kyverno/definitions/MutatingWebhookConfiguration.yaml

# MutatingWebhookConfiguration document which should be used when placing controller inside the cluster
# This configuration is just an example. Webhook for in-cluster configuration is registered by controller (see webhooks/registration.go).
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
  name: nirmata-kube-policy-webhook-cfg
  labels:
    app: kube-policy
webhooks:
  - name: webhook.nirmata.kube-policy
    clientConfig:
      service:
        name: kube-policy-svc
        namespace: default
        path: "/mutate"
      caBundle: ${CA_BUNDLE}
    rules:
      - operations: [ "CREATE" ]
        resources: [ "*/*" ]
        apiGroups: [ "*" ]
        apiVersions: [ "*" ]