From 52e41dc9c7814043f5b21f40e2e6ff3db6d177d9 Mon Sep 17 00:00:00 2001 From: Jeremy Date: Wed, 28 Feb 2024 10:16:05 +0800 Subject: [PATCH] feat: Exclude kube-system by default in webhooks during installation (#92) * feat: exclude specified namespaces from webhooks Signed-off-by: hantmac * change log --------- Signed-off-by: hantmac --- versions/kruise/1.5.2/Chart.yaml | 1 + .../1.5.2/templates/webhookconfiguration.yaml | 42 +++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/versions/kruise/1.5.2/Chart.yaml b/versions/kruise/1.5.2/Chart.yaml index 673feb3..18ee51e 100644 --- a/versions/kruise/1.5.2/Chart.yaml +++ b/versions/kruise/1.5.2/Chart.yaml @@ -22,3 +22,4 @@ annotations: artifacthub.io/changes: | - "[Changed]: https://github.com/openkruise/kruise/blob/master/CHANGELOG.md" - "[Changed]: Support extra environment variables in the manager DaemonSet" + - "[Changed]: Support exclude specified namespaces from webhook" diff --git a/versions/kruise/1.5.2/templates/webhookconfiguration.yaml b/versions/kruise/1.5.2/templates/webhookconfiguration.yaml index ef839d3..07da0e5 100644 --- a/versions/kruise/1.5.2/templates/webhookconfiguration.yaml +++ b/versions/kruise/1.5.2/templates/webhookconfiguration.yaml @@ -19,6 +19,10 @@ webhooks: operator: NotIn values: - openkruise + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system rules: - apiGroups: - "" @@ -281,6 +285,12 @@ webhooks: matchExpressions: - key: policy.kruise.io/delete-protection operator: Exists + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system rules: - apiGroups: - apps @@ -305,6 +315,12 @@ webhooks: matchExpressions: - key: policy.kruise.io/delete-protection operator: Exists + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system rules: - apiGroups: - apps @@ -329,6 +345,12 @@ webhooks: matchExpressions: - key: policy.kruise.io/delete-protection operator: Exists + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system rules: - apiGroups: - apps @@ -353,6 +375,12 @@ webhooks: matchExpressions: - key: policy.kruise.io/delete-protection operator: Exists + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system rules: - apiGroups: - apiextensions.k8s.io @@ -378,6 +406,12 @@ webhooks: matchExpressions: - key: policy.kruise.io/delete-protection operator: Exists + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system rules: - apiGroups: - "" @@ -404,6 +438,10 @@ webhooks: operator: NotIn values: - openkruise + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system rules: - apiGroups: - "" @@ -431,6 +469,10 @@ webhooks: operator: NotIn values: - openkruise + - key: kubernetes.io/metadata.name + operator: NotIn + values: + - kube-system rules: - apiGroups: - ""