# Copyright 2022 Google LLC. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # Not generated by KubeBuilder. Webhooks on core types must be manually # added following this pattern # # Modify files: # - config/webhook/kustomization.yaml – Add a reference to this file # - main.go – Add the line `mgr.GetWebhookServer().Register("/mutate-v1-pod" //...` # - controller/pod_webhook_controller.go – implementation of the core webhook apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: creationTimestamp: null name: mutating-core-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: webhook-service namespace: system path: /mutate-pods # This matches the path in controller/setup.go for pod controller # Note: if you have a webhook for Pod and set failurePolicy to fail, then # in the likely case where your webhook has a bug, it will prevent all pods # from being created or started, completely stopping the entire cluster from # doing any work or recovering from failure. failurePolicy: Ignore name: pods.proxy.cloudsql.google.com matchPolicy: Equivalent namespaceSelector: matchExpressions: - key: kubernetes.io/metadata.name operator: NotIn values: - kube-system rules: - apiGroups: - "" apiVersions: - v1 operations: - CREATE resources: - pods scope: "*" timeoutSeconds: 2 sideEffects: None