IO-K8s
view release on metacpan or search on metacpan
lib/IO/K8s/Api/Admissionregistration/V1/ValidatingWebhook.pm view on Meta::CPAN
k8s admissionReviewVersions => [Str], 'required';
k8s clientConfig => 'Admissionregistration::V1::WebhookClientConfig', 'required';
k8s failurePolicy => Str;
k8s matchConditions => ['Admissionregistration::V1::MatchCondition'];
k8s matchPolicy => Str;
k8s name => Str, 'required';
k8s namespaceSelector => 'Meta::V1::LabelSelector';
k8s objectSelector => 'Meta::V1::LabelSelector';
k8s rules => ['Admissionregistration::V1::RuleWithOperations'];
k8s sideEffects => Str, 'required';
k8s timeoutSeconds => Int;
1;
__END__
=pod
=encoding UTF-8
=head1 NAME
IO::K8s::Api::Admissionregistration::V1::ValidatingWebhook - ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
=head1 VERSION
version 1.100
=head2 admissionReviewVersions
AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, va...
=head2 clientConfig
ClientConfig defines how to communicate with the hook. Required
=head2 failurePolicy
FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
=head2 matchConditions
MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions m...
The exact matching logic is (in order):
1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
2. If ALL matchConditions evaluate to TRUE, the webhook is called.
3. If any matchCondition evaluates to an error (but none are FALSE):
- If failurePolicy=Fail, reject the request
- If failurePolicy=Ignore, the error is ignored and the webhook is skipped
=head2 matchPolicy
matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deplo...
- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"],...
Defaults to "Equivalent"
=head2 name
The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
=head2 namespaceSelector
NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another ...
For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1"; you will set the selector as follows: "namespaceSelector": {
"matchExpressions": [
{
"key": "runlevel",
"operator": "NotIn",
"values": [
"0",
"1"
]
}
]
}
If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
"matchExpressions": [
{
"key": "environment",
"operator": "In",
"values": [
"prod",
"staging"
]
}
]
}
See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
Default to the empty LabelSelector, which matches everything.
( run in 0.928 second using v1.01-cache-2.11-cpan-524268b4103 )