feat: support webhook server for ingress

[ronething]

Test Example:

NAMESPACE="webhook-test"
RELEASE_NAME="test-webhook"
CHART_PATH="."

helm upgrade --install $RELEASE_NAME $CHART_PATH \
  --namespace $NAMESPACE \
  --set webhook.enabled=true \
  --set deployment.image.tag="dev" \
  --wait --timeout=2m

• gp1.yaml

apiVersion: apisix.apache.org/v1alpha1
kind: GatewayProxy
metadata:
  name: gp1
spec:
  provider:
    type: ControlPlane
    controlPlane:
      endpoints: 
       - http://127.0.0.1:9180
      auth:
        type: AdminKey
        adminKey:
          value: admin

• gp2.yaml

apiVersion: apisix.apache.org/v1alpha1
kind: GatewayProxy
metadata:
  name: gp2
spec:
  provider:
    type: ControlPlane
    controlPlane:
      endpoints: 
       - http://127.0.0.1:9180
      auth:
        type: AdminKey
        adminKey:
          value: admin

$ k apply -f gp1.yaml -n webhook-test
 
$ k apply -f gp2.yaml -n webhook-test                                                                   
Error from server (Forbidden): error when creating "gp2.yaml": admission webhook "[vgatewayproxy-v1alpha1.kb.io](http://vgatewayproxy-v1alpha1.kb.io/)" denied the request: gateway proxy configuration conflict: GatewayProxy webhook-test/gp2 and webhook-test/gp1 both target control plane endpoints [http://127.0.0.1:9180/] while sharing the same inline AdminKey value

Debug generated ingress-related configurations:

helm template test-webhook ./charts/apisix-ingress-controller \
  --set webhook.enabled=true \
  --debug

[Copilot]

Pull Request Overview

This PR adds admission webhook functionality to the APISIX ingress controller Helm chart, enabling validation of various Kubernetes resources including ingress-related configurations and Gateway API resources.

• Adds webhook configuration with support for auto-generated or user-provided TLS certificates
• Configures ValidatingWebhookConfiguration for multiple resource types (ApisixRoute, Consumer, Gateway, HTTPRoute, etc.)
• Updates deployment to expose webhook port and mount certificate volumes

Reviewed Changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
values.yaml	Adds webhook configuration section with certificate and server settings
templates/webhook.yaml	New template defining ValidatingWebhookConfiguration, Service, and Secret resources
templates/deployment.yaml	Updates container ports and volume mounts for webhook certificates
templates/configmap.yaml	Adds webhook configuration to the application config
templates/cluster_role.yaml	Reorganizes RBAC permissions for Gateway API resources
templates/_helpers.tpl	Adds helper functions for webhook service and secret naming
README.md	Documents new webhook configuration parameters

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}