apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: pod-identity-webhook namespace: default annotations: cert-manager.io/inject-ca-from: default/pod-identity-webhook webhooks: - name: pod-identity-webhook.amazonaws.com failurePolicy: Ignore clientConfig: service: name: pod-identity-webhook namespace: default path: "/mutate" objectSelector: matchExpressions: - key: eks.amazonaws.com/skip-pod-identity-webhook operator: "DoesNotExist" values: [] rules: - operations: [ "CREATE" ] apiGroups: [""] apiVersions: ["v1"] resources: ["pods"] sideEffects: None admissionReviewVersions: ["v1beta1"]