feat: Exclude kube-system by default in webhooks during installation (#92)

* feat: exclude specified namespaces from webhooks Signed-off-by: hantmac <hantmac@outlook.com> * change log --------- Signed-off-by: hantmac <hantmac@outlook.com>
2024-02-28 10:16:05 +08:00 · 2024-02-28 10:16:05 +08:00 · 52e41dc9c7
parent d1c325e49c
commit 52e41dc9c7
2 changed files with 43 additions and 0 deletions
--- a/versions/kruise/1.5.2/Chart.yaml
+++ b/versions/kruise/1.5.2/Chart.yaml
@ -22,3 +22,4 @@ annotations:
  artifacthub.io/changes: |
    - "[Changed]: https://github.com/openkruise/kruise/blob/master/CHANGELOG.md"
    - "[Changed]: Support extra environment variables in the manager DaemonSet"
+    - "[Changed]: Support exclude specified namespaces from webhook"
--- a/versions/kruise/1.5.2/templates/webhookconfiguration.yaml
+++ b/versions/kruise/1.5.2/templates/webhookconfiguration.yaml
@ -19,6 +19,10 @@ webhooks:
          operator: NotIn
          values:
            - openkruise
+        - key: kubernetes.io/metadata.name
+          operator: NotIn
+          values:
+            - kube-system
    rules:
      - apiGroups:
          - ""
@ -281,6 +285,12 @@ webhooks:
      matchExpressions:
        - key: policy.kruise.io/delete-protection
          operator: Exists
+    namespaceSelector:
+      matchExpressions:
+        - key: kubernetes.io/metadata.name
+          operator: NotIn
+          values:
+            - kube-system
    rules:
      - apiGroups:
          - apps
@ -305,6 +315,12 @@ webhooks:
      matchExpressions:
        - key: policy.kruise.io/delete-protection
          operator: Exists
+    namespaceSelector:
+      matchExpressions:
+        - key: kubernetes.io/metadata.name
+          operator: NotIn
+          values:
+            - kube-system
    rules:
      - apiGroups:
          - apps
@ -329,6 +345,12 @@ webhooks:
      matchExpressions:
        - key: policy.kruise.io/delete-protection
          operator: Exists
+    namespaceSelector:
+      matchExpressions:
+        - key: kubernetes.io/metadata.name
+          operator: NotIn
+          values:
+            - kube-system
    rules:
      - apiGroups:
          - apps
@ -353,6 +375,12 @@ webhooks:
      matchExpressions:
        - key: policy.kruise.io/delete-protection
          operator: Exists
+    namespaceSelector:
+      matchExpressions:
+        - key: kubernetes.io/metadata.name
+          operator: NotIn
+          values:
+            - kube-system
    rules:
      - apiGroups:
          - apiextensions.k8s.io
@ -378,6 +406,12 @@ webhooks:
      matchExpressions:
        - key: policy.kruise.io/delete-protection
          operator: Exists
+    namespaceSelector:
+      matchExpressions:
+        - key: kubernetes.io/metadata.name
+          operator: NotIn
+          values:
+            - kube-system
    rules:
      - apiGroups:
          - ""
@ -404,6 +438,10 @@ webhooks:
          operator: NotIn
          values:
            - openkruise
+        - key: kubernetes.io/metadata.name
+          operator: NotIn
+          values:
+            - kube-system
    rules:
      - apiGroups:
          - ""
@ -431,6 +469,10 @@ webhooks:
          operator: NotIn
          values:
            - openkruise
+        - key: kubernetes.io/metadata.name
+          operator: NotIn
+          values:
+            - kube-system
    rules:
      - apiGroups:
          - ""