mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-23 16:20:40 +00:00
4f9b07070a
* feat: enable mutating webhook for ivpol Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: unit tests Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: add objects to payload Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add chainsaw test Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: add update codegen Signed-off-by: ShutingZhao <shuting@nirmata.com> * fix: propagate policy response to admission reponse Signed-off-by: ShutingZhao <shuting@nirmata.com> * chore: update chainsaw tests Signed-off-by: ShutingZhao <shuting@nirmata.com> --------- Signed-off-by: ShutingZhao <shuting@nirmata.com>
42 lines
831 B
YAML
42 lines
831 B
YAML
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingWebhookConfiguration
|
|
metadata:
|
|
labels:
|
|
webhook.kyverno.io/managed-by: kyverno
|
|
name: kyverno-resource-validating-webhook-cfg
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kyverno-svc
|
|
namespace: kyverno
|
|
path: /policies/vpol/validate/fail
|
|
port: 443
|
|
failurePolicy: Fail
|
|
matchPolicy: Equivalent
|
|
name: vpol.validate.kyverno.svc-fail
|
|
namespaceSelector: {}
|
|
objectSelector: {}
|
|
rules:
|
|
- apiGroups:
|
|
- apps
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- deployments
|
|
scope: '*'
|
|
- apiGroups:
|
|
- apps
|
|
apiVersions:
|
|
- v1
|
|
operations:
|
|
- DELETE
|
|
resources:
|
|
- configmaps
|
|
scope: '*'
|
|
sideEffects: NoneOnDryRun
|
|
timeoutSeconds: 10
|