diff --git a/pkg/controllers/webhook/controller.go b/pkg/controllers/webhook/controller.go index bd7b5c935b..1b81fdf011 100644 --- a/pkg/controllers/webhook/controller.go +++ b/pkg/controllers/webhook/controller.go @@ -587,6 +587,25 @@ func (c *controller) buildDefaultResourceMutatingWebhookConfiguration(cfg config AdmissionReviewVersions: []string{"v1"}, TimeoutSeconds: &c.defaultTimeout, ReinvocationPolicy: &ifNeeded, + }, { + Name: config.MutatingWebhookName + "-fail", + ClientConfig: c.clientConfig(caBundle, config.MutatingWebhookServicePath+"/fail"), + Rules: []admissionregistrationv1.RuleWithOperations{{ + Rule: admissionregistrationv1.Rule{ + APIGroups: []string{"*"}, + APIVersions: []string{"*"}, + Resources: []string{"*/*"}, + }, + Operations: []admissionregistrationv1.OperationType{ + admissionregistrationv1.Create, + admissionregistrationv1.Update, + }, + }}, + FailurePolicy: &fail, + SideEffects: &noneOnDryRun, + AdmissionReviewVersions: []string{"v1"}, + TimeoutSeconds: &c.defaultTimeout, + ReinvocationPolicy: &ifNeeded, }}, }, nil @@ -689,6 +708,26 @@ func (c *controller) buildDefaultResourceValidatingWebhookConfiguration(cfg conf SideEffects: sideEffects, AdmissionReviewVersions: []string{"v1"}, TimeoutSeconds: &c.defaultTimeout, + }, { + Name: config.ValidatingWebhookName + "-fail", + ClientConfig: c.clientConfig(caBundle, config.ValidatingWebhookServicePath+"/fail"), + Rules: []admissionregistrationv1.RuleWithOperations{{ + Rule: admissionregistrationv1.Rule{ + APIGroups: []string{"*"}, + APIVersions: []string{"*"}, + Resources: []string{"*/*"}, + }, + Operations: []admissionregistrationv1.OperationType{ + admissionregistrationv1.Create, + admissionregistrationv1.Update, + admissionregistrationv1.Delete, + admissionregistrationv1.Connect, + }, + }}, + FailurePolicy: &fail, + SideEffects: sideEffects, + AdmissionReviewVersions: []string{"v1"}, + TimeoutSeconds: &c.defaultTimeout, }}, }, nil