in pkg/webhook/webhook.go [242:365]
func (w *Config) buildFleetValidatingWebhooks() []admv1.ValidatingWebhook {
webHooks := []admv1.ValidatingWebhook{
{
Name: "fleet.pod.validating",
ClientConfig: w.createClientConfig(pod.ValidationPath),
FailurePolicy: &failFailurePolicy,
SideEffects: &sideEffortsNone,
AdmissionReviewVersions: admissionReviewVersions,
Rules: []admv1.RuleWithOperations{
{
Operations: []admv1.OperationType{
admv1.Create,
},
Rule: createRule([]string{corev1.SchemeGroupVersion.Group}, []string{corev1.SchemeGroupVersion.Version}, []string{podResourceName}, &namespacedScope),
},
},
TimeoutSeconds: longWebhookTimeout,
},
{
Name: "fleet.clusterresourceplacementv1alpha1.validating",
ClientConfig: w.createClientConfig(clusterresourceplacement.V1Alpha1CRPValidationPath),
FailurePolicy: &failFailurePolicy,
SideEffects: &sideEffortsNone,
AdmissionReviewVersions: admissionReviewVersions,
Rules: []admv1.RuleWithOperations{
{
Operations: []admv1.OperationType{
admv1.Create,
admv1.Update,
},
Rule: createRule([]string{fleetv1alpha1.GroupVersion.Group}, []string{fleetv1alpha1.GroupVersion.Version}, []string{fleetv1alpha1.ClusterResourcePlacementResource}, &clusterScope),
},
},
TimeoutSeconds: longWebhookTimeout,
},
{
Name: "fleet.clusterresourceplacementv1beta1.validating",
ClientConfig: w.createClientConfig(clusterresourceplacement.ValidationPath),
FailurePolicy: &failFailurePolicy,
SideEffects: &sideEffortsNone,
AdmissionReviewVersions: admissionReviewVersions,
Rules: []admv1.RuleWithOperations{
{
Operations: []admv1.OperationType{
admv1.Create,
admv1.Update,
},
Rule: createRule([]string{placementv1beta1.GroupVersion.Group}, []string{placementv1beta1.GroupVersion.Version}, []string{placementv1beta1.ClusterResourcePlacementResource}, &clusterScope),
},
},
TimeoutSeconds: longWebhookTimeout,
},
{
Name: "fleet.replicaset.validating",
ClientConfig: w.createClientConfig(replicaset.ValidationPath),
FailurePolicy: &failFailurePolicy,
SideEffects: &sideEffortsNone,
AdmissionReviewVersions: admissionReviewVersions,
Rules: []admv1.RuleWithOperations{
{
Operations: []admv1.OperationType{
admv1.Create,
},
Rule: createRule([]string{appsv1.SchemeGroupVersion.Group}, []string{appsv1.SchemeGroupVersion.Version}, []string{replicaSetResourceName}, &namespacedScope),
},
},
TimeoutSeconds: longWebhookTimeout,
},
{
Name: "fleet.membercluster.validating",
ClientConfig: w.createClientConfig(membercluster.ValidationPath),
FailurePolicy: &failFailurePolicy,
SideEffects: &sideEffortsNone,
AdmissionReviewVersions: admissionReviewVersions,
Rules: []admv1.RuleWithOperations{
{
Operations: []admv1.OperationType{
admv1.Create,
admv1.Update,
admv1.Delete,
},
Rule: createRule([]string{clusterv1beta1.GroupVersion.Group}, []string{clusterv1beta1.GroupVersion.Version}, []string{memberClusterResourceName}, &clusterScope),
},
},
TimeoutSeconds: longWebhookTimeout,
},
{
Name: "fleet.clusterresourceoverride.validating",
ClientConfig: w.createClientConfig(clusterresourceoverride.ValidationPath),
FailurePolicy: &failFailurePolicy,
SideEffects: &sideEffortsNone,
AdmissionReviewVersions: admissionReviewVersions,
Rules: []admv1.RuleWithOperations{
{
Operations: []admv1.OperationType{
admv1.Create,
admv1.Update,
},
Rule: createRule([]string{placementv1alpha1.GroupVersion.Group}, []string{placementv1alpha1.GroupVersion.Version}, []string{clusterResourceOverrideName}, &clusterScope),
},
},
TimeoutSeconds: longWebhookTimeout,
},
{
Name: "fleet.resourceoverride.validating",
ClientConfig: w.createClientConfig(resourceoverride.ValidationPath),
FailurePolicy: &failFailurePolicy,
SideEffects: &sideEffortsNone,
AdmissionReviewVersions: admissionReviewVersions,
Rules: []admv1.RuleWithOperations{
{
Operations: []admv1.OperationType{
admv1.Create,
admv1.Update,
},
Rule: createRule([]string{placementv1alpha1.GroupVersion.Group}, []string{placementv1alpha1.GroupVersion.Version}, []string{resourceOverrideName}, &namespacedScope),
},
},
TimeoutSeconds: longWebhookTimeout,
},
}
return webHooks
}