        - ignore

  # SideEffectClass for the webhook, setting to NoneOnDryRun enables dry-run.

  # Only None and NoneOnDryRun are permitted for admissionregistration.k8s.io/v1.

  sideEffect: None

  useHttps: true

  generatedCerts: true # If this is set to true, the chart will look for the certsSecretRef secret

  # The webhook lookup will look for the field "caBundle"

  certsSecretRef:

    name: opa-kube-mgmt-cert

    namespace: opa-system

  # Otherwise it will use the CA Bundle specified in CA

  CA: ""

  service:

    name: opa-kube-mgmt

    namespace: opa-system

    port: 8181

```

This webhook relies on the certificates created by the [opa-chart](https://github.com/krateoplatformops/opa-chart). If you have external certificates, configure the `certsSecretRef`.