mirror of https://github.com/linkerd/linkerd2.git
aaab29c5f7
* Set mutating webhook rules scope to Namespaced Problem: The linkerd-proxy-injector-webhook-config, linkerd-jaeger-injector-webhook-config, and linkerd-tap-injector-webhook-config mutating webhooks raise a warning on GKE that says "Update webhook to no longer intercept system requests." in the GCP console recommendation section. This is because the scope is set to *. This also happens if scope is Namespaced, and kube-system and kube-node-lease namespaces are not excluded using namespaceSelector. Solution: Setting the scope to Namespaced for all webhooks, and the user can set the namespaceSelector in the helm values. Validation: This should not change the webhooks behaviour as all webhooks are triggered only by pod/service creation requests, and pods/services are namespaced resources. Fixes #12193 --------- Signed-off-by: f.medini <f.medini@nyris.io> Co-authored-by: Alejandro Pedraza <alejandro@buoyant.io> |
||
|---|---|---|
| .. | ||
| charts/linkerd-jaeger | ||
| cmd | ||
| injector | ||
| pkg/labels | ||
| static | ||