改变 admission webhook 静态命名空间选择器
mutating admission webhook static namespaceselector
有谁知道是否有一种方法可以根据命名空间名称而不是标签选择器来定义静态选择器?原因是一些命名空间是由操作员创建的,我无法控制标签。
谢谢
随笔
似乎没有,从未听说过,也从未发现过类似的东西。
根据MutatingWebhookConfiguration docs property namespaceSelector has a type LabelSelector [meta/v1]支持
.matchExpressions
matchExpressions is a list of label selector requirements. The requirements are ANDed.
和
.matchLabels
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
最后一切都取决于labels。
你肯定看到了these examples
每个命名空间都有所谓的well-known labelkubernetes.io/metadata.name
所以你的 namespaceSelector 可以是这样的:
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: "In"
values:
- "staging"
- "demo"
有谁知道是否有一种方法可以根据命名空间名称而不是标签选择器来定义静态选择器?原因是一些命名空间是由操作员创建的,我无法控制标签。
谢谢 随笔
似乎没有,从未听说过,也从未发现过类似的东西。
根据MutatingWebhookConfiguration docs property namespaceSelector has a type LabelSelector [meta/v1]支持
.matchExpressions
matchExpressions is a list of label selector requirements. The requirements are ANDed.
和
.matchLabels
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
最后一切都取决于labels。
你肯定看到了these examples
每个命名空间都有所谓的well-known labelkubernetes.io/metadata.name
所以你的 namespaceSelector 可以是这样的:
namespaceSelector:
matchExpressions:
- key: kubernetes.io/metadata.name
operator: "In"
values:
- "staging"
- "demo"