From 2bdbac3e150167d0625c4e8b56635742f65d825b Mon Sep 17 00:00:00 2001
From: Matt Moyer <moyerm@vmware.com>
Date: Wed, 9 Sep 2020 13:15:35 -0500
Subject: [PATCH] Move the ytt webhook config out into the CRD.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
---
 deploy/deployment.yaml |  3 ---
 deploy/webhook.yaml    | 16 ++++++++++++++++
 2 files changed, 16 insertions(+), 3 deletions(-)
 create mode 100644 deploy/webhook.yaml

diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml
index 28acfcde..03d56e0e 100644
--- a/deploy/deployment.yaml
+++ b/deploy/deployment.yaml
@@ -29,9 +29,6 @@ data:
   pinniped.yaml: |
     discovery:
       url: (@= data.values.discovery_url or "null" @)
-    webhook:
-      url: (@= data.values.webhook_url @)
-      caBundle: (@= data.values.webhook_ca_bundle @)
     api:
       servingCertificate:
         durationSeconds: (@= str(data.values.api_serving_certificate_duration_seconds) @)
diff --git a/deploy/webhook.yaml b/deploy/webhook.yaml
new file mode 100644
index 00000000..27a57def
--- /dev/null
+++ b/deploy/webhook.yaml
@@ -0,0 +1,16 @@
+#! Copyright 2020 VMware, Inc.
+#! SPDX-License-Identifier: Apache-2.0
+
+#@ load("@ytt:data", "data")
+
+apiVersion: idp.pinniped.dev/v1alpha1
+kind: WebhookIdentityProvider
+metadata:
+  name: #@ data.values.app_name + "-webhook"
+  namespace: #@ data.values.namespace
+  labels:
+    app: #@ data.values.app_name
+spec:
+  endpoint: #@ data.values.webhook_url
+  tls:
+    certificateAuthorityData: #@ data.values.webhook_ca_bundle