apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: edge-injector annotations: cert-manager.io/inject-ca-from: edge-injector/edge-injector webhooks: - name: couchuser.datasync.edge.ncr.com admissionReviewVersions: - v1 clientConfig: service: name: edge-injector namespace: edge-injector port: 443 path: /mutating-create-update-pod-couchdb-secret failurePolicy: Fail objectSelector: matchExpressions: - key: injector.edge.ncr.com/couchdb-user operator: Exists rules: - resources: ["pods"] apiGroups: [""] apiVersions: ["v1"] operations: ["CREATE", "UPDATE"] scope: "*" sideEffects: None - name: device-system.edge.ncr.com-daemonset admissionReviewVersions: ["v1"] clientConfig: service: name: edge-injector namespace: edge-injector path: "/resourcerequest-daemonset" failurePolicy: Fail objectSelector: matchLabels: device-system.edge.ncr.com/injection: "enabled" rules: - resources: ["daemonsets"] apiGroups: ["apps"] apiVersions: ["v1"] operations: - "CREATE" - "UPDATE" sideEffects: None - name: device-system.edge.ncr.com-deployment admissionReviewVersions: ["v1"] clientConfig: service: name: edge-injector namespace: edge-injector path: "/resourcerequest-deployment" failurePolicy: Fail objectSelector: matchLabels: device-system.edge.ncr.com/injection: "enabled" rules: - resources: ["deployments"] apiGroups: ["apps"] apiVersions: ["v1"] operations: - "CREATE" - "UPDATE" sideEffects: None - name: device-system.edge.ncr.com-pods admissionReviewVersions: - v1 clientConfig: service: name: edge-injector namespace: edge-injector port: 443 path: "/resourcerequest-pods" failurePolicy: Fail objectSelector: matchLabels: kubevirt.io: virt-launcher rules: - resources: ["pods"] apiGroups: [""] apiVersions: ["v1"] operations: ["CREATE", "UPDATE"] scope: "*" sideEffects: None - name: device-system.edge.ncr.com-statefulset admissionReviewVersions: ["v1"] clientConfig: service: name: edge-injector namespace: edge-injector path: "/resourcerequest-statefulset" failurePolicy: Fail objectSelector: matchLabels: device-system.edge.ncr.com/injection: "enabled" rules: - resources: ["statefulsets"] apiGroups: ["apps"] apiVersions: ["v1"] operations: - "CREATE" - "UPDATE" sideEffects: None - name: node.dsds.edge.ncr.com admissionReviewVersions: - v1 clientConfig: service: name: edge-injector namespace: edge-injector port: 443 path: /mutating-create-update-pod-node-secret failurePolicy: Fail objectSelector: matchExpressions: - key: injector.edge.ncr.com/add-node-information operator: Exists rules: - resources: ["pods"] apiGroups: [""] apiVersions: ["v1"] operations: ["CREATE", "UPDATE"] scope: "*" sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: edge-injector annotations: cert-manager.io/inject-ca-from: edge-injector/edge-injector webhooks: - name: "device-class.device-system.edge.ncr.com-deviceclasses" admissionReviewVersions: ["v1"] clientConfig: service: name: edge-injector namespace: edge-injector port: 443 path: /device-class-validation-deviceclasses rules: - resources: ["deviceclasses"] apiGroups: ["device-system.edge.ncr.com"] apiVersions: ["v1"] operations: - "CREATE" - "UPDATE" scope: "*" sideEffects: None timeoutSeconds: 5 - name: "device-class.device-system.edge.ncr.com-devicesets" admissionReviewVersions: ["v1"] clientConfig: service: name: edge-injector namespace: edge-injector port: 443 path: /device-class-validation-devicesets rules: - resources: ["devicesets"] apiGroups: ["device-system.edge.ncr.com"] apiVersions: ["v1"] operations: - "CREATE" - "UPDATE" scope: "*" sideEffects: None timeoutSeconds: 5