github.com/verrazzano/verrazzano@v1.7.1/platform-operator/helm_config/charts/verrazzano-application-operator/templates/mutatingwebhookconfiguration.yaml (about) 1 # Copyright (c) 2020, 2022, Oracle and/or its affiliates. 2 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 --- 4 apiVersion: admissionregistration.k8s.io/v1 5 kind: MutatingWebhookConfiguration 6 metadata: 7 name: verrazzano-application-appconfig-defaulter 8 namespace: {{ .Values.namespace }} 9 labels: 10 app: {{ .Values.name }}-webhook 11 webhooks: 12 - name: verrazzano-application-appconfig-defaulter.verrazzano.io 13 namespaceSelector: 14 matchExpressions: 15 - { key: verrazzano.io/namespace, operator: NotIn, values: [ kube-system ] } 16 clientConfig: 17 service: 18 name: {{ .Values.name }}-webhook 19 namespace: {{ .Values.namespace }} 20 path: "/appconfig-defaulter" 21 rules: 22 - apiGroups: 23 - core.oam.dev 24 apiVersions: 25 - v1alpha2 26 operations: 27 - CREATE 28 - UPDATE 29 - DELETE 30 resources: 31 - applicationconfigurations 32 sideEffects: NoneOnDryRun 33 failurePolicy: Fail 34 matchPolicy: Exact 35 timeoutSeconds: 30 36 admissionReviewVersions: 37 - v1beta1 38 - v1 39 --- 40 apiVersion: admissionregistration.k8s.io/v1 41 kind: MutatingWebhookConfiguration 42 metadata: 43 name: verrazzano-application-istio-defaulter 44 namespace: {{ .Values.namespace }} 45 labels: 46 app: {{ .Values.name }}-webhook 47 webhooks: 48 - name: verrazzano-application-istio-defaulter.verrazzano.io 49 namespaceSelector: 50 matchExpressions: 51 - {key: istio-injection, operator: In, values: [enabled]} 52 - {key: verrazzano.io/namespace, operator: NotIn, values: [verrazzano-system, kube-system, verrazzano-monitoring]} 53 clientConfig: 54 service: 55 name: {{ .Values.name }}-webhook 56 namespace: {{ .Values.namespace }} 57 path: "/istio-defaulter" 58 rules: 59 - apiGroups: 60 - "" 61 apiVersions: 62 - v1 63 operations: 64 - CREATE 65 resources: 66 - pods 67 sideEffects: None 68 failurePolicy: Fail 69 matchPolicy: Exact 70 timeoutSeconds: 30 71 admissionReviewVersions: 72 - v1beta1 73 - v1 74 75 --- 76 apiVersion: admissionregistration.k8s.io/v1 77 kind: MutatingWebhookConfiguration 78 metadata: 79 name: verrazzano-application-metrics-binding 80 namespace: {{ .Values.namespace }} 81 labels: 82 app: {{ .Values.name }}-webhook 83 webhooks: 84 - name: metrics-binding-generator-workload.verrazzano.io 85 namespaceSelector: 86 matchExpressions: 87 - { key: verrazzano.io/namespace, operator: NotIn, values: [ kube-system ] } 88 matchLabels: 89 verrazzano-managed: "true" 90 objectSelector: 91 matchExpressions: 92 - key: app.oam.dev/component 93 operator: DoesNotExist 94 clientConfig: 95 service: 96 name: {{ .Values.name }}-webhook 97 namespace: {{ .Values.namespace }} 98 path: "/metrics-binding-generator-workload" 99 rules: 100 - operations: ["CREATE","UPDATE"] 101 apiGroups: ["*"] 102 apiVersions: ["*"] 103 resources: ["deployments","pods","replicasets","statefulsets"] 104 scope: "Namespaced" 105 sideEffects: None 106 failurePolicy: Fail 107 matchPolicy: Equivalent 108 timeoutSeconds: 30 109 admissionReviewVersions: 110 - v1beta1 111 - v1 112 - name: metrics-binding-labeler-pod.verrazzano.io 113 namespaceSelector: 114 matchExpressions: 115 - { key: verrazzano.io/namespace, operator: NotIn, values: [ kube-system ] } 116 matchLabels: 117 verrazzano-managed: "true" 118 objectSelector: 119 matchExpressions: 120 - key: app.oam.dev/component 121 operator: DoesNotExist 122 clientConfig: 123 service: 124 name: {{ .Values.name }}-webhook 125 namespace: {{ .Values.namespace }} 126 path: "/metrics-binding-labeler-pod" 127 rules: 128 - operations: ["CREATE"] 129 apiGroups: [""] 130 apiVersions: ["v1"] 131 resources: ["pods"] 132 scope: "Namespaced" 133 sideEffects: None 134 failurePolicy: Fail 135 matchPolicy: Equivalent 136 timeoutSeconds: 30 137 admissionReviewVersions: 138 - v1beta1 139 - v1