feat: add webhook timeout values

Signed-off-by: falcorocks <[email protected]>
sigstore · Jan 20, 2025 · e3ef902 · e3ef902
1 parent fde45bd
commit e3ef902
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 6 deletions.
diff --git a/charts/policy-controller/Chart.yaml b/charts/policy-controller/Chart.yaml
@@ -8,7 +8,7 @@ sources:
 type: application
 
 name: policy-controller
-version: 0.8.1
+version: 0.9.0
 appVersion: 0.11.0
 
 maintainers:

diff --git a/charts/policy-controller/README.md b/charts/policy-controller/README.md
@@ -2,7 +2,7 @@
 
 <!-- This README.md is generated. Please edit README.md.gotmpl -->
 
-![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square)
+![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.11.0](https://img.shields.io/badge/AppVersion-0.11.0-informational?style=flat-square)
 
 The Helm chart for Policy  Controller
 
@@ -153,6 +153,8 @@ helm uninstall [RELEASE_NAME]
 | commonNodeSelector | object | `{}` |  |
 | commonTolerations | list | `[]` |  |
 | cosign.cosignPub | string | `""` |  |
+| cosign.timeoutSeconds.mutating | int | `10` |  |
+| cosign.timeoutSeconds.validating | int | `10` |  |
 | cosign.webhookName | string | `"policy.sigstore.dev"` |  |
 | imagePullSecrets | list | `[]` |  |
 | installCRDs | bool | `true` |  |
@@ -200,3 +202,5 @@ helm uninstall [RELEASE_NAME]
 | webhook.volumes | list | `[]` |  |
 | webhook.webhookNames.defaulting | string | `"defaulting.clusterimagepolicy.sigstore.dev"` |  |
 | webhook.webhookNames.validating | string | `"validating.clusterimagepolicy.sigstore.dev"` |  |
+| webhook.webhookTimeoutSeconds.defaulting | int | `10` |  |
+| webhook.webhookTimeoutSeconds.validating | int | `10` |  |
diff --git a/charts/policy-controller/templates/webhook/policy_webhook_configurations.yaml b/charts/policy-controller/templates/webhook/policy_webhook_configurations.yaml
@@ -28,6 +28,7 @@ webhooks:
     matchPolicy: Equivalent
     name: {{ required "A valid webhook.webhookNames.defaulting is required" .Values.webhook.webhookNames.defaulting }}
     sideEffects: None
+    timeoutSeconds: {{ .Values.webhook.webhookTimeoutSeconds.defaulting }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
@@ -44,3 +45,4 @@ webhooks:
     matchPolicy: Equivalent
     name: {{ required "A valid webhook.webhookNames.validating is required" .Values.webhook.webhookNames.validating }}
     sideEffects: None
+    timeoutSeconds: {{ .Values.webhook.webhookTimeoutSeconds.validating }}
diff --git a/charts/policy-controller/templates/webhook/webhook_mutating.yaml b/charts/policy-controller/templates/webhook/webhook_mutating.yaml
@@ -14,3 +14,4 @@ webhooks:
   failurePolicy: {{ .Values.webhook.failurePolicy }}
   sideEffects: None
   reinvocationPolicy: IfNeeded
+  timeoutSeconds: {{ .Values.cosign.timeoutSeconds.mutating }}
diff --git a/charts/policy-controller/templates/webhook/webhook_validating.yaml b/charts/policy-controller/templates/webhook/webhook_validating.yaml
@@ -13,3 +13,4 @@ webhooks:
       namespace: {{ .Release.Namespace }}
   failurePolicy: {{ .Values.webhook.failurePolicy }}
   sideEffects: None
+  timeoutSeconds: {{ .Values.cosign.timeoutSeconds.validating }}
diff --git a/charts/policy-controller/values.schema.json b/charts/policy-controller/values.schema.json
@@ -35,6 +35,29 @@
           "title": "cosignPub",
           "type": "string"
         },
+        "timeoutSeconds": {
+          "additionalProperties": false,
+          "properties": {
+            "mutating": {
+              "default": 10,
+              "required": [],
+              "title": "mutating",
+              "type": "integer"
+            },
+            "validating": {
+              "default": 10,
+              "required": [],
+              "title": "validating",
+              "type": "integer"
+            }
+          },
+          "required": [
+            "mutating",
+            "validating"
+          ],
+          "title": "timeoutSeconds",
+          "type": "object"
+        },
         "webhookName": {
           "default": "policy.sigstore.dev",
           "required": [],
@@ -44,7 +67,8 @@
       },
       "required": [
         "cosignPub",
-        "webhookName"
+        "webhookName",
+        "timeoutSeconds"
       ],
       "title": "cosign",
       "type": "object"
@@ -188,8 +212,8 @@
               "type": "string"
             },
             "version": {
-              "default": "sha256:f291fce5b9c1a69ba54990eda7e0fe4114043b1afefb0f4ee3e6f84ec9ef1605",
-              "description": "crane digest ghcr.io/sigstore/policy-controller/policy-controller:v0.8.2",
+              "default": "sha256:f3b57d4c906fcbd7229c3069c055ce2b2862e01106c2b85df1322f1e3a232829",
+              "description": "crane digest ghcr.io/sigstore/policy-controller/policy-controller:v0.11.0",
               "required": [],
               "title": "version",
               "type": "string"
@@ -547,6 +571,29 @@
           ],
           "title": "webhookNames",
           "type": "object"
+        },
+        "webhookTimeoutSeconds": {
+          "additionalProperties": false,
+          "properties": {
+            "defaulting": {
+              "default": 10,
+              "required": [],
+              "title": "defaulting",
+              "type": "integer"
+            },
+            "validating": {
+              "default": 10,
+              "required": [],
+              "title": "validating",
+              "type": "integer"
+            }
+          },
+          "required": [
+            "defaulting",
+            "validating"
+          ],
+          "title": "webhookTimeoutSeconds",
+          "type": "object"
         }
       },
       "required": [
@@ -570,7 +617,8 @@
         "volumes",
         "namespaceSelector",
         "registryCaBundle",
-        "webhookNames"
+        "webhookNames",
+        "webhookTimeoutSeconds"
       ],
       "title": "webhook",
       "type": "object"

diff --git a/charts/policy-controller/values.yaml b/charts/policy-controller/values.yaml
@@ -2,6 +2,9 @@ cosign:
   # add the values in base64 encoded
   cosignPub: ""
   webhookName: "policy.sigstore.dev"
+  timeoutSeconds:
+    mutating: 10
+    validating: 10
 
 installCRDs: true
 
@@ -70,6 +73,9 @@ webhook:
   webhookNames:
     defaulting: "defaulting.clusterimagepolicy.sigstore.dev"
     validating: "validating.clusterimagepolicy.sigstore.dev"
+  webhookTimeoutSeconds:
+    defaulting: 10
+    validating: 10
 
 leasescleanup:
   image: