We must provide a mutation webhook for the ClusterAdmissionPolicy resource.
The webhook will implement the following validations:
UPDATE operation: do not allow to change the name of the policy server where the policy is scheduled. If the user wants to change it he will have to delete the policy and create a new one. At least for now
The webhook will implement the following mutations:
CREATE operation: ensure the kubewarden finalizers are specified, if not, add them
CREATE operation: set the policyStatus to pending when a ClusterAdmissionPolicy is created
Note well: it's totally fine to create a ClusterAdmissionPolicy object that is scheduled on a non-existing PolicyServer.
We must provide a mutation webhook for the
ClusterAdmissionPolicy
resource.The webhook will implement the following validations:
UPDATE
operation: do not allow to change the name of the policy server where the policy is scheduled. If the user wants to change it he will have to delete the policy and create a new one. At least for nowThe webhook will implement the following mutations:
CREATE
operation: ensure the kubewarden finalizers are specified, if not, add themCREATE
operation: set the policyStatus topending
when aClusterAdmissionPolicy
is createdNote well: it's totally fine to create a
ClusterAdmissionPolicy
object that is scheduled on a non-existingPolicyServer
.