v1

package
v3.30.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2023 License: Apache-2.0 Imports: 8 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type MatchCondition added in v3.25.0

type MatchCondition struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression string `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name string `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

type MatchConditionArgs added in v3.25.0

type MatchConditionArgs struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression pulumi.StringInput `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name pulumi.StringInput `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionArgs) ElementType added in v3.25.0

func (MatchConditionArgs) ElementType() reflect.Type

func (MatchConditionArgs) ToMatchConditionOutput added in v3.25.0

func (i MatchConditionArgs) ToMatchConditionOutput() MatchConditionOutput

func (MatchConditionArgs) ToMatchConditionOutputWithContext added in v3.25.0

func (i MatchConditionArgs) ToMatchConditionOutputWithContext(ctx context.Context) MatchConditionOutput

type MatchConditionArray added in v3.25.0

type MatchConditionArray []MatchConditionInput

func (MatchConditionArray) ElementType added in v3.25.0

func (MatchConditionArray) ElementType() reflect.Type

func (MatchConditionArray) ToMatchConditionArrayOutput added in v3.25.0

func (i MatchConditionArray) ToMatchConditionArrayOutput() MatchConditionArrayOutput

func (MatchConditionArray) ToMatchConditionArrayOutputWithContext added in v3.25.0

func (i MatchConditionArray) ToMatchConditionArrayOutputWithContext(ctx context.Context) MatchConditionArrayOutput

type MatchConditionArrayInput added in v3.25.0

type MatchConditionArrayInput interface {
	pulumi.Input

	ToMatchConditionArrayOutput() MatchConditionArrayOutput
	ToMatchConditionArrayOutputWithContext(context.Context) MatchConditionArrayOutput
}

MatchConditionArrayInput is an input type that accepts MatchConditionArray and MatchConditionArrayOutput values. You can construct a concrete instance of `MatchConditionArrayInput` via:

MatchConditionArray{ MatchConditionArgs{...} }

type MatchConditionArrayOutput added in v3.25.0

type MatchConditionArrayOutput struct{ *pulumi.OutputState }

func (MatchConditionArrayOutput) ElementType added in v3.25.0

func (MatchConditionArrayOutput) ElementType() reflect.Type

func (MatchConditionArrayOutput) Index added in v3.25.0

func (MatchConditionArrayOutput) ToMatchConditionArrayOutput added in v3.25.0

func (o MatchConditionArrayOutput) ToMatchConditionArrayOutput() MatchConditionArrayOutput

func (MatchConditionArrayOutput) ToMatchConditionArrayOutputWithContext added in v3.25.0

func (o MatchConditionArrayOutput) ToMatchConditionArrayOutputWithContext(ctx context.Context) MatchConditionArrayOutput

type MatchConditionInput added in v3.25.0

type MatchConditionInput interface {
	pulumi.Input

	ToMatchConditionOutput() MatchConditionOutput
	ToMatchConditionOutputWithContext(context.Context) MatchConditionOutput
}

MatchConditionInput is an input type that accepts MatchConditionArgs and MatchConditionOutput values. You can construct a concrete instance of `MatchConditionInput` via:

MatchConditionArgs{...}

type MatchConditionOutput added in v3.25.0

type MatchConditionOutput struct{ *pulumi.OutputState }

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionOutput) ElementType added in v3.25.0

func (MatchConditionOutput) ElementType() reflect.Type

func (MatchConditionOutput) Expression added in v3.25.0

func (o MatchConditionOutput) Expression() pulumi.StringOutput

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (MatchConditionOutput) Name added in v3.25.0

Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

func (MatchConditionOutput) ToMatchConditionOutput added in v3.25.0

func (o MatchConditionOutput) ToMatchConditionOutput() MatchConditionOutput

func (MatchConditionOutput) ToMatchConditionOutputWithContext added in v3.25.0

func (o MatchConditionOutput) ToMatchConditionOutputWithContext(ctx context.Context) MatchConditionOutput

type MatchConditionPatch added in v3.25.0

type MatchConditionPatch struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression *string `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name *string `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

type MatchConditionPatchArgs added in v3.25.0

type MatchConditionPatchArgs struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionPatchArgs) ElementType added in v3.25.0

func (MatchConditionPatchArgs) ElementType() reflect.Type

func (MatchConditionPatchArgs) ToMatchConditionPatchOutput added in v3.25.0

func (i MatchConditionPatchArgs) ToMatchConditionPatchOutput() MatchConditionPatchOutput

func (MatchConditionPatchArgs) ToMatchConditionPatchOutputWithContext added in v3.25.0

func (i MatchConditionPatchArgs) ToMatchConditionPatchOutputWithContext(ctx context.Context) MatchConditionPatchOutput

type MatchConditionPatchArray added in v3.25.0

type MatchConditionPatchArray []MatchConditionPatchInput

func (MatchConditionPatchArray) ElementType added in v3.25.0

func (MatchConditionPatchArray) ElementType() reflect.Type

func (MatchConditionPatchArray) ToMatchConditionPatchArrayOutput added in v3.25.0

func (i MatchConditionPatchArray) ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput

func (MatchConditionPatchArray) ToMatchConditionPatchArrayOutputWithContext added in v3.25.0

func (i MatchConditionPatchArray) ToMatchConditionPatchArrayOutputWithContext(ctx context.Context) MatchConditionPatchArrayOutput

type MatchConditionPatchArrayInput added in v3.25.0

type MatchConditionPatchArrayInput interface {
	pulumi.Input

	ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput
	ToMatchConditionPatchArrayOutputWithContext(context.Context) MatchConditionPatchArrayOutput
}

MatchConditionPatchArrayInput is an input type that accepts MatchConditionPatchArray and MatchConditionPatchArrayOutput values. You can construct a concrete instance of `MatchConditionPatchArrayInput` via:

MatchConditionPatchArray{ MatchConditionPatchArgs{...} }

type MatchConditionPatchArrayOutput added in v3.25.0

type MatchConditionPatchArrayOutput struct{ *pulumi.OutputState }

func (MatchConditionPatchArrayOutput) ElementType added in v3.25.0

func (MatchConditionPatchArrayOutput) Index added in v3.25.0

func (MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutput added in v3.25.0

func (o MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput

func (MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutputWithContext added in v3.25.0

func (o MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutputWithContext(ctx context.Context) MatchConditionPatchArrayOutput

type MatchConditionPatchInput added in v3.25.0

type MatchConditionPatchInput interface {
	pulumi.Input

	ToMatchConditionPatchOutput() MatchConditionPatchOutput
	ToMatchConditionPatchOutputWithContext(context.Context) MatchConditionPatchOutput
}

MatchConditionPatchInput is an input type that accepts MatchConditionPatchArgs and MatchConditionPatchOutput values. You can construct a concrete instance of `MatchConditionPatchInput` via:

MatchConditionPatchArgs{...}

type MatchConditionPatchOutput added in v3.25.0

type MatchConditionPatchOutput struct{ *pulumi.OutputState }

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionPatchOutput) ElementType added in v3.25.0

func (MatchConditionPatchOutput) ElementType() reflect.Type

func (MatchConditionPatchOutput) Expression added in v3.25.0

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (MatchConditionPatchOutput) Name added in v3.25.0

Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

func (MatchConditionPatchOutput) ToMatchConditionPatchOutput added in v3.25.0

func (o MatchConditionPatchOutput) ToMatchConditionPatchOutput() MatchConditionPatchOutput

func (MatchConditionPatchOutput) ToMatchConditionPatchOutputWithContext added in v3.25.0

func (o MatchConditionPatchOutput) ToMatchConditionPatchOutputWithContext(ctx context.Context) MatchConditionPatchOutput

type MutatingWebhook

type MutatingWebhook struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfig `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions []MatchCondition `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelector `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelector `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy *string `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperations `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

type MutatingWebhookArgs

type MutatingWebhookArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions MatchConditionArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPtrInput `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy pulumi.StringPtrInput `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookArgs) ElementType

func (MutatingWebhookArgs) ElementType() reflect.Type

func (MutatingWebhookArgs) ToMutatingWebhookOutput

func (i MutatingWebhookArgs) ToMutatingWebhookOutput() MutatingWebhookOutput

func (MutatingWebhookArgs) ToMutatingWebhookOutputWithContext

func (i MutatingWebhookArgs) ToMutatingWebhookOutputWithContext(ctx context.Context) MutatingWebhookOutput

type MutatingWebhookArray

type MutatingWebhookArray []MutatingWebhookInput

func (MutatingWebhookArray) ElementType

func (MutatingWebhookArray) ElementType() reflect.Type

func (MutatingWebhookArray) ToMutatingWebhookArrayOutput

func (i MutatingWebhookArray) ToMutatingWebhookArrayOutput() MutatingWebhookArrayOutput

func (MutatingWebhookArray) ToMutatingWebhookArrayOutputWithContext

func (i MutatingWebhookArray) ToMutatingWebhookArrayOutputWithContext(ctx context.Context) MutatingWebhookArrayOutput

type MutatingWebhookArrayInput

type MutatingWebhookArrayInput interface {
	pulumi.Input

	ToMutatingWebhookArrayOutput() MutatingWebhookArrayOutput
	ToMutatingWebhookArrayOutputWithContext(context.Context) MutatingWebhookArrayOutput
}

MutatingWebhookArrayInput is an input type that accepts MutatingWebhookArray and MutatingWebhookArrayOutput values. You can construct a concrete instance of `MutatingWebhookArrayInput` via:

MutatingWebhookArray{ MutatingWebhookArgs{...} }

type MutatingWebhookArrayOutput

type MutatingWebhookArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookArrayOutput) ElementType

func (MutatingWebhookArrayOutput) ElementType() reflect.Type

func (MutatingWebhookArrayOutput) Index

func (MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutput

func (o MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutput() MutatingWebhookArrayOutput

func (MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutputWithContext

func (o MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutputWithContext(ctx context.Context) MutatingWebhookArrayOutput

type MutatingWebhookConfiguration

type MutatingWebhookConfiguration struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookArrayOutput `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func GetMutatingWebhookConfiguration

func GetMutatingWebhookConfiguration(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MutatingWebhookConfigurationState, opts ...pulumi.ResourceOption) (*MutatingWebhookConfiguration, error)

GetMutatingWebhookConfiguration gets an existing MutatingWebhookConfiguration resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMutatingWebhookConfiguration

func NewMutatingWebhookConfiguration(ctx *pulumi.Context,
	name string, args *MutatingWebhookConfigurationArgs, opts ...pulumi.ResourceOption) (*MutatingWebhookConfiguration, error)

NewMutatingWebhookConfiguration registers a new resource with the given unique name, arguments, and options.

func (*MutatingWebhookConfiguration) ElementType

func (*MutatingWebhookConfiguration) ElementType() reflect.Type

func (*MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutput

func (i *MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutput() MutatingWebhookConfigurationOutput

func (*MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutputWithContext

func (i *MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutputWithContext(ctx context.Context) MutatingWebhookConfigurationOutput

type MutatingWebhookConfigurationArgs

type MutatingWebhookConfigurationArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookArrayInput
}

The set of arguments for constructing a MutatingWebhookConfiguration resource.

func (MutatingWebhookConfigurationArgs) ElementType

type MutatingWebhookConfigurationArray

type MutatingWebhookConfigurationArray []MutatingWebhookConfigurationInput

func (MutatingWebhookConfigurationArray) ElementType

func (MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutput

func (i MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutput() MutatingWebhookConfigurationArrayOutput

func (MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutputWithContext

func (i MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationArrayOutput

type MutatingWebhookConfigurationArrayInput

type MutatingWebhookConfigurationArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationArrayOutput() MutatingWebhookConfigurationArrayOutput
	ToMutatingWebhookConfigurationArrayOutputWithContext(context.Context) MutatingWebhookConfigurationArrayOutput
}

MutatingWebhookConfigurationArrayInput is an input type that accepts MutatingWebhookConfigurationArray and MutatingWebhookConfigurationArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationArrayInput` via:

MutatingWebhookConfigurationArray{ MutatingWebhookConfigurationArgs{...} }

type MutatingWebhookConfigurationArrayOutput

type MutatingWebhookConfigurationArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationArrayOutput) ElementType

func (MutatingWebhookConfigurationArrayOutput) Index

func (MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutput

func (o MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutput() MutatingWebhookConfigurationArrayOutput

func (MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutputWithContext

func (o MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationArrayOutput

type MutatingWebhookConfigurationInput

type MutatingWebhookConfigurationInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationOutput() MutatingWebhookConfigurationOutput
	ToMutatingWebhookConfigurationOutputWithContext(ctx context.Context) MutatingWebhookConfigurationOutput
}

type MutatingWebhookConfigurationList

type MutatingWebhookConfigurationList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// List of MutatingWebhookConfiguration.
	Items MutatingWebhookConfigurationTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrOutput `pulumi:"metadata"`
}

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

func GetMutatingWebhookConfigurationList

func GetMutatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MutatingWebhookConfigurationListState, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationList, error)

GetMutatingWebhookConfigurationList gets an existing MutatingWebhookConfigurationList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMutatingWebhookConfigurationList

func NewMutatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, args *MutatingWebhookConfigurationListArgs, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationList, error)

NewMutatingWebhookConfigurationList registers a new resource with the given unique name, arguments, and options.

func (*MutatingWebhookConfigurationList) ElementType

func (*MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutput

func (i *MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutput() MutatingWebhookConfigurationListOutput

func (*MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutputWithContext

func (i *MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListOutput

type MutatingWebhookConfigurationListArgs

type MutatingWebhookConfigurationListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of MutatingWebhookConfiguration.
	Items MutatingWebhookConfigurationTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a MutatingWebhookConfigurationList resource.

func (MutatingWebhookConfigurationListArgs) ElementType

type MutatingWebhookConfigurationListArray

type MutatingWebhookConfigurationListArray []MutatingWebhookConfigurationListInput

func (MutatingWebhookConfigurationListArray) ElementType

func (MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutput

func (i MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutput() MutatingWebhookConfigurationListArrayOutput

func (MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutputWithContext

func (i MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListArrayOutput

type MutatingWebhookConfigurationListArrayInput

type MutatingWebhookConfigurationListArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListArrayOutput() MutatingWebhookConfigurationListArrayOutput
	ToMutatingWebhookConfigurationListArrayOutputWithContext(context.Context) MutatingWebhookConfigurationListArrayOutput
}

MutatingWebhookConfigurationListArrayInput is an input type that accepts MutatingWebhookConfigurationListArray and MutatingWebhookConfigurationListArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationListArrayInput` via:

MutatingWebhookConfigurationListArray{ MutatingWebhookConfigurationListArgs{...} }

type MutatingWebhookConfigurationListArrayOutput

type MutatingWebhookConfigurationListArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationListArrayOutput) ElementType

func (MutatingWebhookConfigurationListArrayOutput) Index

func (MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutput

func (o MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutput() MutatingWebhookConfigurationListArrayOutput

func (MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutputWithContext

func (o MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListArrayOutput

type MutatingWebhookConfigurationListInput

type MutatingWebhookConfigurationListInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListOutput() MutatingWebhookConfigurationListOutput
	ToMutatingWebhookConfigurationListOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListOutput
}

type MutatingWebhookConfigurationListMap

type MutatingWebhookConfigurationListMap map[string]MutatingWebhookConfigurationListInput

func (MutatingWebhookConfigurationListMap) ElementType

func (MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutput

func (i MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutput() MutatingWebhookConfigurationListMapOutput

func (MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutputWithContext

func (i MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListMapOutput

type MutatingWebhookConfigurationListMapInput

type MutatingWebhookConfigurationListMapInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListMapOutput() MutatingWebhookConfigurationListMapOutput
	ToMutatingWebhookConfigurationListMapOutputWithContext(context.Context) MutatingWebhookConfigurationListMapOutput
}

MutatingWebhookConfigurationListMapInput is an input type that accepts MutatingWebhookConfigurationListMap and MutatingWebhookConfigurationListMapOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationListMapInput` via:

MutatingWebhookConfigurationListMap{ "key": MutatingWebhookConfigurationListArgs{...} }

type MutatingWebhookConfigurationListMapOutput

type MutatingWebhookConfigurationListMapOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationListMapOutput) ElementType

func (MutatingWebhookConfigurationListMapOutput) MapIndex

func (MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutput

func (o MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutput() MutatingWebhookConfigurationListMapOutput

func (MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutputWithContext

func (o MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListMapOutput

type MutatingWebhookConfigurationListOutput

type MutatingWebhookConfigurationListOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationListOutput) ApiVersion added in v3.19.1

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationListOutput) ElementType

func (MutatingWebhookConfigurationListOutput) Items added in v3.19.1

List of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListOutput) Kind added in v3.19.1

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationListOutput) Metadata added in v3.19.1

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutput

func (o MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutput() MutatingWebhookConfigurationListOutput

func (MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutputWithContext

func (o MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListOutput

type MutatingWebhookConfigurationListState

type MutatingWebhookConfigurationListState struct {
}

func (MutatingWebhookConfigurationListState) ElementType

type MutatingWebhookConfigurationListType

type MutatingWebhookConfigurationListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of MutatingWebhookConfiguration.
	Items []MutatingWebhookConfigurationType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

type MutatingWebhookConfigurationListTypeArgs

type MutatingWebhookConfigurationListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of MutatingWebhookConfiguration.
	Items MutatingWebhookConfigurationTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListTypeArgs) ElementType

func (MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutput

func (i MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutput() MutatingWebhookConfigurationListTypeOutput

func (MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutputWithContext

func (i MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListTypeOutput

type MutatingWebhookConfigurationListTypeInput

type MutatingWebhookConfigurationListTypeInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListTypeOutput() MutatingWebhookConfigurationListTypeOutput
	ToMutatingWebhookConfigurationListTypeOutputWithContext(context.Context) MutatingWebhookConfigurationListTypeOutput
}

MutatingWebhookConfigurationListTypeInput is an input type that accepts MutatingWebhookConfigurationListTypeArgs and MutatingWebhookConfigurationListTypeOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationListTypeInput` via:

MutatingWebhookConfigurationListTypeArgs{...}

type MutatingWebhookConfigurationListTypeOutput

type MutatingWebhookConfigurationListTypeOutput struct{ *pulumi.OutputState }

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationListTypeOutput) ElementType

func (MutatingWebhookConfigurationListTypeOutput) Items

List of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutput

func (o MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutput() MutatingWebhookConfigurationListTypeOutput

func (MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutputWithContext

func (o MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListTypeOutput

type MutatingWebhookConfigurationMap

type MutatingWebhookConfigurationMap map[string]MutatingWebhookConfigurationInput

func (MutatingWebhookConfigurationMap) ElementType

func (MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutput

func (i MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutput() MutatingWebhookConfigurationMapOutput

func (MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutputWithContext

func (i MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationMapOutput

type MutatingWebhookConfigurationMapInput

type MutatingWebhookConfigurationMapInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationMapOutput() MutatingWebhookConfigurationMapOutput
	ToMutatingWebhookConfigurationMapOutputWithContext(context.Context) MutatingWebhookConfigurationMapOutput
}

MutatingWebhookConfigurationMapInput is an input type that accepts MutatingWebhookConfigurationMap and MutatingWebhookConfigurationMapOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationMapInput` via:

MutatingWebhookConfigurationMap{ "key": MutatingWebhookConfigurationArgs{...} }

type MutatingWebhookConfigurationMapOutput

type MutatingWebhookConfigurationMapOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationMapOutput) ElementType

func (MutatingWebhookConfigurationMapOutput) MapIndex

func (MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutput

func (o MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutput() MutatingWebhookConfigurationMapOutput

func (MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutputWithContext

func (o MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationMapOutput

type MutatingWebhookConfigurationOutput

type MutatingWebhookConfigurationOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationOutput) ApiVersion added in v3.19.1

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationOutput) ElementType

func (MutatingWebhookConfigurationOutput) Kind added in v3.19.1

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationOutput) Metadata added in v3.19.1

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutput

func (o MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutput() MutatingWebhookConfigurationOutput

func (MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutputWithContext

func (o MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutputWithContext(ctx context.Context) MutatingWebhookConfigurationOutput

func (MutatingWebhookConfigurationOutput) Webhooks added in v3.19.1

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookConfigurationPatch added in v3.20.0

type MutatingWebhookConfigurationPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookPatchArrayOutput `pulumi:"webhooks"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func GetMutatingWebhookConfigurationPatch added in v3.20.0

func GetMutatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MutatingWebhookConfigurationPatchState, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationPatch, error)

GetMutatingWebhookConfigurationPatch gets an existing MutatingWebhookConfigurationPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMutatingWebhookConfigurationPatch added in v3.20.0

func NewMutatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, args *MutatingWebhookConfigurationPatchArgs, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationPatch, error)

NewMutatingWebhookConfigurationPatch registers a new resource with the given unique name, arguments, and options.

func (*MutatingWebhookConfigurationPatch) ElementType added in v3.20.0

func (*MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutput added in v3.20.0

func (i *MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutput() MutatingWebhookConfigurationPatchOutput

func (*MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutputWithContext added in v3.20.0

func (i *MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchOutput

type MutatingWebhookConfigurationPatchArgs added in v3.20.0

type MutatingWebhookConfigurationPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookPatchArrayInput
}

The set of arguments for constructing a MutatingWebhookConfigurationPatch resource.

func (MutatingWebhookConfigurationPatchArgs) ElementType added in v3.20.0

type MutatingWebhookConfigurationPatchArray added in v3.20.0

type MutatingWebhookConfigurationPatchArray []MutatingWebhookConfigurationPatchInput

func (MutatingWebhookConfigurationPatchArray) ElementType added in v3.20.0

func (MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutput added in v3.20.0

func (i MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutput() MutatingWebhookConfigurationPatchArrayOutput

func (MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutputWithContext added in v3.20.0

func (i MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchArrayOutput

type MutatingWebhookConfigurationPatchArrayInput added in v3.20.0

type MutatingWebhookConfigurationPatchArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchArrayOutput() MutatingWebhookConfigurationPatchArrayOutput
	ToMutatingWebhookConfigurationPatchArrayOutputWithContext(context.Context) MutatingWebhookConfigurationPatchArrayOutput
}

MutatingWebhookConfigurationPatchArrayInput is an input type that accepts MutatingWebhookConfigurationPatchArray and MutatingWebhookConfigurationPatchArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationPatchArrayInput` via:

MutatingWebhookConfigurationPatchArray{ MutatingWebhookConfigurationPatchArgs{...} }

type MutatingWebhookConfigurationPatchArrayOutput added in v3.20.0

type MutatingWebhookConfigurationPatchArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationPatchArrayOutput) ElementType added in v3.20.0

func (MutatingWebhookConfigurationPatchArrayOutput) Index added in v3.20.0

func (MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutput added in v3.20.0

func (o MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutput() MutatingWebhookConfigurationPatchArrayOutput

func (MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutputWithContext added in v3.20.0

func (o MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchArrayOutput

type MutatingWebhookConfigurationPatchInput added in v3.20.0

type MutatingWebhookConfigurationPatchInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchOutput() MutatingWebhookConfigurationPatchOutput
	ToMutatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchOutput
}

type MutatingWebhookConfigurationPatchMap added in v3.20.0

type MutatingWebhookConfigurationPatchMap map[string]MutatingWebhookConfigurationPatchInput

func (MutatingWebhookConfigurationPatchMap) ElementType added in v3.20.0

func (MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutput added in v3.20.0

func (i MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutput() MutatingWebhookConfigurationPatchMapOutput

func (MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutputWithContext added in v3.20.0

func (i MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchMapOutput

type MutatingWebhookConfigurationPatchMapInput added in v3.20.0

type MutatingWebhookConfigurationPatchMapInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchMapOutput() MutatingWebhookConfigurationPatchMapOutput
	ToMutatingWebhookConfigurationPatchMapOutputWithContext(context.Context) MutatingWebhookConfigurationPatchMapOutput
}

MutatingWebhookConfigurationPatchMapInput is an input type that accepts MutatingWebhookConfigurationPatchMap and MutatingWebhookConfigurationPatchMapOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationPatchMapInput` via:

MutatingWebhookConfigurationPatchMap{ "key": MutatingWebhookConfigurationPatchArgs{...} }

type MutatingWebhookConfigurationPatchMapOutput added in v3.20.0

type MutatingWebhookConfigurationPatchMapOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationPatchMapOutput) ElementType added in v3.20.0

func (MutatingWebhookConfigurationPatchMapOutput) MapIndex added in v3.20.0

func (MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutput added in v3.20.0

func (o MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutput() MutatingWebhookConfigurationPatchMapOutput

func (MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutputWithContext added in v3.20.0

func (o MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchMapOutput

type MutatingWebhookConfigurationPatchOutput added in v3.20.0

type MutatingWebhookConfigurationPatchOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationPatchOutput) ApiVersion added in v3.20.0

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationPatchOutput) ElementType added in v3.20.0

func (MutatingWebhookConfigurationPatchOutput) Kind added in v3.20.0

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationPatchOutput) Metadata added in v3.20.0

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutput added in v3.20.0

func (o MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutput() MutatingWebhookConfigurationPatchOutput

func (MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutputWithContext added in v3.20.0

func (o MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchOutput

func (MutatingWebhookConfigurationPatchOutput) Webhooks added in v3.20.0

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookConfigurationPatchState added in v3.20.0

type MutatingWebhookConfigurationPatchState struct {
}

func (MutatingWebhookConfigurationPatchState) ElementType added in v3.20.0

type MutatingWebhookConfigurationPatchType added in v3.20.0

type MutatingWebhookConfigurationPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []MutatingWebhookPatch `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

type MutatingWebhookConfigurationPatchTypeArgs added in v3.20.0

type MutatingWebhookConfigurationPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookPatchArrayInput `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationPatchTypeArgs) ElementType added in v3.20.0

func (MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutput added in v3.20.0

func (i MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutput() MutatingWebhookConfigurationPatchTypeOutput

func (MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutputWithContext added in v3.20.0

func (i MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchTypeOutput

type MutatingWebhookConfigurationPatchTypeInput added in v3.20.0

type MutatingWebhookConfigurationPatchTypeInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchTypeOutput() MutatingWebhookConfigurationPatchTypeOutput
	ToMutatingWebhookConfigurationPatchTypeOutputWithContext(context.Context) MutatingWebhookConfigurationPatchTypeOutput
}

MutatingWebhookConfigurationPatchTypeInput is an input type that accepts MutatingWebhookConfigurationPatchTypeArgs and MutatingWebhookConfigurationPatchTypeOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationPatchTypeInput` via:

MutatingWebhookConfigurationPatchTypeArgs{...}

type MutatingWebhookConfigurationPatchTypeOutput added in v3.20.0

type MutatingWebhookConfigurationPatchTypeOutput struct{ *pulumi.OutputState }

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationPatchTypeOutput) ApiVersion added in v3.20.0

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationPatchTypeOutput) ElementType added in v3.20.0

func (MutatingWebhookConfigurationPatchTypeOutput) Kind added in v3.20.0

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationPatchTypeOutput) Metadata added in v3.20.0

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutput added in v3.20.0

func (o MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutput() MutatingWebhookConfigurationPatchTypeOutput

func (MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutputWithContext added in v3.20.0

func (o MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchTypeOutput

func (MutatingWebhookConfigurationPatchTypeOutput) Webhooks added in v3.20.0

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookConfigurationState

type MutatingWebhookConfigurationState struct {
}

func (MutatingWebhookConfigurationState) ElementType

type MutatingWebhookConfigurationType

type MutatingWebhookConfigurationType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []MutatingWebhook `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

type MutatingWebhookConfigurationTypeArgs

type MutatingWebhookConfigurationTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookArrayInput `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationTypeArgs) ElementType

func (MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutput

func (i MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutput() MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutputWithContext

func (i MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeOutput

type MutatingWebhookConfigurationTypeArray

type MutatingWebhookConfigurationTypeArray []MutatingWebhookConfigurationTypeInput

func (MutatingWebhookConfigurationTypeArray) ElementType

func (MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutput

func (i MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutput() MutatingWebhookConfigurationTypeArrayOutput

func (MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutputWithContext

func (i MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeArrayOutput

type MutatingWebhookConfigurationTypeArrayInput

type MutatingWebhookConfigurationTypeArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationTypeArrayOutput() MutatingWebhookConfigurationTypeArrayOutput
	ToMutatingWebhookConfigurationTypeArrayOutputWithContext(context.Context) MutatingWebhookConfigurationTypeArrayOutput
}

MutatingWebhookConfigurationTypeArrayInput is an input type that accepts MutatingWebhookConfigurationTypeArray and MutatingWebhookConfigurationTypeArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationTypeArrayInput` via:

MutatingWebhookConfigurationTypeArray{ MutatingWebhookConfigurationTypeArgs{...} }

type MutatingWebhookConfigurationTypeArrayOutput

type MutatingWebhookConfigurationTypeArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationTypeArrayOutput) ElementType

func (MutatingWebhookConfigurationTypeArrayOutput) Index

func (MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutput

func (o MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutput() MutatingWebhookConfigurationTypeArrayOutput

func (MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutputWithContext

func (o MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeArrayOutput

type MutatingWebhookConfigurationTypeInput

type MutatingWebhookConfigurationTypeInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationTypeOutput() MutatingWebhookConfigurationTypeOutput
	ToMutatingWebhookConfigurationTypeOutputWithContext(context.Context) MutatingWebhookConfigurationTypeOutput
}

MutatingWebhookConfigurationTypeInput is an input type that accepts MutatingWebhookConfigurationTypeArgs and MutatingWebhookConfigurationTypeOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationTypeInput` via:

MutatingWebhookConfigurationTypeArgs{...}

type MutatingWebhookConfigurationTypeOutput

type MutatingWebhookConfigurationTypeOutput struct{ *pulumi.OutputState }

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationTypeOutput) ElementType

func (MutatingWebhookConfigurationTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationTypeOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutput

func (o MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutput() MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutputWithContext

func (o MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookInput

type MutatingWebhookInput interface {
	pulumi.Input

	ToMutatingWebhookOutput() MutatingWebhookOutput
	ToMutatingWebhookOutputWithContext(context.Context) MutatingWebhookOutput
}

MutatingWebhookInput is an input type that accepts MutatingWebhookArgs and MutatingWebhookOutput values. You can construct a concrete instance of `MutatingWebhookInput` via:

MutatingWebhookArgs{...}

type MutatingWebhookOutput

type MutatingWebhookOutput struct{ *pulumi.OutputState }

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookOutput) AdmissionReviewVersions

func (o MutatingWebhookOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (MutatingWebhookOutput) ClientConfig

ClientConfig defines how to communicate with the hook. Required

func (MutatingWebhookOutput) ElementType

func (MutatingWebhookOutput) ElementType() reflect.Type

func (MutatingWebhookOutput) FailurePolicy

func (o MutatingWebhookOutput) FailurePolicy() pulumi.StringPtrOutput

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (MutatingWebhookOutput) MatchConditions added in v3.25.0

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (MutatingWebhookOutput) MatchPolicy

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (MutatingWebhookOutput) Name

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (MutatingWebhookOutput) NamespaceSelector

func (o MutatingWebhookOutput) NamespaceSelector() metav1.LabelSelectorPtrOutput

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookOutput) ObjectSelector

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookOutput) ReinvocationPolicy

func (o MutatingWebhookOutput) ReinvocationPolicy() pulumi.StringPtrOutput

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".

Never: the webhook will not be called more than once in a single admission evaluation.

IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.

Defaults to "Never".

func (MutatingWebhookOutput) Rules

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (MutatingWebhookOutput) SideEffects

func (o MutatingWebhookOutput) SideEffects() pulumi.StringOutput

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (MutatingWebhookOutput) TimeoutSeconds

func (o MutatingWebhookOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (MutatingWebhookOutput) ToMutatingWebhookOutput

func (o MutatingWebhookOutput) ToMutatingWebhookOutput() MutatingWebhookOutput

func (MutatingWebhookOutput) ToMutatingWebhookOutputWithContext

func (o MutatingWebhookOutput) ToMutatingWebhookOutputWithContext(ctx context.Context) MutatingWebhookOutput

type MutatingWebhookPatch added in v3.20.0

type MutatingWebhookPatch struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig *WebhookClientConfigPatch `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions []MatchConditionPatch `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name *string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelectorPatch `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelectorPatch `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy *string `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperationsPatch `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects *string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

type MutatingWebhookPatchArgs added in v3.20.0

type MutatingWebhookPatchArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigPatchPtrInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions MatchConditionPatchArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPatchPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPatchPtrInput `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy pulumi.StringPtrInput `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsPatchArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringPtrInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookPatchArgs) ElementType added in v3.20.0

func (MutatingWebhookPatchArgs) ElementType() reflect.Type

func (MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutput added in v3.20.0

func (i MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutput() MutatingWebhookPatchOutput

func (MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutputWithContext added in v3.20.0

func (i MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutputWithContext(ctx context.Context) MutatingWebhookPatchOutput

type MutatingWebhookPatchArray added in v3.20.0

type MutatingWebhookPatchArray []MutatingWebhookPatchInput

func (MutatingWebhookPatchArray) ElementType added in v3.20.0

func (MutatingWebhookPatchArray) ElementType() reflect.Type

func (MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutput added in v3.20.0

func (i MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutput() MutatingWebhookPatchArrayOutput

func (MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutputWithContext added in v3.20.0

func (i MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookPatchArrayOutput

type MutatingWebhookPatchArrayInput added in v3.20.0

type MutatingWebhookPatchArrayInput interface {
	pulumi.Input

	ToMutatingWebhookPatchArrayOutput() MutatingWebhookPatchArrayOutput
	ToMutatingWebhookPatchArrayOutputWithContext(context.Context) MutatingWebhookPatchArrayOutput
}

MutatingWebhookPatchArrayInput is an input type that accepts MutatingWebhookPatchArray and MutatingWebhookPatchArrayOutput values. You can construct a concrete instance of `MutatingWebhookPatchArrayInput` via:

MutatingWebhookPatchArray{ MutatingWebhookPatchArgs{...} }

type MutatingWebhookPatchArrayOutput added in v3.20.0

type MutatingWebhookPatchArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookPatchArrayOutput) ElementType added in v3.20.0

func (MutatingWebhookPatchArrayOutput) Index added in v3.20.0

func (MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutput added in v3.20.0

func (o MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutput() MutatingWebhookPatchArrayOutput

func (MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutputWithContext added in v3.20.0

func (o MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookPatchArrayOutput

type MutatingWebhookPatchInput added in v3.20.0

type MutatingWebhookPatchInput interface {
	pulumi.Input

	ToMutatingWebhookPatchOutput() MutatingWebhookPatchOutput
	ToMutatingWebhookPatchOutputWithContext(context.Context) MutatingWebhookPatchOutput
}

MutatingWebhookPatchInput is an input type that accepts MutatingWebhookPatchArgs and MutatingWebhookPatchOutput values. You can construct a concrete instance of `MutatingWebhookPatchInput` via:

MutatingWebhookPatchArgs{...}

type MutatingWebhookPatchOutput added in v3.20.0

type MutatingWebhookPatchOutput struct{ *pulumi.OutputState }

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookPatchOutput) AdmissionReviewVersions added in v3.20.0

func (o MutatingWebhookPatchOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (MutatingWebhookPatchOutput) ClientConfig added in v3.20.0

ClientConfig defines how to communicate with the hook. Required

func (MutatingWebhookPatchOutput) ElementType added in v3.20.0

func (MutatingWebhookPatchOutput) ElementType() reflect.Type

func (MutatingWebhookPatchOutput) FailurePolicy added in v3.20.0

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (MutatingWebhookPatchOutput) MatchConditions added in v3.25.0

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (MutatingWebhookPatchOutput) MatchPolicy added in v3.20.0

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (MutatingWebhookPatchOutput) Name added in v3.20.0

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (MutatingWebhookPatchOutput) NamespaceSelector added in v3.20.0

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookPatchOutput) ObjectSelector added in v3.20.0

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookPatchOutput) ReinvocationPolicy added in v3.20.0

func (o MutatingWebhookPatchOutput) ReinvocationPolicy() pulumi.StringPtrOutput

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".

Never: the webhook will not be called more than once in a single admission evaluation.

IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.

Defaults to "Never".

func (MutatingWebhookPatchOutput) Rules added in v3.20.0

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (MutatingWebhookPatchOutput) SideEffects added in v3.20.0

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (MutatingWebhookPatchOutput) TimeoutSeconds added in v3.20.0

func (o MutatingWebhookPatchOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutput added in v3.20.0

func (o MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutput() MutatingWebhookPatchOutput

func (MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutputWithContext added in v3.20.0

func (o MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutputWithContext(ctx context.Context) MutatingWebhookPatchOutput

type RuleWithOperations

type RuleWithOperations struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

type RuleWithOperationsArgs

type RuleWithOperationsArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsArgs) ElementType

func (RuleWithOperationsArgs) ElementType() reflect.Type

func (RuleWithOperationsArgs) ToRuleWithOperationsOutput

func (i RuleWithOperationsArgs) ToRuleWithOperationsOutput() RuleWithOperationsOutput

func (RuleWithOperationsArgs) ToRuleWithOperationsOutputWithContext

func (i RuleWithOperationsArgs) ToRuleWithOperationsOutputWithContext(ctx context.Context) RuleWithOperationsOutput

type RuleWithOperationsArray

type RuleWithOperationsArray []RuleWithOperationsInput

func (RuleWithOperationsArray) ElementType

func (RuleWithOperationsArray) ElementType() reflect.Type

func (RuleWithOperationsArray) ToRuleWithOperationsArrayOutput

func (i RuleWithOperationsArray) ToRuleWithOperationsArrayOutput() RuleWithOperationsArrayOutput

func (RuleWithOperationsArray) ToRuleWithOperationsArrayOutputWithContext

func (i RuleWithOperationsArray) ToRuleWithOperationsArrayOutputWithContext(ctx context.Context) RuleWithOperationsArrayOutput

type RuleWithOperationsArrayInput

type RuleWithOperationsArrayInput interface {
	pulumi.Input

	ToRuleWithOperationsArrayOutput() RuleWithOperationsArrayOutput
	ToRuleWithOperationsArrayOutputWithContext(context.Context) RuleWithOperationsArrayOutput
}

RuleWithOperationsArrayInput is an input type that accepts RuleWithOperationsArray and RuleWithOperationsArrayOutput values. You can construct a concrete instance of `RuleWithOperationsArrayInput` via:

RuleWithOperationsArray{ RuleWithOperationsArgs{...} }

type RuleWithOperationsArrayOutput

type RuleWithOperationsArrayOutput struct{ *pulumi.OutputState }

func (RuleWithOperationsArrayOutput) ElementType

func (RuleWithOperationsArrayOutput) Index

func (RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutput

func (o RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutput() RuleWithOperationsArrayOutput

func (RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutputWithContext

func (o RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutputWithContext(ctx context.Context) RuleWithOperationsArrayOutput

type RuleWithOperationsInput

type RuleWithOperationsInput interface {
	pulumi.Input

	ToRuleWithOperationsOutput() RuleWithOperationsOutput
	ToRuleWithOperationsOutputWithContext(context.Context) RuleWithOperationsOutput
}

RuleWithOperationsInput is an input type that accepts RuleWithOperationsArgs and RuleWithOperationsOutput values. You can construct a concrete instance of `RuleWithOperationsInput` via:

RuleWithOperationsArgs{...}

type RuleWithOperationsOutput

type RuleWithOperationsOutput struct{ *pulumi.OutputState }

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsOutput) ApiGroups

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsOutput) ApiVersions

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsOutput) ElementType

func (RuleWithOperationsOutput) ElementType() reflect.Type

func (RuleWithOperationsOutput) Operations

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsOutput) Resources

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (RuleWithOperationsOutput) Scope

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (RuleWithOperationsOutput) ToRuleWithOperationsOutput

func (o RuleWithOperationsOutput) ToRuleWithOperationsOutput() RuleWithOperationsOutput

func (RuleWithOperationsOutput) ToRuleWithOperationsOutputWithContext

func (o RuleWithOperationsOutput) ToRuleWithOperationsOutputWithContext(ctx context.Context) RuleWithOperationsOutput

type RuleWithOperationsPatch added in v3.20.0

type RuleWithOperationsPatch struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

type RuleWithOperationsPatchArgs added in v3.20.0

type RuleWithOperationsPatchArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsPatchArgs) ElementType added in v3.20.0

func (RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutput added in v3.20.0

func (i RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutput() RuleWithOperationsPatchOutput

func (RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutputWithContext added in v3.20.0

func (i RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutputWithContext(ctx context.Context) RuleWithOperationsPatchOutput

type RuleWithOperationsPatchArray added in v3.20.0

type RuleWithOperationsPatchArray []RuleWithOperationsPatchInput

func (RuleWithOperationsPatchArray) ElementType added in v3.20.0

func (RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutput added in v3.20.0

func (i RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutput() RuleWithOperationsPatchArrayOutput

func (RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutputWithContext added in v3.20.0

func (i RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) RuleWithOperationsPatchArrayOutput

type RuleWithOperationsPatchArrayInput added in v3.20.0

type RuleWithOperationsPatchArrayInput interface {
	pulumi.Input

	ToRuleWithOperationsPatchArrayOutput() RuleWithOperationsPatchArrayOutput
	ToRuleWithOperationsPatchArrayOutputWithContext(context.Context) RuleWithOperationsPatchArrayOutput
}

RuleWithOperationsPatchArrayInput is an input type that accepts RuleWithOperationsPatchArray and RuleWithOperationsPatchArrayOutput values. You can construct a concrete instance of `RuleWithOperationsPatchArrayInput` via:

RuleWithOperationsPatchArray{ RuleWithOperationsPatchArgs{...} }

type RuleWithOperationsPatchArrayOutput added in v3.20.0

type RuleWithOperationsPatchArrayOutput struct{ *pulumi.OutputState }

func (RuleWithOperationsPatchArrayOutput) ElementType added in v3.20.0

func (RuleWithOperationsPatchArrayOutput) Index added in v3.20.0

func (RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutput added in v3.20.0

func (o RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutput() RuleWithOperationsPatchArrayOutput

func (RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutputWithContext added in v3.20.0

func (o RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) RuleWithOperationsPatchArrayOutput

type RuleWithOperationsPatchInput added in v3.20.0

type RuleWithOperationsPatchInput interface {
	pulumi.Input

	ToRuleWithOperationsPatchOutput() RuleWithOperationsPatchOutput
	ToRuleWithOperationsPatchOutputWithContext(context.Context) RuleWithOperationsPatchOutput
}

RuleWithOperationsPatchInput is an input type that accepts RuleWithOperationsPatchArgs and RuleWithOperationsPatchOutput values. You can construct a concrete instance of `RuleWithOperationsPatchInput` via:

RuleWithOperationsPatchArgs{...}

type RuleWithOperationsPatchOutput added in v3.20.0

type RuleWithOperationsPatchOutput struct{ *pulumi.OutputState }

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsPatchOutput) ApiGroups added in v3.20.0

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsPatchOutput) ApiVersions added in v3.20.0

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsPatchOutput) ElementType added in v3.20.0

func (RuleWithOperationsPatchOutput) Operations added in v3.20.0

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsPatchOutput) Resources added in v3.20.0

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (RuleWithOperationsPatchOutput) Scope added in v3.20.0

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutput added in v3.20.0

func (o RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutput() RuleWithOperationsPatchOutput

func (RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutputWithContext added in v3.20.0

func (o RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutputWithContext(ctx context.Context) RuleWithOperationsPatchOutput

type ServiceReference

type ServiceReference struct {
	// `name` is the name of the service. Required
	Name string `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace string `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path *string `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port *int `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

type ServiceReferenceArgs

type ServiceReferenceArgs struct {
	// `name` is the name of the service. Required
	Name pulumi.StringInput `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace pulumi.StringInput `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path pulumi.StringPtrInput `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port pulumi.IntPtrInput `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferenceArgs) ElementType

func (ServiceReferenceArgs) ElementType() reflect.Type

func (ServiceReferenceArgs) ToServiceReferenceOutput

func (i ServiceReferenceArgs) ToServiceReferenceOutput() ServiceReferenceOutput

func (ServiceReferenceArgs) ToServiceReferenceOutputWithContext

func (i ServiceReferenceArgs) ToServiceReferenceOutputWithContext(ctx context.Context) ServiceReferenceOutput

func (ServiceReferenceArgs) ToServiceReferencePtrOutput

func (i ServiceReferenceArgs) ToServiceReferencePtrOutput() ServiceReferencePtrOutput

func (ServiceReferenceArgs) ToServiceReferencePtrOutputWithContext

func (i ServiceReferenceArgs) ToServiceReferencePtrOutputWithContext(ctx context.Context) ServiceReferencePtrOutput

type ServiceReferenceInput

type ServiceReferenceInput interface {
	pulumi.Input

	ToServiceReferenceOutput() ServiceReferenceOutput
	ToServiceReferenceOutputWithContext(context.Context) ServiceReferenceOutput
}

ServiceReferenceInput is an input type that accepts ServiceReferenceArgs and ServiceReferenceOutput values. You can construct a concrete instance of `ServiceReferenceInput` via:

ServiceReferenceArgs{...}

type ServiceReferenceOutput

type ServiceReferenceOutput struct{ *pulumi.OutputState }

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferenceOutput) ElementType

func (ServiceReferenceOutput) ElementType() reflect.Type

func (ServiceReferenceOutput) Name

`name` is the name of the service. Required

func (ServiceReferenceOutput) Namespace

`namespace` is the namespace of the service. Required

func (ServiceReferenceOutput) Path

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferenceOutput) Port

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferenceOutput) ToServiceReferenceOutput

func (o ServiceReferenceOutput) ToServiceReferenceOutput() ServiceReferenceOutput

func (ServiceReferenceOutput) ToServiceReferenceOutputWithContext

func (o ServiceReferenceOutput) ToServiceReferenceOutputWithContext(ctx context.Context) ServiceReferenceOutput

func (ServiceReferenceOutput) ToServiceReferencePtrOutput

func (o ServiceReferenceOutput) ToServiceReferencePtrOutput() ServiceReferencePtrOutput

func (ServiceReferenceOutput) ToServiceReferencePtrOutputWithContext

func (o ServiceReferenceOutput) ToServiceReferencePtrOutputWithContext(ctx context.Context) ServiceReferencePtrOutput

type ServiceReferencePatch added in v3.20.0

type ServiceReferencePatch struct {
	// `name` is the name of the service. Required
	Name *string `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace *string `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path *string `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port *int `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

type ServiceReferencePatchArgs added in v3.20.0

type ServiceReferencePatchArgs struct {
	// `name` is the name of the service. Required
	Name pulumi.StringPtrInput `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path pulumi.StringPtrInput `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port pulumi.IntPtrInput `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferencePatchArgs) ElementType added in v3.20.0

func (ServiceReferencePatchArgs) ElementType() reflect.Type

func (ServiceReferencePatchArgs) ToServiceReferencePatchOutput added in v3.20.0

func (i ServiceReferencePatchArgs) ToServiceReferencePatchOutput() ServiceReferencePatchOutput

func (ServiceReferencePatchArgs) ToServiceReferencePatchOutputWithContext added in v3.20.0

func (i ServiceReferencePatchArgs) ToServiceReferencePatchOutputWithContext(ctx context.Context) ServiceReferencePatchOutput

func (ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutput added in v3.20.0

func (i ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput

func (ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutputWithContext added in v3.20.0

func (i ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutputWithContext(ctx context.Context) ServiceReferencePatchPtrOutput

type ServiceReferencePatchInput added in v3.20.0

type ServiceReferencePatchInput interface {
	pulumi.Input

	ToServiceReferencePatchOutput() ServiceReferencePatchOutput
	ToServiceReferencePatchOutputWithContext(context.Context) ServiceReferencePatchOutput
}

ServiceReferencePatchInput is an input type that accepts ServiceReferencePatchArgs and ServiceReferencePatchOutput values. You can construct a concrete instance of `ServiceReferencePatchInput` via:

ServiceReferencePatchArgs{...}

type ServiceReferencePatchOutput added in v3.20.0

type ServiceReferencePatchOutput struct{ *pulumi.OutputState }

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferencePatchOutput) ElementType added in v3.20.0

func (ServiceReferencePatchOutput) Name added in v3.20.0

`name` is the name of the service. Required

func (ServiceReferencePatchOutput) Namespace added in v3.20.0

`namespace` is the namespace of the service. Required

func (ServiceReferencePatchOutput) Path added in v3.20.0

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferencePatchOutput) Port added in v3.20.0

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferencePatchOutput) ToServiceReferencePatchOutput added in v3.20.0

func (o ServiceReferencePatchOutput) ToServiceReferencePatchOutput() ServiceReferencePatchOutput

func (ServiceReferencePatchOutput) ToServiceReferencePatchOutputWithContext added in v3.20.0

func (o ServiceReferencePatchOutput) ToServiceReferencePatchOutputWithContext(ctx context.Context) ServiceReferencePatchOutput

func (ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutput added in v3.20.0

func (o ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput

func (ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutputWithContext added in v3.20.0

func (o ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutputWithContext(ctx context.Context) ServiceReferencePatchPtrOutput

type ServiceReferencePatchPtrInput added in v3.20.0

type ServiceReferencePatchPtrInput interface {
	pulumi.Input

	ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput
	ToServiceReferencePatchPtrOutputWithContext(context.Context) ServiceReferencePatchPtrOutput
}

ServiceReferencePatchPtrInput is an input type that accepts ServiceReferencePatchArgs, ServiceReferencePatchPtr and ServiceReferencePatchPtrOutput values. You can construct a concrete instance of `ServiceReferencePatchPtrInput` via:

        ServiceReferencePatchArgs{...}

or:

        nil

func ServiceReferencePatchPtr added in v3.20.0

func ServiceReferencePatchPtr(v *ServiceReferencePatchArgs) ServiceReferencePatchPtrInput

type ServiceReferencePatchPtrOutput added in v3.20.0

type ServiceReferencePatchPtrOutput struct{ *pulumi.OutputState }

func (ServiceReferencePatchPtrOutput) Elem added in v3.20.0

func (ServiceReferencePatchPtrOutput) ElementType added in v3.20.0

func (ServiceReferencePatchPtrOutput) Name added in v3.20.0

`name` is the name of the service. Required

func (ServiceReferencePatchPtrOutput) Namespace added in v3.20.0

`namespace` is the namespace of the service. Required

func (ServiceReferencePatchPtrOutput) Path added in v3.20.0

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferencePatchPtrOutput) Port added in v3.20.0

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutput added in v3.20.0

func (o ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput

func (ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutputWithContext added in v3.20.0

func (o ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutputWithContext(ctx context.Context) ServiceReferencePatchPtrOutput

type ServiceReferencePtrInput

type ServiceReferencePtrInput interface {
	pulumi.Input

	ToServiceReferencePtrOutput() ServiceReferencePtrOutput
	ToServiceReferencePtrOutputWithContext(context.Context) ServiceReferencePtrOutput
}

ServiceReferencePtrInput is an input type that accepts ServiceReferenceArgs, ServiceReferencePtr and ServiceReferencePtrOutput values. You can construct a concrete instance of `ServiceReferencePtrInput` via:

        ServiceReferenceArgs{...}

or:

        nil

type ServiceReferencePtrOutput

type ServiceReferencePtrOutput struct{ *pulumi.OutputState }

func (ServiceReferencePtrOutput) Elem

func (ServiceReferencePtrOutput) ElementType

func (ServiceReferencePtrOutput) ElementType() reflect.Type

func (ServiceReferencePtrOutput) Name

`name` is the name of the service. Required

func (ServiceReferencePtrOutput) Namespace

`namespace` is the namespace of the service. Required

func (ServiceReferencePtrOutput) Path

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferencePtrOutput) Port

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferencePtrOutput) ToServiceReferencePtrOutput

func (o ServiceReferencePtrOutput) ToServiceReferencePtrOutput() ServiceReferencePtrOutput

func (ServiceReferencePtrOutput) ToServiceReferencePtrOutputWithContext

func (o ServiceReferencePtrOutput) ToServiceReferencePtrOutputWithContext(ctx context.Context) ServiceReferencePtrOutput

type ValidatingWebhook

type ValidatingWebhook struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfig `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions []MatchCondition `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelector `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelector `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperations `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

type ValidatingWebhookArgs

type ValidatingWebhookArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions MatchConditionArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPtrInput `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookArgs) ElementType

func (ValidatingWebhookArgs) ElementType() reflect.Type

func (ValidatingWebhookArgs) ToValidatingWebhookOutput

func (i ValidatingWebhookArgs) ToValidatingWebhookOutput() ValidatingWebhookOutput

func (ValidatingWebhookArgs) ToValidatingWebhookOutputWithContext

func (i ValidatingWebhookArgs) ToValidatingWebhookOutputWithContext(ctx context.Context) ValidatingWebhookOutput

type ValidatingWebhookArray

type ValidatingWebhookArray []ValidatingWebhookInput

func (ValidatingWebhookArray) ElementType

func (ValidatingWebhookArray) ElementType() reflect.Type

func (ValidatingWebhookArray) ToValidatingWebhookArrayOutput

func (i ValidatingWebhookArray) ToValidatingWebhookArrayOutput() ValidatingWebhookArrayOutput

func (ValidatingWebhookArray) ToValidatingWebhookArrayOutputWithContext

func (i ValidatingWebhookArray) ToValidatingWebhookArrayOutputWithContext(ctx context.Context) ValidatingWebhookArrayOutput

type ValidatingWebhookArrayInput

type ValidatingWebhookArrayInput interface {
	pulumi.Input

	ToValidatingWebhookArrayOutput() ValidatingWebhookArrayOutput
	ToValidatingWebhookArrayOutputWithContext(context.Context) ValidatingWebhookArrayOutput
}

ValidatingWebhookArrayInput is an input type that accepts ValidatingWebhookArray and ValidatingWebhookArrayOutput values. You can construct a concrete instance of `ValidatingWebhookArrayInput` via:

ValidatingWebhookArray{ ValidatingWebhookArgs{...} }

type ValidatingWebhookArrayOutput

type ValidatingWebhookArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookArrayOutput) ElementType

func (ValidatingWebhookArrayOutput) Index

func (ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutput

func (o ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutput() ValidatingWebhookArrayOutput

func (ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutputWithContext

func (o ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutputWithContext(ctx context.Context) ValidatingWebhookArrayOutput

type ValidatingWebhookConfiguration

type ValidatingWebhookConfiguration struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookArrayOutput `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func GetValidatingWebhookConfiguration

func GetValidatingWebhookConfiguration(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingWebhookConfigurationState, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfiguration, error)

GetValidatingWebhookConfiguration gets an existing ValidatingWebhookConfiguration resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingWebhookConfiguration

func NewValidatingWebhookConfiguration(ctx *pulumi.Context,
	name string, args *ValidatingWebhookConfigurationArgs, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfiguration, error)

NewValidatingWebhookConfiguration registers a new resource with the given unique name, arguments, and options.

func (*ValidatingWebhookConfiguration) ElementType

func (*ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutput

func (i *ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutput() ValidatingWebhookConfigurationOutput

func (*ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutputWithContext

func (i *ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationOutput

type ValidatingWebhookConfigurationArgs

type ValidatingWebhookConfigurationArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookArrayInput
}

The set of arguments for constructing a ValidatingWebhookConfiguration resource.

func (ValidatingWebhookConfigurationArgs) ElementType

type ValidatingWebhookConfigurationArray

type ValidatingWebhookConfigurationArray []ValidatingWebhookConfigurationInput

func (ValidatingWebhookConfigurationArray) ElementType

func (ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutput

func (i ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutput() ValidatingWebhookConfigurationArrayOutput

func (ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutputWithContext

func (i ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationArrayOutput

type ValidatingWebhookConfigurationArrayInput

type ValidatingWebhookConfigurationArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationArrayOutput() ValidatingWebhookConfigurationArrayOutput
	ToValidatingWebhookConfigurationArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationArrayOutput
}

ValidatingWebhookConfigurationArrayInput is an input type that accepts ValidatingWebhookConfigurationArray and ValidatingWebhookConfigurationArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationArrayInput` via:

ValidatingWebhookConfigurationArray{ ValidatingWebhookConfigurationArgs{...} }

type ValidatingWebhookConfigurationArrayOutput

type ValidatingWebhookConfigurationArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationArrayOutput) ElementType

func (ValidatingWebhookConfigurationArrayOutput) Index

func (ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutput

func (o ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutput() ValidatingWebhookConfigurationArrayOutput

func (ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutputWithContext

func (o ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationArrayOutput

type ValidatingWebhookConfigurationInput

type ValidatingWebhookConfigurationInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationOutput() ValidatingWebhookConfigurationOutput
	ToValidatingWebhookConfigurationOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationOutput
}

type ValidatingWebhookConfigurationList

type ValidatingWebhookConfigurationList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// List of ValidatingWebhookConfiguration.
	Items ValidatingWebhookConfigurationTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrOutput `pulumi:"metadata"`
}

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

func GetValidatingWebhookConfigurationList

func GetValidatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingWebhookConfigurationListState, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationList, error)

GetValidatingWebhookConfigurationList gets an existing ValidatingWebhookConfigurationList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingWebhookConfigurationList

func NewValidatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, args *ValidatingWebhookConfigurationListArgs, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationList, error)

NewValidatingWebhookConfigurationList registers a new resource with the given unique name, arguments, and options.

func (*ValidatingWebhookConfigurationList) ElementType

func (*ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutput

func (i *ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutput() ValidatingWebhookConfigurationListOutput

func (*ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutputWithContext

func (i *ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListOutput

type ValidatingWebhookConfigurationListArgs

type ValidatingWebhookConfigurationListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of ValidatingWebhookConfiguration.
	Items ValidatingWebhookConfigurationTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a ValidatingWebhookConfigurationList resource.

func (ValidatingWebhookConfigurationListArgs) ElementType

type ValidatingWebhookConfigurationListArray

type ValidatingWebhookConfigurationListArray []ValidatingWebhookConfigurationListInput

func (ValidatingWebhookConfigurationListArray) ElementType

func (ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutput

func (i ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutput() ValidatingWebhookConfigurationListArrayOutput

func (ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutputWithContext

func (i ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListArrayOutput

type ValidatingWebhookConfigurationListArrayInput

type ValidatingWebhookConfigurationListArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListArrayOutput() ValidatingWebhookConfigurationListArrayOutput
	ToValidatingWebhookConfigurationListArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationListArrayOutput
}

ValidatingWebhookConfigurationListArrayInput is an input type that accepts ValidatingWebhookConfigurationListArray and ValidatingWebhookConfigurationListArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationListArrayInput` via:

ValidatingWebhookConfigurationListArray{ ValidatingWebhookConfigurationListArgs{...} }

type ValidatingWebhookConfigurationListArrayOutput

type ValidatingWebhookConfigurationListArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationListArrayOutput) ElementType

func (ValidatingWebhookConfigurationListArrayOutput) Index

func (ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutput

func (o ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutput() ValidatingWebhookConfigurationListArrayOutput

func (ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutputWithContext

func (o ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListArrayOutput

type ValidatingWebhookConfigurationListInput

type ValidatingWebhookConfigurationListInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListOutput() ValidatingWebhookConfigurationListOutput
	ToValidatingWebhookConfigurationListOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListOutput
}

type ValidatingWebhookConfigurationListMap

type ValidatingWebhookConfigurationListMap map[string]ValidatingWebhookConfigurationListInput

func (ValidatingWebhookConfigurationListMap) ElementType

func (ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutput

func (i ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutput() ValidatingWebhookConfigurationListMapOutput

func (ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutputWithContext

func (i ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListMapOutput

type ValidatingWebhookConfigurationListMapInput

type ValidatingWebhookConfigurationListMapInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListMapOutput() ValidatingWebhookConfigurationListMapOutput
	ToValidatingWebhookConfigurationListMapOutputWithContext(context.Context) ValidatingWebhookConfigurationListMapOutput
}

ValidatingWebhookConfigurationListMapInput is an input type that accepts ValidatingWebhookConfigurationListMap and ValidatingWebhookConfigurationListMapOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationListMapInput` via:

ValidatingWebhookConfigurationListMap{ "key": ValidatingWebhookConfigurationListArgs{...} }

type ValidatingWebhookConfigurationListMapOutput

type ValidatingWebhookConfigurationListMapOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationListMapOutput) ElementType

func (ValidatingWebhookConfigurationListMapOutput) MapIndex

func (ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutput

func (o ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutput() ValidatingWebhookConfigurationListMapOutput

func (ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutputWithContext

func (o ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListMapOutput

type ValidatingWebhookConfigurationListOutput

type ValidatingWebhookConfigurationListOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationListOutput) ApiVersion added in v3.19.1

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationListOutput) ElementType

func (ValidatingWebhookConfigurationListOutput) Items added in v3.19.1

List of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListOutput) Kind added in v3.19.1

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListOutput) Metadata added in v3.19.1

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutput

func (o ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutput() ValidatingWebhookConfigurationListOutput

func (ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutputWithContext

func (o ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListOutput

type ValidatingWebhookConfigurationListState

type ValidatingWebhookConfigurationListState struct {
}

func (ValidatingWebhookConfigurationListState) ElementType

type ValidatingWebhookConfigurationListType

type ValidatingWebhookConfigurationListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of ValidatingWebhookConfiguration.
	Items []ValidatingWebhookConfigurationType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

type ValidatingWebhookConfigurationListTypeArgs

type ValidatingWebhookConfigurationListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of ValidatingWebhookConfiguration.
	Items ValidatingWebhookConfigurationTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListTypeArgs) ElementType

func (ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutput

func (i ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutput() ValidatingWebhookConfigurationListTypeOutput

func (ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutputWithContext

func (i ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListTypeOutput

type ValidatingWebhookConfigurationListTypeInput

type ValidatingWebhookConfigurationListTypeInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListTypeOutput() ValidatingWebhookConfigurationListTypeOutput
	ToValidatingWebhookConfigurationListTypeOutputWithContext(context.Context) ValidatingWebhookConfigurationListTypeOutput
}

ValidatingWebhookConfigurationListTypeInput is an input type that accepts ValidatingWebhookConfigurationListTypeArgs and ValidatingWebhookConfigurationListTypeOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationListTypeInput` via:

ValidatingWebhookConfigurationListTypeArgs{...}

type ValidatingWebhookConfigurationListTypeOutput

type ValidatingWebhookConfigurationListTypeOutput struct{ *pulumi.OutputState }

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationListTypeOutput) ElementType

func (ValidatingWebhookConfigurationListTypeOutput) Items

List of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutput

func (o ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutput() ValidatingWebhookConfigurationListTypeOutput

func (ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutputWithContext

func (o ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListTypeOutput

type ValidatingWebhookConfigurationMap

type ValidatingWebhookConfigurationMap map[string]ValidatingWebhookConfigurationInput

func (ValidatingWebhookConfigurationMap) ElementType

func (ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutput

func (i ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutput() ValidatingWebhookConfigurationMapOutput

func (ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutputWithContext

func (i ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationMapOutput

type ValidatingWebhookConfigurationMapInput

type ValidatingWebhookConfigurationMapInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationMapOutput() ValidatingWebhookConfigurationMapOutput
	ToValidatingWebhookConfigurationMapOutputWithContext(context.Context) ValidatingWebhookConfigurationMapOutput
}

ValidatingWebhookConfigurationMapInput is an input type that accepts ValidatingWebhookConfigurationMap and ValidatingWebhookConfigurationMapOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationMapInput` via:

ValidatingWebhookConfigurationMap{ "key": ValidatingWebhookConfigurationArgs{...} }

type ValidatingWebhookConfigurationMapOutput

type ValidatingWebhookConfigurationMapOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationMapOutput) ElementType

func (ValidatingWebhookConfigurationMapOutput) MapIndex

func (ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutput

func (o ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutput() ValidatingWebhookConfigurationMapOutput

func (ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutputWithContext

func (o ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationMapOutput

type ValidatingWebhookConfigurationOutput

type ValidatingWebhookConfigurationOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationOutput) ApiVersion added in v3.19.1

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationOutput) ElementType

func (ValidatingWebhookConfigurationOutput) Kind added in v3.19.1

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationOutput) Metadata added in v3.19.1

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutput

func (o ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutput() ValidatingWebhookConfigurationOutput

func (ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutputWithContext

func (o ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationOutput

func (ValidatingWebhookConfigurationOutput) Webhooks added in v3.19.1

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookConfigurationPatch added in v3.20.0

type ValidatingWebhookConfigurationPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookPatchArrayOutput `pulumi:"webhooks"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func GetValidatingWebhookConfigurationPatch added in v3.20.0

func GetValidatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingWebhookConfigurationPatchState, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationPatch, error)

GetValidatingWebhookConfigurationPatch gets an existing ValidatingWebhookConfigurationPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingWebhookConfigurationPatch added in v3.20.0

func NewValidatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, args *ValidatingWebhookConfigurationPatchArgs, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationPatch, error)

NewValidatingWebhookConfigurationPatch registers a new resource with the given unique name, arguments, and options.

func (*ValidatingWebhookConfigurationPatch) ElementType added in v3.20.0

func (*ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutput added in v3.20.0

func (i *ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutput() ValidatingWebhookConfigurationPatchOutput

func (*ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutputWithContext added in v3.20.0

func (i *ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchOutput

type ValidatingWebhookConfigurationPatchArgs added in v3.20.0

type ValidatingWebhookConfigurationPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookPatchArrayInput
}

The set of arguments for constructing a ValidatingWebhookConfigurationPatch resource.

func (ValidatingWebhookConfigurationPatchArgs) ElementType added in v3.20.0

type ValidatingWebhookConfigurationPatchArray added in v3.20.0

type ValidatingWebhookConfigurationPatchArray []ValidatingWebhookConfigurationPatchInput

func (ValidatingWebhookConfigurationPatchArray) ElementType added in v3.20.0

func (ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutput added in v3.20.0

func (i ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutput() ValidatingWebhookConfigurationPatchArrayOutput

func (ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutputWithContext added in v3.20.0

func (i ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchArrayOutput

type ValidatingWebhookConfigurationPatchArrayInput added in v3.20.0

type ValidatingWebhookConfigurationPatchArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchArrayOutput() ValidatingWebhookConfigurationPatchArrayOutput
	ToValidatingWebhookConfigurationPatchArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationPatchArrayOutput
}

ValidatingWebhookConfigurationPatchArrayInput is an input type that accepts ValidatingWebhookConfigurationPatchArray and ValidatingWebhookConfigurationPatchArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationPatchArrayInput` via:

ValidatingWebhookConfigurationPatchArray{ ValidatingWebhookConfigurationPatchArgs{...} }

type ValidatingWebhookConfigurationPatchArrayOutput added in v3.20.0

type ValidatingWebhookConfigurationPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationPatchArrayOutput) ElementType added in v3.20.0

func (ValidatingWebhookConfigurationPatchArrayOutput) Index added in v3.20.0

func (ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutput added in v3.20.0

func (o ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutput() ValidatingWebhookConfigurationPatchArrayOutput

func (ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutputWithContext added in v3.20.0

func (o ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchArrayOutput

type ValidatingWebhookConfigurationPatchInput added in v3.20.0

type ValidatingWebhookConfigurationPatchInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchOutput() ValidatingWebhookConfigurationPatchOutput
	ToValidatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchOutput
}

type ValidatingWebhookConfigurationPatchMap added in v3.20.0

type ValidatingWebhookConfigurationPatchMap map[string]ValidatingWebhookConfigurationPatchInput

func (ValidatingWebhookConfigurationPatchMap) ElementType added in v3.20.0

func (ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutput added in v3.20.0

func (i ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutput() ValidatingWebhookConfigurationPatchMapOutput

func (ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutputWithContext added in v3.20.0

func (i ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchMapOutput

type ValidatingWebhookConfigurationPatchMapInput added in v3.20.0

type ValidatingWebhookConfigurationPatchMapInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchMapOutput() ValidatingWebhookConfigurationPatchMapOutput
	ToValidatingWebhookConfigurationPatchMapOutputWithContext(context.Context) ValidatingWebhookConfigurationPatchMapOutput
}

ValidatingWebhookConfigurationPatchMapInput is an input type that accepts ValidatingWebhookConfigurationPatchMap and ValidatingWebhookConfigurationPatchMapOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationPatchMapInput` via:

ValidatingWebhookConfigurationPatchMap{ "key": ValidatingWebhookConfigurationPatchArgs{...} }

type ValidatingWebhookConfigurationPatchMapOutput added in v3.20.0

type ValidatingWebhookConfigurationPatchMapOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationPatchMapOutput) ElementType added in v3.20.0

func (ValidatingWebhookConfigurationPatchMapOutput) MapIndex added in v3.20.0

func (ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutput added in v3.20.0

func (o ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutput() ValidatingWebhookConfigurationPatchMapOutput

func (ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutputWithContext added in v3.20.0

func (o ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchMapOutput

type ValidatingWebhookConfigurationPatchOutput added in v3.20.0

type ValidatingWebhookConfigurationPatchOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationPatchOutput) ApiVersion added in v3.20.0

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationPatchOutput) ElementType added in v3.20.0

func (ValidatingWebhookConfigurationPatchOutput) Kind added in v3.20.0

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationPatchOutput) Metadata added in v3.20.0

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutput added in v3.20.0

func (o ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutput() ValidatingWebhookConfigurationPatchOutput

func (ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutputWithContext added in v3.20.0

func (o ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchOutput

func (ValidatingWebhookConfigurationPatchOutput) Webhooks added in v3.20.0

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookConfigurationPatchState added in v3.20.0

type ValidatingWebhookConfigurationPatchState struct {
}

func (ValidatingWebhookConfigurationPatchState) ElementType added in v3.20.0

type ValidatingWebhookConfigurationPatchType added in v3.20.0

type ValidatingWebhookConfigurationPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []ValidatingWebhookPatch `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

type ValidatingWebhookConfigurationPatchTypeArgs added in v3.20.0

type ValidatingWebhookConfigurationPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookPatchArrayInput `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationPatchTypeArgs) ElementType added in v3.20.0

func (ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutput added in v3.20.0

func (i ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutput() ValidatingWebhookConfigurationPatchTypeOutput

func (ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutputWithContext added in v3.20.0

func (i ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchTypeOutput

type ValidatingWebhookConfigurationPatchTypeInput added in v3.20.0

type ValidatingWebhookConfigurationPatchTypeInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchTypeOutput() ValidatingWebhookConfigurationPatchTypeOutput
	ToValidatingWebhookConfigurationPatchTypeOutputWithContext(context.Context) ValidatingWebhookConfigurationPatchTypeOutput
}

ValidatingWebhookConfigurationPatchTypeInput is an input type that accepts ValidatingWebhookConfigurationPatchTypeArgs and ValidatingWebhookConfigurationPatchTypeOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationPatchTypeInput` via:

ValidatingWebhookConfigurationPatchTypeArgs{...}

type ValidatingWebhookConfigurationPatchTypeOutput added in v3.20.0

type ValidatingWebhookConfigurationPatchTypeOutput struct{ *pulumi.OutputState }

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationPatchTypeOutput) ApiVersion added in v3.20.0

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationPatchTypeOutput) ElementType added in v3.20.0

func (ValidatingWebhookConfigurationPatchTypeOutput) Kind added in v3.20.0

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationPatchTypeOutput) Metadata added in v3.20.0

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutput added in v3.20.0

func (o ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutput() ValidatingWebhookConfigurationPatchTypeOutput

func (ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutputWithContext added in v3.20.0

func (o ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchTypeOutput

func (ValidatingWebhookConfigurationPatchTypeOutput) Webhooks added in v3.20.0

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookConfigurationState

type ValidatingWebhookConfigurationState struct {
}

func (ValidatingWebhookConfigurationState) ElementType

type ValidatingWebhookConfigurationType

type ValidatingWebhookConfigurationType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []ValidatingWebhook `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

type ValidatingWebhookConfigurationTypeArgs

type ValidatingWebhookConfigurationTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookArrayInput `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationTypeArgs) ElementType

func (ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutput

func (i ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutput() ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutputWithContext

func (i ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeOutput

type ValidatingWebhookConfigurationTypeArray

type ValidatingWebhookConfigurationTypeArray []ValidatingWebhookConfigurationTypeInput

func (ValidatingWebhookConfigurationTypeArray) ElementType

func (ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutput

func (i ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutput() ValidatingWebhookConfigurationTypeArrayOutput

func (ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutputWithContext

func (i ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeArrayOutput

type ValidatingWebhookConfigurationTypeArrayInput

type ValidatingWebhookConfigurationTypeArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationTypeArrayOutput() ValidatingWebhookConfigurationTypeArrayOutput
	ToValidatingWebhookConfigurationTypeArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationTypeArrayOutput
}

ValidatingWebhookConfigurationTypeArrayInput is an input type that accepts ValidatingWebhookConfigurationTypeArray and ValidatingWebhookConfigurationTypeArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationTypeArrayInput` via:

ValidatingWebhookConfigurationTypeArray{ ValidatingWebhookConfigurationTypeArgs{...} }

type ValidatingWebhookConfigurationTypeArrayOutput

type ValidatingWebhookConfigurationTypeArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationTypeArrayOutput) ElementType

func (ValidatingWebhookConfigurationTypeArrayOutput) Index

func (ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutput

func (o ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutput() ValidatingWebhookConfigurationTypeArrayOutput

func (ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutputWithContext

func (o ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeArrayOutput

type ValidatingWebhookConfigurationTypeInput

type ValidatingWebhookConfigurationTypeInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationTypeOutput() ValidatingWebhookConfigurationTypeOutput
	ToValidatingWebhookConfigurationTypeOutputWithContext(context.Context) ValidatingWebhookConfigurationTypeOutput
}

ValidatingWebhookConfigurationTypeInput is an input type that accepts ValidatingWebhookConfigurationTypeArgs and ValidatingWebhookConfigurationTypeOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationTypeInput` via:

ValidatingWebhookConfigurationTypeArgs{...}

type ValidatingWebhookConfigurationTypeOutput

type ValidatingWebhookConfigurationTypeOutput struct{ *pulumi.OutputState }

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationTypeOutput) ElementType

func (ValidatingWebhookConfigurationTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationTypeOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutput

func (o ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutput() ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutputWithContext

func (o ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookInput

type ValidatingWebhookInput interface {
	pulumi.Input

	ToValidatingWebhookOutput() ValidatingWebhookOutput
	ToValidatingWebhookOutputWithContext(context.Context) ValidatingWebhookOutput
}

ValidatingWebhookInput is an input type that accepts ValidatingWebhookArgs and ValidatingWebhookOutput values. You can construct a concrete instance of `ValidatingWebhookInput` via:

ValidatingWebhookArgs{...}

type ValidatingWebhookOutput

type ValidatingWebhookOutput struct{ *pulumi.OutputState }

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookOutput) AdmissionReviewVersions

func (o ValidatingWebhookOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (ValidatingWebhookOutput) ClientConfig

ClientConfig defines how to communicate with the hook. Required

func (ValidatingWebhookOutput) ElementType

func (ValidatingWebhookOutput) ElementType() reflect.Type

func (ValidatingWebhookOutput) FailurePolicy

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingWebhookOutput) MatchConditions added in v3.25.0

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (ValidatingWebhookOutput) MatchPolicy

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (ValidatingWebhookOutput) Name

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (ValidatingWebhookOutput) NamespaceSelector

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookOutput) ObjectSelector

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookOutput) Rules

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (ValidatingWebhookOutput) SideEffects

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (ValidatingWebhookOutput) TimeoutSeconds

func (o ValidatingWebhookOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (ValidatingWebhookOutput) ToValidatingWebhookOutput

func (o ValidatingWebhookOutput) ToValidatingWebhookOutput() ValidatingWebhookOutput

func (ValidatingWebhookOutput) ToValidatingWebhookOutputWithContext

func (o ValidatingWebhookOutput) ToValidatingWebhookOutputWithContext(ctx context.Context) ValidatingWebhookOutput

type ValidatingWebhookPatch added in v3.20.0

type ValidatingWebhookPatch struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig *WebhookClientConfigPatch `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions []MatchConditionPatch `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name *string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelectorPatch `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelectorPatch `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperationsPatch `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects *string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

type ValidatingWebhookPatchArgs added in v3.20.0

type ValidatingWebhookPatchArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigPatchPtrInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions MatchConditionPatchArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPatchPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPatchPtrInput `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsPatchArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringPtrInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookPatchArgs) ElementType added in v3.20.0

func (ValidatingWebhookPatchArgs) ElementType() reflect.Type

func (ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutput added in v3.20.0

func (i ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutput() ValidatingWebhookPatchOutput

func (ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutputWithContext added in v3.20.0

func (i ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutputWithContext(ctx context.Context) ValidatingWebhookPatchOutput

type ValidatingWebhookPatchArray added in v3.20.0

type ValidatingWebhookPatchArray []ValidatingWebhookPatchInput

func (ValidatingWebhookPatchArray) ElementType added in v3.20.0

func (ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutput added in v3.20.0

func (i ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutput() ValidatingWebhookPatchArrayOutput

func (ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutputWithContext added in v3.20.0

func (i ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookPatchArrayOutput

type ValidatingWebhookPatchArrayInput added in v3.20.0

type ValidatingWebhookPatchArrayInput interface {
	pulumi.Input

	ToValidatingWebhookPatchArrayOutput() ValidatingWebhookPatchArrayOutput
	ToValidatingWebhookPatchArrayOutputWithContext(context.Context) ValidatingWebhookPatchArrayOutput
}

ValidatingWebhookPatchArrayInput is an input type that accepts ValidatingWebhookPatchArray and ValidatingWebhookPatchArrayOutput values. You can construct a concrete instance of `ValidatingWebhookPatchArrayInput` via:

ValidatingWebhookPatchArray{ ValidatingWebhookPatchArgs{...} }

type ValidatingWebhookPatchArrayOutput added in v3.20.0

type ValidatingWebhookPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookPatchArrayOutput) ElementType added in v3.20.0

func (ValidatingWebhookPatchArrayOutput) Index added in v3.20.0

func (ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutput added in v3.20.0

func (o ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutput() ValidatingWebhookPatchArrayOutput

func (ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutputWithContext added in v3.20.0

func (o ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookPatchArrayOutput

type ValidatingWebhookPatchInput added in v3.20.0

type ValidatingWebhookPatchInput interface {
	pulumi.Input

	ToValidatingWebhookPatchOutput() ValidatingWebhookPatchOutput
	ToValidatingWebhookPatchOutputWithContext(context.Context) ValidatingWebhookPatchOutput
}

ValidatingWebhookPatchInput is an input type that accepts ValidatingWebhookPatchArgs and ValidatingWebhookPatchOutput values. You can construct a concrete instance of `ValidatingWebhookPatchInput` via:

ValidatingWebhookPatchArgs{...}

type ValidatingWebhookPatchOutput added in v3.20.0

type ValidatingWebhookPatchOutput struct{ *pulumi.OutputState }

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookPatchOutput) AdmissionReviewVersions added in v3.20.0

func (o ValidatingWebhookPatchOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (ValidatingWebhookPatchOutput) ClientConfig added in v3.20.0

ClientConfig defines how to communicate with the hook. Required

func (ValidatingWebhookPatchOutput) ElementType added in v3.20.0

func (ValidatingWebhookPatchOutput) FailurePolicy added in v3.20.0

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingWebhookPatchOutput) MatchConditions added in v3.25.0

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (ValidatingWebhookPatchOutput) MatchPolicy added in v3.20.0

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (ValidatingWebhookPatchOutput) Name added in v3.20.0

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (ValidatingWebhookPatchOutput) NamespaceSelector added in v3.20.0

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookPatchOutput) ObjectSelector added in v3.20.0

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookPatchOutput) Rules added in v3.20.0

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (ValidatingWebhookPatchOutput) SideEffects added in v3.20.0

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (ValidatingWebhookPatchOutput) TimeoutSeconds added in v3.20.0

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutput added in v3.20.0

func (o ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutput() ValidatingWebhookPatchOutput

func (ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutputWithContext added in v3.20.0

func (o ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutputWithContext(ctx context.Context) ValidatingWebhookPatchOutput

type WebhookClientConfig

type WebhookClientConfig struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle *string `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service *ServiceReference `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url *string `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

type WebhookClientConfigArgs

type WebhookClientConfigArgs struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle pulumi.StringPtrInput `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service ServiceReferencePtrInput `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url pulumi.StringPtrInput `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigArgs) ElementType

func (WebhookClientConfigArgs) ElementType() reflect.Type

func (WebhookClientConfigArgs) ToWebhookClientConfigOutput

func (i WebhookClientConfigArgs) ToWebhookClientConfigOutput() WebhookClientConfigOutput

func (WebhookClientConfigArgs) ToWebhookClientConfigOutputWithContext

func (i WebhookClientConfigArgs) ToWebhookClientConfigOutputWithContext(ctx context.Context) WebhookClientConfigOutput

type WebhookClientConfigInput

type WebhookClientConfigInput interface {
	pulumi.Input

	ToWebhookClientConfigOutput() WebhookClientConfigOutput
	ToWebhookClientConfigOutputWithContext(context.Context) WebhookClientConfigOutput
}

WebhookClientConfigInput is an input type that accepts WebhookClientConfigArgs and WebhookClientConfigOutput values. You can construct a concrete instance of `WebhookClientConfigInput` via:

WebhookClientConfigArgs{...}

type WebhookClientConfigOutput

type WebhookClientConfigOutput struct{ *pulumi.OutputState }

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigOutput) CaBundle

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

func (WebhookClientConfigOutput) ElementType

func (WebhookClientConfigOutput) ElementType() reflect.Type

func (WebhookClientConfigOutput) Service

`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (WebhookClientConfigOutput) ToWebhookClientConfigOutput

func (o WebhookClientConfigOutput) ToWebhookClientConfigOutput() WebhookClientConfigOutput

func (WebhookClientConfigOutput) ToWebhookClientConfigOutputWithContext

func (o WebhookClientConfigOutput) ToWebhookClientConfigOutputWithContext(ctx context.Context) WebhookClientConfigOutput

func (WebhookClientConfigOutput) Url

`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.

The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.

type WebhookClientConfigPatch added in v3.20.0

type WebhookClientConfigPatch struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle *string `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service *ServiceReferencePatch `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url *string `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

type WebhookClientConfigPatchArgs added in v3.20.0

type WebhookClientConfigPatchArgs struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle pulumi.StringPtrInput `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service ServiceReferencePatchPtrInput `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url pulumi.StringPtrInput `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigPatchArgs) ElementType added in v3.20.0

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutput added in v3.20.0

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutput() WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutputWithContext added in v3.20.0

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutputWithContext(ctx context.Context) WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutput added in v3.20.0

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutputWithContext added in v3.20.0

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutputWithContext(ctx context.Context) WebhookClientConfigPatchPtrOutput

type WebhookClientConfigPatchInput added in v3.20.0

type WebhookClientConfigPatchInput interface {
	pulumi.Input

	ToWebhookClientConfigPatchOutput() WebhookClientConfigPatchOutput
	ToWebhookClientConfigPatchOutputWithContext(context.Context) WebhookClientConfigPatchOutput
}

WebhookClientConfigPatchInput is an input type that accepts WebhookClientConfigPatchArgs and WebhookClientConfigPatchOutput values. You can construct a concrete instance of `WebhookClientConfigPatchInput` via:

WebhookClientConfigPatchArgs{...}

type WebhookClientConfigPatchOutput added in v3.20.0

type WebhookClientConfigPatchOutput struct{ *pulumi.OutputState }

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigPatchOutput) CaBundle added in v3.20.0

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

func (WebhookClientConfigPatchOutput) ElementType added in v3.20.0

func (WebhookClientConfigPatchOutput) Service added in v3.20.0

`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutput added in v3.20.0

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutput() WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutputWithContext added in v3.20.0

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutputWithContext(ctx context.Context) WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutput added in v3.20.0

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutputWithContext added in v3.20.0

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutputWithContext(ctx context.Context) WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchOutput) Url added in v3.20.0

`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.

The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.

type WebhookClientConfigPatchPtrInput added in v3.20.0

type WebhookClientConfigPatchPtrInput interface {
	pulumi.Input

	ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput
	ToWebhookClientConfigPatchPtrOutputWithContext(context.Context) WebhookClientConfigPatchPtrOutput
}

WebhookClientConfigPatchPtrInput is an input type that accepts WebhookClientConfigPatchArgs, WebhookClientConfigPatchPtr and WebhookClientConfigPatchPtrOutput values. You can construct a concrete instance of `WebhookClientConfigPatchPtrInput` via:

        WebhookClientConfigPatchArgs{...}

or:

        nil

func WebhookClientConfigPatchPtr added in v3.20.0

func WebhookClientConfigPatchPtr(v *WebhookClientConfigPatchArgs) WebhookClientConfigPatchPtrInput

type WebhookClientConfigPatchPtrOutput added in v3.20.0

type WebhookClientConfigPatchPtrOutput struct{ *pulumi.OutputState }

func (WebhookClientConfigPatchPtrOutput) CaBundle added in v3.20.0

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

func (WebhookClientConfigPatchPtrOutput) Elem added in v3.20.0

func (WebhookClientConfigPatchPtrOutput) ElementType added in v3.20.0

func (WebhookClientConfigPatchPtrOutput) Service added in v3.20.0

`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutput added in v3.20.0

func (o WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutputWithContext added in v3.20.0

func (o WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutputWithContext(ctx context.Context) WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchPtrOutput) Url added in v3.20.0

`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.

The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL