Add configurable failurePolicy for injector's webhook

Fixes hashicorp#399

Author: orirawlings

templates/injector-mutating-webhook.yaml

@@ -24,4 +24,7 @@ webhooks:
     namespaceSelector:
 {{ toYaml .Values.injector.namespaceSelector | indent 6}}
 {{ end }}
+{{- with .Values.injector.failurePolicy }}
+    failurePolicy: {{.}}
+{{ end }}
 {{ end }}

values.yaml

@@ -70,6 +70,12 @@ injector:
   #      sidecar-injector: enabled
   namespaceSelector: {}
 
+  # Configures failurePolicy of the webhook. By default webhook failures are ignored. 
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  # failurePolcy: Fail
+
   certs:
     # secretName is the name of the secret that has the TLS certificate and
     # private key to serve the injector webhook. If this is null, then the