我正在开发一个定制的准入webhook,需要为所有部署添加额外的标签,标签可能是这样的:"test1:mylabels";。我在webhook中定义了两个操作,CREATE和UPDATE。创建请求总是收到的,但更新请求没有按预期工作。创建部署后,只有当我删除自定义标签";test1:mylabels";,我可以收到更新请求我做了其他测试,如手动添加更多标签、更新注释或更新图像标签、副本,我无法接收任何更新请求。
MutatingWebhookConfiguration定义:
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
creationTimestamp: "2022-03-24T05:42:13Z"
generation: 44
name: demo-webhook
resourceVersion: "696021949"
uid: a0bd5835-3393-4a68-8f06-196bf561036d
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
caBundle: LS0tLS1CRUdJ...
url: https://9.x.x.x:9443/v1/mutate
failurePolicy: Fail
matchPolicy: Equivalent
name: webhook-server.webhook-demo.svc
namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: webhook-demo
objectSelector:
matchExpressions:
- key: test1
operator: DoesNotExist
reinvocationPolicy: Never
rules:
- apiGroups:
- '*'
apiVersions:
- '*'
operations:
- CREATE
- UPDATE
resources:
- deployments
scope: Namespaced
sideEffects: None
timeoutSeconds: 30
由我的错误引起。我使用了一个对象选择器:(