--- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: kruise-rollout-mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1 - v1beta1 clientConfig: service: name: kruise-rollout-webhook-service namespace: {{ .Values.installation.namespace }} path: /mutate-unified-workload failurePolicy: Fail name: munifiedworload.kb.io objectSelector: matchExpressions: - key: rollouts.kruise.io/workload-type operator: Exists {{- if .Values.rollout.webhook.objectSelector }} {{- range $label := .Values.rollout.webhook.objectSelector }} - key: {{ $label.key }} operator: {{ $label.operator }} {{- if $label.values}} values: {{- range $value := $label.values }} - {{ $value }} {{- end }} {{- end}} {{- end }} {{- end }} rules: - apiGroups: - '*' apiVersions: - '*' operations: - CREATE - UPDATE resources: - '*' sideEffects: None - admissionReviewVersions: - v1 - v1beta1 clientConfig: service: name: kruise-rollout-webhook-service namespace: {{ .Values.installation.namespace }} path: /mutate-apps-v1-deployment failurePolicy: Fail name: mdeployment.kb.io objectSelector: matchExpressions: - key: control-plane operator: NotIn values: - {{ .Values.rollout.fullname }} - key: rollouts.kruise.io/workload-type operator: Exists {{- if .Values.rollout.webhook.objectSelector }} {{- range $label := .Values.rollout.webhook.objectSelector }} - key: {{ $label.key }} operator: {{ $label.operator }} {{- if $label.values}} values: {{- range $value := $label.values }} - {{ $value }} {{- end }} {{- end}} {{- end }} {{- end }} rules: - apiGroups: - apps apiVersions: - v1 operations: - UPDATE resources: - deployments sideEffects: None - admissionReviewVersions: - v1 - v1beta1 clientConfig: service: name: kruise-rollout-webhook-service namespace: {{ .Values.installation.namespace }} path: /mutate-apps-kruise-io-v1alpha1-cloneset failurePolicy: Fail name: mcloneset.kb.io objectSelector: matchExpressions: - key: rollouts.kruise.io/workload-type operator: Exists {{- if .Values.rollout.webhook.objectSelector }} {{- range $label := .Values.rollout.webhook.objectSelector }} - key: {{ $label.key }} operator: {{ $label.operator }} {{- if $label.values}} values: {{- range $value := $label.values }} - {{ $value }} {{- end }} {{- end}} {{- end }} {{- end }} rules: - apiGroups: - apps.kruise.io apiVersions: - v1alpha1 operations: - UPDATE resources: - clonesets sideEffects: None - admissionReviewVersions: - v1 - v1beta1 clientConfig: service: name: kruise-rollout-webhook-service namespace: {{ .Values.installation.namespace }} path: /mutate-apps-v1-statefulset failurePolicy: Fail name: mstatefulset.kb.io objectSelector: matchExpressions: - key: rollouts.kruise.io/workload-type operator: Exists {{- if .Values.rollout.webhook.objectSelector }} {{- range $label := .Values.rollout.webhook.objectSelector }} - key: {{ $label.key }} operator: {{ $label.operator }} {{- if $label.values}} values: {{- range $value := $label.values }} - {{ $value }} {{- end }} {{- end}} {{- end }} {{- end }} rules: - apiGroups: - apps apiVersions: - v1 operations: - UPDATE resources: - statefulsets sideEffects: None - admissionReviewVersions: - v1 - v1beta1 clientConfig: service: name: kruise-rollout-webhook-service namespace: {{ .Values.installation.namespace }} path: /mutate-apps-kruise-io-statefulset failurePolicy: Fail name: madvancedstatefulset.kb.io objectSelector: matchExpressions: - key: rollouts.kruise.io/workload-type operator: Exists {{- if .Values.rollout.webhook.objectSelector }} {{- range $label := .Values.rollout.webhook.objectSelector }} - key: {{ $label.key }} operator: {{ $label.operator }} {{- if $label.values}} values: {{- range $value := $label.values }} - {{ $value }} {{- end }} {{- end}} {{- end }} {{- end }} rules: - apiGroups: - apps.kruise.io apiVersions: - v1alpha1 - v1beta1 operations: - CREATE - UPDATE resources: - statefulsets sideEffects: None - admissionReviewVersions: - v1 - v1beta1 clientConfig: service: name: kruise-rollout-webhook-service namespace: {{ .Values.installation.namespace }} path: /mutate-apps-kruise-io-v1alpha1-daemonset failurePolicy: Fail name: mdaemonset.kb.io objectSelector: matchExpressions: - key: rollouts.kruise.io/workload-type operator: Exists {{- if .Values.rollout.webhook.objectSelector }} {{- range $label := .Values.rollout.webhook.objectSelector }} - key: {{ $label.key }} operator: {{ $label.operator }} {{- if $label.values }} values: {{- range $value := $label.values }} - {{ $value }} {{- end }} {{- end }} {{- end }} {{- end }} rules: - apiGroups: - apps.kruise.io apiVersions: - v1alpha1 operations: - UPDATE resources: - daemonsets sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: creationTimestamp: null name: kruise-rollout-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 - v1beta1 clientConfig: service: name: kruise-rollout-webhook-service namespace: {{ .Values.installation.namespace }} path: /validate-rollouts-kruise-io-rollout failurePolicy: Fail name: vrollout.kb.io rules: - apiGroups: - rollouts.kruise.io apiVersions: - v1alpha1 - v1beta1 operations: - CREATE - UPDATE resources: - rollouts sideEffects: None