[Feature] Make MutatingWebhookConfiguration, ValidatingWebhookConfiguration name configurable #7997
Open
2 tasks done
Labels
Comments
iAnomaly
added
enhancement
|
Thanks for opening your first issue here! Be sure to follow the issue template! |
chipzoller
added
webhook
and removed
triage
|
The only webhook which would benefit from a custom name is the resource mutating webhook. |
9 tasks
|
@chipzoller: Initial attempt at resolving this issue in #8059. How do you feel about applying the same prefix to all mutating webhooks for consistency even if the resource mutating webhook is the only one that would benefit functionally? |
|
Probably not an issue but it would need to be attended carefully to ensure there are no code paths which reference static names anywhere. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem Statement
Multiple sources confirm anecdotally that the Kubernetes admission webhook requests are processed serially in lexicographical order. Given that Kyverno is a policy enforcement solution, it should be able to be configure as close as possible to the beginning of this pipeline.
Solution Description
*WebhookConfiguration names currently appeared hard coded here. Solution should support overriding these via runtime configuration (environment variables, command arguments, etc.) that can also be configured through Helm Chart values.
Alternatives
No response
Additional Context
I am trying to label Pods with a Kyverno policy for service mesh proxy injection by Istio but Istio's MutatingWebhookConfiguration responsible for injecting said Pods is lexicographically "lower" (comes before) Kyverno's:
Slack discussion
https://kubernetes.slack.com/archives/CLGR9BJU9/p1691624820592279
Research
The text was updated successfully, but these errors were encountered: