diff --git a/charts/gardener-extension-admission-gcp/charts/application/templates/validatingwebhook-validator.yaml b/charts/gardener-extension-admission-gcp/charts/application/templates/validatingwebhook-validator.yaml index c46e7d771..4aac99f5c 100644 --- a/charts/gardener-extension-admission-gcp/charts/application/templates/validatingwebhook-validator.yaml +++ b/charts/gardener-extension-admission-gcp/charts/application/templates/validatingwebhook-validator.yaml @@ -17,7 +17,11 @@ webhooks: - cloudprofiles - shoots failurePolicy: Fail - objectSelector: {} + objectSelector: + {{- if .Values.global.webhookConfig.useObjectSelector }} + matchLabels: + provider.extensions.gardener.cloud/gcp: "true" + {{- end }} namespaceSelector: {} sideEffects: None admissionReviewVersions: diff --git a/charts/gardener-extension-admission-gcp/values.yaml b/charts/gardener-extension-admission-gcp/values.yaml index d1af84376..3d4897571 100644 --- a/charts/gardener-extension-admission-gcp/values.yaml +++ b/charts/gardener-extension-admission-gcp/values.yaml @@ -32,6 +32,8 @@ global: -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- + # Please make sure you are running `gardener@v1.42` or later before setting this to true. + useObjectSelector: false # Kubeconfig to the target cluster. In-cluster configuration will be used if not specified. kubeconfig: diff --git a/example/40-validatingwebhookconfiguration.yaml b/example/40-validatingwebhookconfiguration.yaml index 7082544e3..b2241f066 100644 --- a/example/40-validatingwebhookconfiguration.yaml +++ b/example/40-validatingwebhookconfiguration.yaml @@ -17,7 +17,10 @@ webhooks: - cloudprofiles - shoots failurePolicy: Fail - objectSelector: {} + # Please make sure you are running `gardener@v1.42` or later before enabling this object selector. + objectSelector: + matchLabels: + provider.extensions.gardener.cloud/gcp: "true" namespaceSelector: {} sideEffects: None admissionReviewVersions: