diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/validatingwebhook-validator.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/validatingwebhook-validator.yaml index 19c46e03..59615b3c 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/validatingwebhook-validator.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/charts/application/templates/validatingwebhook-validator.yaml @@ -20,7 +20,11 @@ webhooks: resources: - shoots failurePolicy: Fail - objectSelector: {} + objectSelector: + {{- if .Values.global.webhookConfig.useObjectSelector }} + matchLabels: + extensions.extensions.gardener.cloud/shoot-rsyslog-relp: "true" + {{- end }} namespaceSelector: {} sideEffects: None admissionReviewVersions: diff --git a/charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml b/charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml index c54f044e..c738b29b 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml +++ b/charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml @@ -39,14 +39,14 @@ global: -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- + # Please make sure you are running `gardener@v1.42` or later before setting this to true. + useObjectSelector: true # Kubeconfig to the target cluster. In-cluster configuration will be used if not specified. kubeconfig: - -# projectedKubeconfig: -# baseMountPath: /var/run/secrets/gardener.cloud -# genericKubeconfigSecretName: generic-token-kubeconfig -# tokenSecretName: access-shoot-rsyslog-relp-admission - + # projectedKubeconfig: + # baseMountPath: /var/run/secrets/gardener.cloud + # genericKubeconfigSecretName: generic-token-kubeconfig + # tokenSecretName: access-shoot-rsyslog-relp-admission serviceAccountTokenVolumeProjection: enabled: false expirationSeconds: 43200