v1

package
v4.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 19, 2023 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type MatchCondition

type MatchCondition struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression string `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name string `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

type MatchConditionArgs

type MatchConditionArgs struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression pulumi.StringInput `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name pulumi.StringInput `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionArgs) ElementType

func (MatchConditionArgs) ElementType() reflect.Type

func (MatchConditionArgs) ToMatchConditionOutput

func (i MatchConditionArgs) ToMatchConditionOutput() MatchConditionOutput

func (MatchConditionArgs) ToMatchConditionOutputWithContext

func (i MatchConditionArgs) ToMatchConditionOutputWithContext(ctx context.Context) MatchConditionOutput

type MatchConditionArray

type MatchConditionArray []MatchConditionInput

func (MatchConditionArray) ElementType

func (MatchConditionArray) ElementType() reflect.Type

func (MatchConditionArray) ToMatchConditionArrayOutput

func (i MatchConditionArray) ToMatchConditionArrayOutput() MatchConditionArrayOutput

func (MatchConditionArray) ToMatchConditionArrayOutputWithContext

func (i MatchConditionArray) ToMatchConditionArrayOutputWithContext(ctx context.Context) MatchConditionArrayOutput

type MatchConditionArrayInput

type MatchConditionArrayInput interface {
	pulumi.Input

	ToMatchConditionArrayOutput() MatchConditionArrayOutput
	ToMatchConditionArrayOutputWithContext(context.Context) MatchConditionArrayOutput
}

MatchConditionArrayInput is an input type that accepts MatchConditionArray and MatchConditionArrayOutput values. You can construct a concrete instance of `MatchConditionArrayInput` via:

MatchConditionArray{ MatchConditionArgs{...} }

type MatchConditionArrayOutput

type MatchConditionArrayOutput struct{ *pulumi.OutputState }

func (MatchConditionArrayOutput) ElementType

func (MatchConditionArrayOutput) ElementType() reflect.Type

func (MatchConditionArrayOutput) Index

func (MatchConditionArrayOutput) ToMatchConditionArrayOutput

func (o MatchConditionArrayOutput) ToMatchConditionArrayOutput() MatchConditionArrayOutput

func (MatchConditionArrayOutput) ToMatchConditionArrayOutputWithContext

func (o MatchConditionArrayOutput) ToMatchConditionArrayOutputWithContext(ctx context.Context) MatchConditionArrayOutput

type MatchConditionInput

type MatchConditionInput interface {
	pulumi.Input

	ToMatchConditionOutput() MatchConditionOutput
	ToMatchConditionOutputWithContext(context.Context) MatchConditionOutput
}

MatchConditionInput is an input type that accepts MatchConditionArgs and MatchConditionOutput values. You can construct a concrete instance of `MatchConditionInput` via:

MatchConditionArgs{...}

type MatchConditionOutput

type MatchConditionOutput struct{ *pulumi.OutputState }

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionOutput) ElementType

func (MatchConditionOutput) ElementType() reflect.Type

func (MatchConditionOutput) Expression

func (o MatchConditionOutput) Expression() pulumi.StringOutput

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (MatchConditionOutput) Name

Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

func (MatchConditionOutput) ToMatchConditionOutput

func (o MatchConditionOutput) ToMatchConditionOutput() MatchConditionOutput

func (MatchConditionOutput) ToMatchConditionOutputWithContext

func (o MatchConditionOutput) ToMatchConditionOutputWithContext(ctx context.Context) MatchConditionOutput

type MatchConditionPatch

type MatchConditionPatch struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression *string `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name *string `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

type MatchConditionPatchArgs

type MatchConditionPatchArgs struct {
	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
	//
	// 'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
	//   request resource.
	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
	//
	// Required.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
	//
	// Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
}

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionPatchArgs) ElementType

func (MatchConditionPatchArgs) ElementType() reflect.Type

func (MatchConditionPatchArgs) ToMatchConditionPatchOutput

func (i MatchConditionPatchArgs) ToMatchConditionPatchOutput() MatchConditionPatchOutput

func (MatchConditionPatchArgs) ToMatchConditionPatchOutputWithContext

func (i MatchConditionPatchArgs) ToMatchConditionPatchOutputWithContext(ctx context.Context) MatchConditionPatchOutput

type MatchConditionPatchArray

type MatchConditionPatchArray []MatchConditionPatchInput

func (MatchConditionPatchArray) ElementType

func (MatchConditionPatchArray) ElementType() reflect.Type

func (MatchConditionPatchArray) ToMatchConditionPatchArrayOutput

func (i MatchConditionPatchArray) ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput

func (MatchConditionPatchArray) ToMatchConditionPatchArrayOutputWithContext

func (i MatchConditionPatchArray) ToMatchConditionPatchArrayOutputWithContext(ctx context.Context) MatchConditionPatchArrayOutput

type MatchConditionPatchArrayInput

type MatchConditionPatchArrayInput interface {
	pulumi.Input

	ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput
	ToMatchConditionPatchArrayOutputWithContext(context.Context) MatchConditionPatchArrayOutput
}

MatchConditionPatchArrayInput is an input type that accepts MatchConditionPatchArray and MatchConditionPatchArrayOutput values. You can construct a concrete instance of `MatchConditionPatchArrayInput` via:

MatchConditionPatchArray{ MatchConditionPatchArgs{...} }

type MatchConditionPatchArrayOutput

type MatchConditionPatchArrayOutput struct{ *pulumi.OutputState }

func (MatchConditionPatchArrayOutput) ElementType

func (MatchConditionPatchArrayOutput) Index

func (MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutput

func (o MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutput() MatchConditionPatchArrayOutput

func (MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutputWithContext

func (o MatchConditionPatchArrayOutput) ToMatchConditionPatchArrayOutputWithContext(ctx context.Context) MatchConditionPatchArrayOutput

type MatchConditionPatchInput

type MatchConditionPatchInput interface {
	pulumi.Input

	ToMatchConditionPatchOutput() MatchConditionPatchOutput
	ToMatchConditionPatchOutputWithContext(context.Context) MatchConditionPatchOutput
}

MatchConditionPatchInput is an input type that accepts MatchConditionPatchArgs and MatchConditionPatchOutput values. You can construct a concrete instance of `MatchConditionPatchInput` via:

MatchConditionPatchArgs{...}

type MatchConditionPatchOutput

type MatchConditionPatchOutput struct{ *pulumi.OutputState }

MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.

func (MatchConditionPatchOutput) ElementType

func (MatchConditionPatchOutput) ElementType() reflect.Type

func (MatchConditionPatchOutput) Expression

Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:

'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.

See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz

'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the

request resource.

Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/

Required.

func (MatchConditionPatchOutput) Name

Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

Required.

func (MatchConditionPatchOutput) ToMatchConditionPatchOutput

func (o MatchConditionPatchOutput) ToMatchConditionPatchOutput() MatchConditionPatchOutput

func (MatchConditionPatchOutput) ToMatchConditionPatchOutputWithContext

func (o MatchConditionPatchOutput) ToMatchConditionPatchOutputWithContext(ctx context.Context) MatchConditionPatchOutput

type MutatingWebhook

type MutatingWebhook struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfig `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions []MatchCondition `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelector `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelector `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy *string `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperations `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

type MutatingWebhookArgs

type MutatingWebhookArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions MatchConditionArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPtrInput `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy pulumi.StringPtrInput `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookArgs) ElementType

func (MutatingWebhookArgs) ElementType() reflect.Type

func (MutatingWebhookArgs) ToMutatingWebhookOutput

func (i MutatingWebhookArgs) ToMutatingWebhookOutput() MutatingWebhookOutput

func (MutatingWebhookArgs) ToMutatingWebhookOutputWithContext

func (i MutatingWebhookArgs) ToMutatingWebhookOutputWithContext(ctx context.Context) MutatingWebhookOutput

type MutatingWebhookArray

type MutatingWebhookArray []MutatingWebhookInput

func (MutatingWebhookArray) ElementType

func (MutatingWebhookArray) ElementType() reflect.Type

func (MutatingWebhookArray) ToMutatingWebhookArrayOutput

func (i MutatingWebhookArray) ToMutatingWebhookArrayOutput() MutatingWebhookArrayOutput

func (MutatingWebhookArray) ToMutatingWebhookArrayOutputWithContext

func (i MutatingWebhookArray) ToMutatingWebhookArrayOutputWithContext(ctx context.Context) MutatingWebhookArrayOutput

type MutatingWebhookArrayInput

type MutatingWebhookArrayInput interface {
	pulumi.Input

	ToMutatingWebhookArrayOutput() MutatingWebhookArrayOutput
	ToMutatingWebhookArrayOutputWithContext(context.Context) MutatingWebhookArrayOutput
}

MutatingWebhookArrayInput is an input type that accepts MutatingWebhookArray and MutatingWebhookArrayOutput values. You can construct a concrete instance of `MutatingWebhookArrayInput` via:

MutatingWebhookArray{ MutatingWebhookArgs{...} }

type MutatingWebhookArrayOutput

type MutatingWebhookArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookArrayOutput) ElementType

func (MutatingWebhookArrayOutput) ElementType() reflect.Type

func (MutatingWebhookArrayOutput) Index

func (MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutput

func (o MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutput() MutatingWebhookArrayOutput

func (MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutputWithContext

func (o MutatingWebhookArrayOutput) ToMutatingWebhookArrayOutputWithContext(ctx context.Context) MutatingWebhookArrayOutput

type MutatingWebhookConfiguration

type MutatingWebhookConfiguration struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookArrayOutput `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func GetMutatingWebhookConfiguration

func GetMutatingWebhookConfiguration(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MutatingWebhookConfigurationState, opts ...pulumi.ResourceOption) (*MutatingWebhookConfiguration, error)

GetMutatingWebhookConfiguration gets an existing MutatingWebhookConfiguration resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMutatingWebhookConfiguration

func NewMutatingWebhookConfiguration(ctx *pulumi.Context,
	name string, args *MutatingWebhookConfigurationArgs, opts ...pulumi.ResourceOption) (*MutatingWebhookConfiguration, error)

NewMutatingWebhookConfiguration registers a new resource with the given unique name, arguments, and options.

func (*MutatingWebhookConfiguration) ElementType

func (*MutatingWebhookConfiguration) ElementType() reflect.Type

func (*MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutput

func (i *MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutput() MutatingWebhookConfigurationOutput

func (*MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutputWithContext

func (i *MutatingWebhookConfiguration) ToMutatingWebhookConfigurationOutputWithContext(ctx context.Context) MutatingWebhookConfigurationOutput

type MutatingWebhookConfigurationArgs

type MutatingWebhookConfigurationArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookArrayInput
}

The set of arguments for constructing a MutatingWebhookConfiguration resource.

func (MutatingWebhookConfigurationArgs) ElementType

type MutatingWebhookConfigurationArray

type MutatingWebhookConfigurationArray []MutatingWebhookConfigurationInput

func (MutatingWebhookConfigurationArray) ElementType

func (MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutput

func (i MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutput() MutatingWebhookConfigurationArrayOutput

func (MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutputWithContext

func (i MutatingWebhookConfigurationArray) ToMutatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationArrayOutput

type MutatingWebhookConfigurationArrayInput

type MutatingWebhookConfigurationArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationArrayOutput() MutatingWebhookConfigurationArrayOutput
	ToMutatingWebhookConfigurationArrayOutputWithContext(context.Context) MutatingWebhookConfigurationArrayOutput
}

MutatingWebhookConfigurationArrayInput is an input type that accepts MutatingWebhookConfigurationArray and MutatingWebhookConfigurationArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationArrayInput` via:

MutatingWebhookConfigurationArray{ MutatingWebhookConfigurationArgs{...} }

type MutatingWebhookConfigurationArrayOutput

type MutatingWebhookConfigurationArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationArrayOutput) ElementType

func (MutatingWebhookConfigurationArrayOutput) Index

func (MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutput

func (o MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutput() MutatingWebhookConfigurationArrayOutput

func (MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutputWithContext

func (o MutatingWebhookConfigurationArrayOutput) ToMutatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationArrayOutput

type MutatingWebhookConfigurationInput

type MutatingWebhookConfigurationInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationOutput() MutatingWebhookConfigurationOutput
	ToMutatingWebhookConfigurationOutputWithContext(ctx context.Context) MutatingWebhookConfigurationOutput
}

type MutatingWebhookConfigurationList

type MutatingWebhookConfigurationList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// List of MutatingWebhookConfiguration.
	Items MutatingWebhookConfigurationTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaOutput `pulumi:"metadata"`
}

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

func GetMutatingWebhookConfigurationList

func GetMutatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MutatingWebhookConfigurationListState, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationList, error)

GetMutatingWebhookConfigurationList gets an existing MutatingWebhookConfigurationList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMutatingWebhookConfigurationList

func NewMutatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, args *MutatingWebhookConfigurationListArgs, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationList, error)

NewMutatingWebhookConfigurationList registers a new resource with the given unique name, arguments, and options.

func (*MutatingWebhookConfigurationList) ElementType

func (*MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutput

func (i *MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutput() MutatingWebhookConfigurationListOutput

func (*MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutputWithContext

func (i *MutatingWebhookConfigurationList) ToMutatingWebhookConfigurationListOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListOutput

type MutatingWebhookConfigurationListArgs

type MutatingWebhookConfigurationListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of MutatingWebhookConfiguration.
	Items MutatingWebhookConfigurationTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a MutatingWebhookConfigurationList resource.

func (MutatingWebhookConfigurationListArgs) ElementType

type MutatingWebhookConfigurationListArray

type MutatingWebhookConfigurationListArray []MutatingWebhookConfigurationListInput

func (MutatingWebhookConfigurationListArray) ElementType

func (MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutput

func (i MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutput() MutatingWebhookConfigurationListArrayOutput

func (MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutputWithContext

func (i MutatingWebhookConfigurationListArray) ToMutatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListArrayOutput

type MutatingWebhookConfigurationListArrayInput

type MutatingWebhookConfigurationListArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListArrayOutput() MutatingWebhookConfigurationListArrayOutput
	ToMutatingWebhookConfigurationListArrayOutputWithContext(context.Context) MutatingWebhookConfigurationListArrayOutput
}

MutatingWebhookConfigurationListArrayInput is an input type that accepts MutatingWebhookConfigurationListArray and MutatingWebhookConfigurationListArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationListArrayInput` via:

MutatingWebhookConfigurationListArray{ MutatingWebhookConfigurationListArgs{...} }

type MutatingWebhookConfigurationListArrayOutput

type MutatingWebhookConfigurationListArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationListArrayOutput) ElementType

func (MutatingWebhookConfigurationListArrayOutput) Index

func (MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutput

func (o MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutput() MutatingWebhookConfigurationListArrayOutput

func (MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutputWithContext

func (o MutatingWebhookConfigurationListArrayOutput) ToMutatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListArrayOutput

type MutatingWebhookConfigurationListInput

type MutatingWebhookConfigurationListInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListOutput() MutatingWebhookConfigurationListOutput
	ToMutatingWebhookConfigurationListOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListOutput
}

type MutatingWebhookConfigurationListMap

type MutatingWebhookConfigurationListMap map[string]MutatingWebhookConfigurationListInput

func (MutatingWebhookConfigurationListMap) ElementType

func (MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutput

func (i MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutput() MutatingWebhookConfigurationListMapOutput

func (MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutputWithContext

func (i MutatingWebhookConfigurationListMap) ToMutatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListMapOutput

type MutatingWebhookConfigurationListMapInput

type MutatingWebhookConfigurationListMapInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListMapOutput() MutatingWebhookConfigurationListMapOutput
	ToMutatingWebhookConfigurationListMapOutputWithContext(context.Context) MutatingWebhookConfigurationListMapOutput
}

MutatingWebhookConfigurationListMapInput is an input type that accepts MutatingWebhookConfigurationListMap and MutatingWebhookConfigurationListMapOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationListMapInput` via:

MutatingWebhookConfigurationListMap{ "key": MutatingWebhookConfigurationListArgs{...} }

type MutatingWebhookConfigurationListMapOutput

type MutatingWebhookConfigurationListMapOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationListMapOutput) ElementType

func (MutatingWebhookConfigurationListMapOutput) MapIndex

func (MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutput

func (o MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutput() MutatingWebhookConfigurationListMapOutput

func (MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutputWithContext

func (o MutatingWebhookConfigurationListMapOutput) ToMutatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListMapOutput

type MutatingWebhookConfigurationListOutput

type MutatingWebhookConfigurationListOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationListOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationListOutput) ElementType

func (MutatingWebhookConfigurationListOutput) Items

List of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutput

func (o MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutput() MutatingWebhookConfigurationListOutput

func (MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutputWithContext

func (o MutatingWebhookConfigurationListOutput) ToMutatingWebhookConfigurationListOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListOutput

type MutatingWebhookConfigurationListState

type MutatingWebhookConfigurationListState struct {
}

func (MutatingWebhookConfigurationListState) ElementType

type MutatingWebhookConfigurationListType

type MutatingWebhookConfigurationListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of MutatingWebhookConfiguration.
	Items []MutatingWebhookConfigurationType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

type MutatingWebhookConfigurationListTypeArgs

type MutatingWebhookConfigurationListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of MutatingWebhookConfiguration.
	Items MutatingWebhookConfigurationTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListTypeArgs) ElementType

func (MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutput

func (i MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutput() MutatingWebhookConfigurationListTypeOutput

func (MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutputWithContext

func (i MutatingWebhookConfigurationListTypeArgs) ToMutatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListTypeOutput

type MutatingWebhookConfigurationListTypeInput

type MutatingWebhookConfigurationListTypeInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationListTypeOutput() MutatingWebhookConfigurationListTypeOutput
	ToMutatingWebhookConfigurationListTypeOutputWithContext(context.Context) MutatingWebhookConfigurationListTypeOutput
}

MutatingWebhookConfigurationListTypeInput is an input type that accepts MutatingWebhookConfigurationListTypeArgs and MutatingWebhookConfigurationListTypeOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationListTypeInput` via:

MutatingWebhookConfigurationListTypeArgs{...}

type MutatingWebhookConfigurationListTypeOutput

type MutatingWebhookConfigurationListTypeOutput struct{ *pulumi.OutputState }

MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationListTypeOutput) ElementType

func (MutatingWebhookConfigurationListTypeOutput) Items

List of MutatingWebhookConfiguration.

func (MutatingWebhookConfigurationListTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutput

func (o MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutput() MutatingWebhookConfigurationListTypeOutput

func (MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutputWithContext

func (o MutatingWebhookConfigurationListTypeOutput) ToMutatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationListTypeOutput

type MutatingWebhookConfigurationMap

type MutatingWebhookConfigurationMap map[string]MutatingWebhookConfigurationInput

func (MutatingWebhookConfigurationMap) ElementType

func (MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutput

func (i MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutput() MutatingWebhookConfigurationMapOutput

func (MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutputWithContext

func (i MutatingWebhookConfigurationMap) ToMutatingWebhookConfigurationMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationMapOutput

type MutatingWebhookConfigurationMapInput

type MutatingWebhookConfigurationMapInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationMapOutput() MutatingWebhookConfigurationMapOutput
	ToMutatingWebhookConfigurationMapOutputWithContext(context.Context) MutatingWebhookConfigurationMapOutput
}

MutatingWebhookConfigurationMapInput is an input type that accepts MutatingWebhookConfigurationMap and MutatingWebhookConfigurationMapOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationMapInput` via:

MutatingWebhookConfigurationMap{ "key": MutatingWebhookConfigurationArgs{...} }

type MutatingWebhookConfigurationMapOutput

type MutatingWebhookConfigurationMapOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationMapOutput) ElementType

func (MutatingWebhookConfigurationMapOutput) MapIndex

func (MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutput

func (o MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutput() MutatingWebhookConfigurationMapOutput

func (MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutputWithContext

func (o MutatingWebhookConfigurationMapOutput) ToMutatingWebhookConfigurationMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationMapOutput

type MutatingWebhookConfigurationOutput

type MutatingWebhookConfigurationOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationOutput) ElementType

func (MutatingWebhookConfigurationOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutput

func (o MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutput() MutatingWebhookConfigurationOutput

func (MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutputWithContext

func (o MutatingWebhookConfigurationOutput) ToMutatingWebhookConfigurationOutputWithContext(ctx context.Context) MutatingWebhookConfigurationOutput

func (MutatingWebhookConfigurationOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookConfigurationPatch

type MutatingWebhookConfigurationPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookPatchArrayOutput `pulumi:"webhooks"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func GetMutatingWebhookConfigurationPatch

func GetMutatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *MutatingWebhookConfigurationPatchState, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationPatch, error)

GetMutatingWebhookConfigurationPatch gets an existing MutatingWebhookConfigurationPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewMutatingWebhookConfigurationPatch

func NewMutatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, args *MutatingWebhookConfigurationPatchArgs, opts ...pulumi.ResourceOption) (*MutatingWebhookConfigurationPatch, error)

NewMutatingWebhookConfigurationPatch registers a new resource with the given unique name, arguments, and options.

func (*MutatingWebhookConfigurationPatch) ElementType

func (*MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutput

func (i *MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutput() MutatingWebhookConfigurationPatchOutput

func (*MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutputWithContext

func (i *MutatingWebhookConfigurationPatch) ToMutatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchOutput

type MutatingWebhookConfigurationPatchArgs

type MutatingWebhookConfigurationPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookPatchArrayInput
}

The set of arguments for constructing a MutatingWebhookConfigurationPatch resource.

func (MutatingWebhookConfigurationPatchArgs) ElementType

type MutatingWebhookConfigurationPatchArray

type MutatingWebhookConfigurationPatchArray []MutatingWebhookConfigurationPatchInput

func (MutatingWebhookConfigurationPatchArray) ElementType

func (MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutput

func (i MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutput() MutatingWebhookConfigurationPatchArrayOutput

func (MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutputWithContext

func (i MutatingWebhookConfigurationPatchArray) ToMutatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchArrayOutput

type MutatingWebhookConfigurationPatchArrayInput

type MutatingWebhookConfigurationPatchArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchArrayOutput() MutatingWebhookConfigurationPatchArrayOutput
	ToMutatingWebhookConfigurationPatchArrayOutputWithContext(context.Context) MutatingWebhookConfigurationPatchArrayOutput
}

MutatingWebhookConfigurationPatchArrayInput is an input type that accepts MutatingWebhookConfigurationPatchArray and MutatingWebhookConfigurationPatchArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationPatchArrayInput` via:

MutatingWebhookConfigurationPatchArray{ MutatingWebhookConfigurationPatchArgs{...} }

type MutatingWebhookConfigurationPatchArrayOutput

type MutatingWebhookConfigurationPatchArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationPatchArrayOutput) ElementType

func (MutatingWebhookConfigurationPatchArrayOutput) Index

func (MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutput

func (o MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutput() MutatingWebhookConfigurationPatchArrayOutput

func (MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutputWithContext

func (o MutatingWebhookConfigurationPatchArrayOutput) ToMutatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchArrayOutput

type MutatingWebhookConfigurationPatchInput

type MutatingWebhookConfigurationPatchInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchOutput() MutatingWebhookConfigurationPatchOutput
	ToMutatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchOutput
}

type MutatingWebhookConfigurationPatchMap

type MutatingWebhookConfigurationPatchMap map[string]MutatingWebhookConfigurationPatchInput

func (MutatingWebhookConfigurationPatchMap) ElementType

func (MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutput

func (i MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutput() MutatingWebhookConfigurationPatchMapOutput

func (MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutputWithContext

func (i MutatingWebhookConfigurationPatchMap) ToMutatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchMapOutput

type MutatingWebhookConfigurationPatchMapInput

type MutatingWebhookConfigurationPatchMapInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchMapOutput() MutatingWebhookConfigurationPatchMapOutput
	ToMutatingWebhookConfigurationPatchMapOutputWithContext(context.Context) MutatingWebhookConfigurationPatchMapOutput
}

MutatingWebhookConfigurationPatchMapInput is an input type that accepts MutatingWebhookConfigurationPatchMap and MutatingWebhookConfigurationPatchMapOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationPatchMapInput` via:

MutatingWebhookConfigurationPatchMap{ "key": MutatingWebhookConfigurationPatchArgs{...} }

type MutatingWebhookConfigurationPatchMapOutput

type MutatingWebhookConfigurationPatchMapOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationPatchMapOutput) ElementType

func (MutatingWebhookConfigurationPatchMapOutput) MapIndex

func (MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutput

func (o MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutput() MutatingWebhookConfigurationPatchMapOutput

func (MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutputWithContext

func (o MutatingWebhookConfigurationPatchMapOutput) ToMutatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchMapOutput

type MutatingWebhookConfigurationPatchOutput

type MutatingWebhookConfigurationPatchOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationPatchOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationPatchOutput) ElementType

func (MutatingWebhookConfigurationPatchOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutput

func (o MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutput() MutatingWebhookConfigurationPatchOutput

func (MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutputWithContext

func (o MutatingWebhookConfigurationPatchOutput) ToMutatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchOutput

func (MutatingWebhookConfigurationPatchOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookConfigurationPatchState

type MutatingWebhookConfigurationPatchState struct {
}

func (MutatingWebhookConfigurationPatchState) ElementType

type MutatingWebhookConfigurationPatchType

type MutatingWebhookConfigurationPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []MutatingWebhookPatch `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

type MutatingWebhookConfigurationPatchTypeArgs

type MutatingWebhookConfigurationPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookPatchArrayInput `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationPatchTypeArgs) ElementType

func (MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutput

func (i MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutput() MutatingWebhookConfigurationPatchTypeOutput

func (MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutputWithContext

func (i MutatingWebhookConfigurationPatchTypeArgs) ToMutatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchTypeOutput

type MutatingWebhookConfigurationPatchTypeInput

type MutatingWebhookConfigurationPatchTypeInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationPatchTypeOutput() MutatingWebhookConfigurationPatchTypeOutput
	ToMutatingWebhookConfigurationPatchTypeOutputWithContext(context.Context) MutatingWebhookConfigurationPatchTypeOutput
}

MutatingWebhookConfigurationPatchTypeInput is an input type that accepts MutatingWebhookConfigurationPatchTypeArgs and MutatingWebhookConfigurationPatchTypeOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationPatchTypeInput` via:

MutatingWebhookConfigurationPatchTypeArgs{...}

type MutatingWebhookConfigurationPatchTypeOutput

type MutatingWebhookConfigurationPatchTypeOutput struct{ *pulumi.OutputState }

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationPatchTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationPatchTypeOutput) ElementType

func (MutatingWebhookConfigurationPatchTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutput

func (o MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutput() MutatingWebhookConfigurationPatchTypeOutput

func (MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutputWithContext

func (o MutatingWebhookConfigurationPatchTypeOutput) ToMutatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationPatchTypeOutput

func (MutatingWebhookConfigurationPatchTypeOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookConfigurationState

type MutatingWebhookConfigurationState struct {
}

func (MutatingWebhookConfigurationState) ElementType

type MutatingWebhookConfigurationType

type MutatingWebhookConfigurationType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []MutatingWebhook `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

type MutatingWebhookConfigurationTypeArgs

type MutatingWebhookConfigurationTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks MutatingWebhookArrayInput `pulumi:"webhooks"`
}

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationTypeArgs) ElementType

func (MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutput

func (i MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutput() MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutputWithContext

func (i MutatingWebhookConfigurationTypeArgs) ToMutatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeOutput

type MutatingWebhookConfigurationTypeArray

type MutatingWebhookConfigurationTypeArray []MutatingWebhookConfigurationTypeInput

func (MutatingWebhookConfigurationTypeArray) ElementType

func (MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutput

func (i MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutput() MutatingWebhookConfigurationTypeArrayOutput

func (MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutputWithContext

func (i MutatingWebhookConfigurationTypeArray) ToMutatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeArrayOutput

type MutatingWebhookConfigurationTypeArrayInput

type MutatingWebhookConfigurationTypeArrayInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationTypeArrayOutput() MutatingWebhookConfigurationTypeArrayOutput
	ToMutatingWebhookConfigurationTypeArrayOutputWithContext(context.Context) MutatingWebhookConfigurationTypeArrayOutput
}

MutatingWebhookConfigurationTypeArrayInput is an input type that accepts MutatingWebhookConfigurationTypeArray and MutatingWebhookConfigurationTypeArrayOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationTypeArrayInput` via:

MutatingWebhookConfigurationTypeArray{ MutatingWebhookConfigurationTypeArgs{...} }

type MutatingWebhookConfigurationTypeArrayOutput

type MutatingWebhookConfigurationTypeArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookConfigurationTypeArrayOutput) ElementType

func (MutatingWebhookConfigurationTypeArrayOutput) Index

func (MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutput

func (o MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutput() MutatingWebhookConfigurationTypeArrayOutput

func (MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutputWithContext

func (o MutatingWebhookConfigurationTypeArrayOutput) ToMutatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeArrayOutput

type MutatingWebhookConfigurationTypeInput

type MutatingWebhookConfigurationTypeInput interface {
	pulumi.Input

	ToMutatingWebhookConfigurationTypeOutput() MutatingWebhookConfigurationTypeOutput
	ToMutatingWebhookConfigurationTypeOutputWithContext(context.Context) MutatingWebhookConfigurationTypeOutput
}

MutatingWebhookConfigurationTypeInput is an input type that accepts MutatingWebhookConfigurationTypeArgs and MutatingWebhookConfigurationTypeOutput values. You can construct a concrete instance of `MutatingWebhookConfigurationTypeInput` via:

MutatingWebhookConfigurationTypeArgs{...}

type MutatingWebhookConfigurationTypeOutput

type MutatingWebhookConfigurationTypeOutput struct{ *pulumi.OutputState }

MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.

func (MutatingWebhookConfigurationTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (MutatingWebhookConfigurationTypeOutput) ElementType

func (MutatingWebhookConfigurationTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (MutatingWebhookConfigurationTypeOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutput

func (o MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutput() MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutputWithContext

func (o MutatingWebhookConfigurationTypeOutput) ToMutatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) MutatingWebhookConfigurationTypeOutput

func (MutatingWebhookConfigurationTypeOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type MutatingWebhookInput

type MutatingWebhookInput interface {
	pulumi.Input

	ToMutatingWebhookOutput() MutatingWebhookOutput
	ToMutatingWebhookOutputWithContext(context.Context) MutatingWebhookOutput
}

MutatingWebhookInput is an input type that accepts MutatingWebhookArgs and MutatingWebhookOutput values. You can construct a concrete instance of `MutatingWebhookInput` via:

MutatingWebhookArgs{...}

type MutatingWebhookOutput

type MutatingWebhookOutput struct{ *pulumi.OutputState }

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookOutput) AdmissionReviewVersions

func (o MutatingWebhookOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (MutatingWebhookOutput) ClientConfig

ClientConfig defines how to communicate with the hook. Required

func (MutatingWebhookOutput) ElementType

func (MutatingWebhookOutput) ElementType() reflect.Type

func (MutatingWebhookOutput) FailurePolicy

func (o MutatingWebhookOutput) FailurePolicy() pulumi.StringPtrOutput

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (MutatingWebhookOutput) MatchConditions

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (MutatingWebhookOutput) MatchPolicy

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (MutatingWebhookOutput) Name

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (MutatingWebhookOutput) NamespaceSelector

func (o MutatingWebhookOutput) NamespaceSelector() metav1.LabelSelectorPtrOutput

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookOutput) ObjectSelector

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookOutput) ReinvocationPolicy

func (o MutatingWebhookOutput) ReinvocationPolicy() pulumi.StringPtrOutput

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".

Never: the webhook will not be called more than once in a single admission evaluation.

IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.

Defaults to "Never".

func (MutatingWebhookOutput) Rules

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (MutatingWebhookOutput) SideEffects

func (o MutatingWebhookOutput) SideEffects() pulumi.StringOutput

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (MutatingWebhookOutput) TimeoutSeconds

func (o MutatingWebhookOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (MutatingWebhookOutput) ToMutatingWebhookOutput

func (o MutatingWebhookOutput) ToMutatingWebhookOutput() MutatingWebhookOutput

func (MutatingWebhookOutput) ToMutatingWebhookOutputWithContext

func (o MutatingWebhookOutput) ToMutatingWebhookOutputWithContext(ctx context.Context) MutatingWebhookOutput

type MutatingWebhookPatch

type MutatingWebhookPatch struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig *WebhookClientConfigPatch `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions []MatchConditionPatch `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name *string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelectorPatch `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelectorPatch `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy *string `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperationsPatch `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects *string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

type MutatingWebhookPatchArgs

type MutatingWebhookPatchArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigPatchPtrInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions MatchConditionPatchArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPatchPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPatchPtrInput `pulumi:"objectSelector"`
	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".
	//
	// Never: the webhook will not be called more than once in a single admission evaluation.
	//
	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
	//
	// Defaults to "Never".
	ReinvocationPolicy pulumi.StringPtrInput `pulumi:"reinvocationPolicy"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsPatchArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringPtrInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookPatchArgs) ElementType

func (MutatingWebhookPatchArgs) ElementType() reflect.Type

func (MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutput

func (i MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutput() MutatingWebhookPatchOutput

func (MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutputWithContext

func (i MutatingWebhookPatchArgs) ToMutatingWebhookPatchOutputWithContext(ctx context.Context) MutatingWebhookPatchOutput

type MutatingWebhookPatchArray

type MutatingWebhookPatchArray []MutatingWebhookPatchInput

func (MutatingWebhookPatchArray) ElementType

func (MutatingWebhookPatchArray) ElementType() reflect.Type

func (MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutput

func (i MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutput() MutatingWebhookPatchArrayOutput

func (MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutputWithContext

func (i MutatingWebhookPatchArray) ToMutatingWebhookPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookPatchArrayOutput

type MutatingWebhookPatchArrayInput

type MutatingWebhookPatchArrayInput interface {
	pulumi.Input

	ToMutatingWebhookPatchArrayOutput() MutatingWebhookPatchArrayOutput
	ToMutatingWebhookPatchArrayOutputWithContext(context.Context) MutatingWebhookPatchArrayOutput
}

MutatingWebhookPatchArrayInput is an input type that accepts MutatingWebhookPatchArray and MutatingWebhookPatchArrayOutput values. You can construct a concrete instance of `MutatingWebhookPatchArrayInput` via:

MutatingWebhookPatchArray{ MutatingWebhookPatchArgs{...} }

type MutatingWebhookPatchArrayOutput

type MutatingWebhookPatchArrayOutput struct{ *pulumi.OutputState }

func (MutatingWebhookPatchArrayOutput) ElementType

func (MutatingWebhookPatchArrayOutput) Index

func (MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutput

func (o MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutput() MutatingWebhookPatchArrayOutput

func (MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutputWithContext

func (o MutatingWebhookPatchArrayOutput) ToMutatingWebhookPatchArrayOutputWithContext(ctx context.Context) MutatingWebhookPatchArrayOutput

type MutatingWebhookPatchInput

type MutatingWebhookPatchInput interface {
	pulumi.Input

	ToMutatingWebhookPatchOutput() MutatingWebhookPatchOutput
	ToMutatingWebhookPatchOutputWithContext(context.Context) MutatingWebhookPatchOutput
}

MutatingWebhookPatchInput is an input type that accepts MutatingWebhookPatchArgs and MutatingWebhookPatchOutput values. You can construct a concrete instance of `MutatingWebhookPatchInput` via:

MutatingWebhookPatchArgs{...}

type MutatingWebhookPatchOutput

type MutatingWebhookPatchOutput struct{ *pulumi.OutputState }

MutatingWebhook describes an admission webhook and the resources and operations it applies to.

func (MutatingWebhookPatchOutput) AdmissionReviewVersions

func (o MutatingWebhookPatchOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (MutatingWebhookPatchOutput) ClientConfig

ClientConfig defines how to communicate with the hook. Required

func (MutatingWebhookPatchOutput) ElementType

func (MutatingWebhookPatchOutput) ElementType() reflect.Type

func (MutatingWebhookPatchOutput) FailurePolicy

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (MutatingWebhookPatchOutput) MatchConditions

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (MutatingWebhookPatchOutput) MatchPolicy

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (MutatingWebhookPatchOutput) Name

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (MutatingWebhookPatchOutput) NamespaceSelector

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookPatchOutput) ObjectSelector

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (MutatingWebhookPatchOutput) ReinvocationPolicy

func (o MutatingWebhookPatchOutput) ReinvocationPolicy() pulumi.StringPtrOutput

reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are "Never" and "IfNeeded".

Never: the webhook will not be called more than once in a single admission evaluation.

IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.

Defaults to "Never".

func (MutatingWebhookPatchOutput) Rules

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (MutatingWebhookPatchOutput) SideEffects

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (MutatingWebhookPatchOutput) TimeoutSeconds

func (o MutatingWebhookPatchOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutput

func (o MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutput() MutatingWebhookPatchOutput

func (MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutputWithContext

func (o MutatingWebhookPatchOutput) ToMutatingWebhookPatchOutputWithContext(ctx context.Context) MutatingWebhookPatchOutput

type RuleWithOperations

type RuleWithOperations struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

type RuleWithOperationsArgs

type RuleWithOperationsArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsArgs) ElementType

func (RuleWithOperationsArgs) ElementType() reflect.Type

func (RuleWithOperationsArgs) ToRuleWithOperationsOutput

func (i RuleWithOperationsArgs) ToRuleWithOperationsOutput() RuleWithOperationsOutput

func (RuleWithOperationsArgs) ToRuleWithOperationsOutputWithContext

func (i RuleWithOperationsArgs) ToRuleWithOperationsOutputWithContext(ctx context.Context) RuleWithOperationsOutput

type RuleWithOperationsArray

type RuleWithOperationsArray []RuleWithOperationsInput

func (RuleWithOperationsArray) ElementType

func (RuleWithOperationsArray) ElementType() reflect.Type

func (RuleWithOperationsArray) ToRuleWithOperationsArrayOutput

func (i RuleWithOperationsArray) ToRuleWithOperationsArrayOutput() RuleWithOperationsArrayOutput

func (RuleWithOperationsArray) ToRuleWithOperationsArrayOutputWithContext

func (i RuleWithOperationsArray) ToRuleWithOperationsArrayOutputWithContext(ctx context.Context) RuleWithOperationsArrayOutput

type RuleWithOperationsArrayInput

type RuleWithOperationsArrayInput interface {
	pulumi.Input

	ToRuleWithOperationsArrayOutput() RuleWithOperationsArrayOutput
	ToRuleWithOperationsArrayOutputWithContext(context.Context) RuleWithOperationsArrayOutput
}

RuleWithOperationsArrayInput is an input type that accepts RuleWithOperationsArray and RuleWithOperationsArrayOutput values. You can construct a concrete instance of `RuleWithOperationsArrayInput` via:

RuleWithOperationsArray{ RuleWithOperationsArgs{...} }

type RuleWithOperationsArrayOutput

type RuleWithOperationsArrayOutput struct{ *pulumi.OutputState }

func (RuleWithOperationsArrayOutput) ElementType

func (RuleWithOperationsArrayOutput) Index

func (RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutput

func (o RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutput() RuleWithOperationsArrayOutput

func (RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutputWithContext

func (o RuleWithOperationsArrayOutput) ToRuleWithOperationsArrayOutputWithContext(ctx context.Context) RuleWithOperationsArrayOutput

type RuleWithOperationsInput

type RuleWithOperationsInput interface {
	pulumi.Input

	ToRuleWithOperationsOutput() RuleWithOperationsOutput
	ToRuleWithOperationsOutputWithContext(context.Context) RuleWithOperationsOutput
}

RuleWithOperationsInput is an input type that accepts RuleWithOperationsArgs and RuleWithOperationsOutput values. You can construct a concrete instance of `RuleWithOperationsInput` via:

RuleWithOperationsArgs{...}

type RuleWithOperationsOutput

type RuleWithOperationsOutput struct{ *pulumi.OutputState }

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsOutput) ApiGroups

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsOutput) ApiVersions

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsOutput) ElementType

func (RuleWithOperationsOutput) ElementType() reflect.Type

func (RuleWithOperationsOutput) Operations

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsOutput) Resources

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (RuleWithOperationsOutput) Scope

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (RuleWithOperationsOutput) ToRuleWithOperationsOutput

func (o RuleWithOperationsOutput) ToRuleWithOperationsOutput() RuleWithOperationsOutput

func (RuleWithOperationsOutput) ToRuleWithOperationsOutputWithContext

func (o RuleWithOperationsOutput) ToRuleWithOperationsOutputWithContext(ctx context.Context) RuleWithOperationsOutput

type RuleWithOperationsPatch

type RuleWithOperationsPatch struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups []string `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions []string `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations []string `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources []string `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope *string `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

type RuleWithOperationsPatchArgs

type RuleWithOperationsPatchArgs struct {
	// APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
	ApiGroups pulumi.StringArrayInput `pulumi:"apiGroups"`
	// APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.
	ApiVersions pulumi.StringArrayInput `pulumi:"apiVersions"`
	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.
	Operations pulumi.StringArrayInput `pulumi:"operations"`
	// Resources is a list of resources this rule applies to.
	//
	// For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.
	//
	// If wildcard is present, the validation rule will ensure resources do not overlap with each other.
	//
	// Depending on the enclosing object, subresources might not be allowed. Required.
	Resources pulumi.StringArrayInput `pulumi:"resources"`
	// scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".
	Scope pulumi.StringPtrInput `pulumi:"scope"`
}

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsPatchArgs) ElementType

func (RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutput

func (i RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutput() RuleWithOperationsPatchOutput

func (RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutputWithContext

func (i RuleWithOperationsPatchArgs) ToRuleWithOperationsPatchOutputWithContext(ctx context.Context) RuleWithOperationsPatchOutput

type RuleWithOperationsPatchArray

type RuleWithOperationsPatchArray []RuleWithOperationsPatchInput

func (RuleWithOperationsPatchArray) ElementType

func (RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutput

func (i RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutput() RuleWithOperationsPatchArrayOutput

func (RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutputWithContext

func (i RuleWithOperationsPatchArray) ToRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) RuleWithOperationsPatchArrayOutput

type RuleWithOperationsPatchArrayInput

type RuleWithOperationsPatchArrayInput interface {
	pulumi.Input

	ToRuleWithOperationsPatchArrayOutput() RuleWithOperationsPatchArrayOutput
	ToRuleWithOperationsPatchArrayOutputWithContext(context.Context) RuleWithOperationsPatchArrayOutput
}

RuleWithOperationsPatchArrayInput is an input type that accepts RuleWithOperationsPatchArray and RuleWithOperationsPatchArrayOutput values. You can construct a concrete instance of `RuleWithOperationsPatchArrayInput` via:

RuleWithOperationsPatchArray{ RuleWithOperationsPatchArgs{...} }

type RuleWithOperationsPatchArrayOutput

type RuleWithOperationsPatchArrayOutput struct{ *pulumi.OutputState }

func (RuleWithOperationsPatchArrayOutput) ElementType

func (RuleWithOperationsPatchArrayOutput) Index

func (RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutput

func (o RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutput() RuleWithOperationsPatchArrayOutput

func (RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutputWithContext

func (o RuleWithOperationsPatchArrayOutput) ToRuleWithOperationsPatchArrayOutputWithContext(ctx context.Context) RuleWithOperationsPatchArrayOutput

type RuleWithOperationsPatchInput

type RuleWithOperationsPatchInput interface {
	pulumi.Input

	ToRuleWithOperationsPatchOutput() RuleWithOperationsPatchOutput
	ToRuleWithOperationsPatchOutputWithContext(context.Context) RuleWithOperationsPatchOutput
}

RuleWithOperationsPatchInput is an input type that accepts RuleWithOperationsPatchArgs and RuleWithOperationsPatchOutput values. You can construct a concrete instance of `RuleWithOperationsPatchInput` via:

RuleWithOperationsPatchArgs{...}

type RuleWithOperationsPatchOutput

type RuleWithOperationsPatchOutput struct{ *pulumi.OutputState }

RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.

func (RuleWithOperationsPatchOutput) ApiGroups

APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsPatchOutput) ApiVersions

APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsPatchOutput) ElementType

func (RuleWithOperationsPatchOutput) Operations

Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.

func (RuleWithOperationsPatchOutput) Resources

Resources is a list of resources this rule applies to.

For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.

If wildcard is present, the validation rule will ensure resources do not overlap with each other.

Depending on the enclosing object, subresources might not be allowed. Required.

func (RuleWithOperationsPatchOutput) Scope

scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*".

func (RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutput

func (o RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutput() RuleWithOperationsPatchOutput

func (RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutputWithContext

func (o RuleWithOperationsPatchOutput) ToRuleWithOperationsPatchOutputWithContext(ctx context.Context) RuleWithOperationsPatchOutput

type ServiceReference

type ServiceReference struct {
	// `name` is the name of the service. Required
	Name string `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace string `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path *string `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port *int `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

type ServiceReferenceArgs

type ServiceReferenceArgs struct {
	// `name` is the name of the service. Required
	Name pulumi.StringInput `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace pulumi.StringInput `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path pulumi.StringPtrInput `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port pulumi.IntPtrInput `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferenceArgs) ElementType

func (ServiceReferenceArgs) ElementType() reflect.Type

func (ServiceReferenceArgs) ToServiceReferenceOutput

func (i ServiceReferenceArgs) ToServiceReferenceOutput() ServiceReferenceOutput

func (ServiceReferenceArgs) ToServiceReferenceOutputWithContext

func (i ServiceReferenceArgs) ToServiceReferenceOutputWithContext(ctx context.Context) ServiceReferenceOutput

func (ServiceReferenceArgs) ToServiceReferencePtrOutput

func (i ServiceReferenceArgs) ToServiceReferencePtrOutput() ServiceReferencePtrOutput

func (ServiceReferenceArgs) ToServiceReferencePtrOutputWithContext

func (i ServiceReferenceArgs) ToServiceReferencePtrOutputWithContext(ctx context.Context) ServiceReferencePtrOutput

type ServiceReferenceInput

type ServiceReferenceInput interface {
	pulumi.Input

	ToServiceReferenceOutput() ServiceReferenceOutput
	ToServiceReferenceOutputWithContext(context.Context) ServiceReferenceOutput
}

ServiceReferenceInput is an input type that accepts ServiceReferenceArgs and ServiceReferenceOutput values. You can construct a concrete instance of `ServiceReferenceInput` via:

ServiceReferenceArgs{...}

type ServiceReferenceOutput

type ServiceReferenceOutput struct{ *pulumi.OutputState }

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferenceOutput) ElementType

func (ServiceReferenceOutput) ElementType() reflect.Type

func (ServiceReferenceOutput) Name

`name` is the name of the service. Required

func (ServiceReferenceOutput) Namespace

`namespace` is the namespace of the service. Required

func (ServiceReferenceOutput) Path

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferenceOutput) Port

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferenceOutput) ToServiceReferenceOutput

func (o ServiceReferenceOutput) ToServiceReferenceOutput() ServiceReferenceOutput

func (ServiceReferenceOutput) ToServiceReferenceOutputWithContext

func (o ServiceReferenceOutput) ToServiceReferenceOutputWithContext(ctx context.Context) ServiceReferenceOutput

func (ServiceReferenceOutput) ToServiceReferencePtrOutput

func (o ServiceReferenceOutput) ToServiceReferencePtrOutput() ServiceReferencePtrOutput

func (ServiceReferenceOutput) ToServiceReferencePtrOutputWithContext

func (o ServiceReferenceOutput) ToServiceReferencePtrOutputWithContext(ctx context.Context) ServiceReferencePtrOutput

type ServiceReferencePatch

type ServiceReferencePatch struct {
	// `name` is the name of the service. Required
	Name *string `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace *string `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path *string `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port *int `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

type ServiceReferencePatchArgs

type ServiceReferencePatchArgs struct {
	// `name` is the name of the service. Required
	Name pulumi.StringPtrInput `pulumi:"name"`
	// `namespace` is the namespace of the service. Required
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// `path` is an optional URL path which will be sent in any request to this service.
	Path pulumi.StringPtrInput `pulumi:"path"`
	// If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).
	Port pulumi.IntPtrInput `pulumi:"port"`
}

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferencePatchArgs) ElementType

func (ServiceReferencePatchArgs) ElementType() reflect.Type

func (ServiceReferencePatchArgs) ToServiceReferencePatchOutput

func (i ServiceReferencePatchArgs) ToServiceReferencePatchOutput() ServiceReferencePatchOutput

func (ServiceReferencePatchArgs) ToServiceReferencePatchOutputWithContext

func (i ServiceReferencePatchArgs) ToServiceReferencePatchOutputWithContext(ctx context.Context) ServiceReferencePatchOutput

func (ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutput

func (i ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput

func (ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutputWithContext

func (i ServiceReferencePatchArgs) ToServiceReferencePatchPtrOutputWithContext(ctx context.Context) ServiceReferencePatchPtrOutput

type ServiceReferencePatchInput

type ServiceReferencePatchInput interface {
	pulumi.Input

	ToServiceReferencePatchOutput() ServiceReferencePatchOutput
	ToServiceReferencePatchOutputWithContext(context.Context) ServiceReferencePatchOutput
}

ServiceReferencePatchInput is an input type that accepts ServiceReferencePatchArgs and ServiceReferencePatchOutput values. You can construct a concrete instance of `ServiceReferencePatchInput` via:

ServiceReferencePatchArgs{...}

type ServiceReferencePatchOutput

type ServiceReferencePatchOutput struct{ *pulumi.OutputState }

ServiceReference holds a reference to Service.legacy.k8s.io

func (ServiceReferencePatchOutput) ElementType

func (ServiceReferencePatchOutput) Name

`name` is the name of the service. Required

func (ServiceReferencePatchOutput) Namespace

`namespace` is the namespace of the service. Required

func (ServiceReferencePatchOutput) Path

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferencePatchOutput) Port

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferencePatchOutput) ToServiceReferencePatchOutput

func (o ServiceReferencePatchOutput) ToServiceReferencePatchOutput() ServiceReferencePatchOutput

func (ServiceReferencePatchOutput) ToServiceReferencePatchOutputWithContext

func (o ServiceReferencePatchOutput) ToServiceReferencePatchOutputWithContext(ctx context.Context) ServiceReferencePatchOutput

func (ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutput

func (o ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput

func (ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutputWithContext

func (o ServiceReferencePatchOutput) ToServiceReferencePatchPtrOutputWithContext(ctx context.Context) ServiceReferencePatchPtrOutput

type ServiceReferencePatchPtrInput

type ServiceReferencePatchPtrInput interface {
	pulumi.Input

	ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput
	ToServiceReferencePatchPtrOutputWithContext(context.Context) ServiceReferencePatchPtrOutput
}

ServiceReferencePatchPtrInput is an input type that accepts ServiceReferencePatchArgs, ServiceReferencePatchPtr and ServiceReferencePatchPtrOutput values. You can construct a concrete instance of `ServiceReferencePatchPtrInput` via:

        ServiceReferencePatchArgs{...}

or:

        nil

type ServiceReferencePatchPtrOutput

type ServiceReferencePatchPtrOutput struct{ *pulumi.OutputState }

func (ServiceReferencePatchPtrOutput) Elem

func (ServiceReferencePatchPtrOutput) ElementType

func (ServiceReferencePatchPtrOutput) Name

`name` is the name of the service. Required

func (ServiceReferencePatchPtrOutput) Namespace

`namespace` is the namespace of the service. Required

func (ServiceReferencePatchPtrOutput) Path

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferencePatchPtrOutput) Port

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutput

func (o ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutput() ServiceReferencePatchPtrOutput

func (ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutputWithContext

func (o ServiceReferencePatchPtrOutput) ToServiceReferencePatchPtrOutputWithContext(ctx context.Context) ServiceReferencePatchPtrOutput

type ServiceReferencePtrInput

type ServiceReferencePtrInput interface {
	pulumi.Input

	ToServiceReferencePtrOutput() ServiceReferencePtrOutput
	ToServiceReferencePtrOutputWithContext(context.Context) ServiceReferencePtrOutput
}

ServiceReferencePtrInput is an input type that accepts ServiceReferenceArgs, ServiceReferencePtr and ServiceReferencePtrOutput values. You can construct a concrete instance of `ServiceReferencePtrInput` via:

        ServiceReferenceArgs{...}

or:

        nil

type ServiceReferencePtrOutput

type ServiceReferencePtrOutput struct{ *pulumi.OutputState }

func (ServiceReferencePtrOutput) Elem

func (ServiceReferencePtrOutput) ElementType

func (ServiceReferencePtrOutput) ElementType() reflect.Type

func (ServiceReferencePtrOutput) Name

`name` is the name of the service. Required

func (ServiceReferencePtrOutput) Namespace

`namespace` is the namespace of the service. Required

func (ServiceReferencePtrOutput) Path

`path` is an optional URL path which will be sent in any request to this service.

func (ServiceReferencePtrOutput) Port

If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).

func (ServiceReferencePtrOutput) ToServiceReferencePtrOutput

func (o ServiceReferencePtrOutput) ToServiceReferencePtrOutput() ServiceReferencePtrOutput

func (ServiceReferencePtrOutput) ToServiceReferencePtrOutputWithContext

func (o ServiceReferencePtrOutput) ToServiceReferencePtrOutputWithContext(ctx context.Context) ServiceReferencePtrOutput

type ValidatingWebhook

type ValidatingWebhook struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfig `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions []MatchCondition `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelector `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelector `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperations `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

type ValidatingWebhookArgs

type ValidatingWebhookArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions MatchConditionArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPtrInput `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookArgs) ElementType

func (ValidatingWebhookArgs) ElementType() reflect.Type

func (ValidatingWebhookArgs) ToValidatingWebhookOutput

func (i ValidatingWebhookArgs) ToValidatingWebhookOutput() ValidatingWebhookOutput

func (ValidatingWebhookArgs) ToValidatingWebhookOutputWithContext

func (i ValidatingWebhookArgs) ToValidatingWebhookOutputWithContext(ctx context.Context) ValidatingWebhookOutput

type ValidatingWebhookArray

type ValidatingWebhookArray []ValidatingWebhookInput

func (ValidatingWebhookArray) ElementType

func (ValidatingWebhookArray) ElementType() reflect.Type

func (ValidatingWebhookArray) ToValidatingWebhookArrayOutput

func (i ValidatingWebhookArray) ToValidatingWebhookArrayOutput() ValidatingWebhookArrayOutput

func (ValidatingWebhookArray) ToValidatingWebhookArrayOutputWithContext

func (i ValidatingWebhookArray) ToValidatingWebhookArrayOutputWithContext(ctx context.Context) ValidatingWebhookArrayOutput

type ValidatingWebhookArrayInput

type ValidatingWebhookArrayInput interface {
	pulumi.Input

	ToValidatingWebhookArrayOutput() ValidatingWebhookArrayOutput
	ToValidatingWebhookArrayOutputWithContext(context.Context) ValidatingWebhookArrayOutput
}

ValidatingWebhookArrayInput is an input type that accepts ValidatingWebhookArray and ValidatingWebhookArrayOutput values. You can construct a concrete instance of `ValidatingWebhookArrayInput` via:

ValidatingWebhookArray{ ValidatingWebhookArgs{...} }

type ValidatingWebhookArrayOutput

type ValidatingWebhookArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookArrayOutput) ElementType

func (ValidatingWebhookArrayOutput) Index

func (ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutput

func (o ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutput() ValidatingWebhookArrayOutput

func (ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutputWithContext

func (o ValidatingWebhookArrayOutput) ToValidatingWebhookArrayOutputWithContext(ctx context.Context) ValidatingWebhookArrayOutput

type ValidatingWebhookConfiguration

type ValidatingWebhookConfiguration struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookArrayOutput `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func GetValidatingWebhookConfiguration

func GetValidatingWebhookConfiguration(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingWebhookConfigurationState, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfiguration, error)

GetValidatingWebhookConfiguration gets an existing ValidatingWebhookConfiguration resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingWebhookConfiguration

func NewValidatingWebhookConfiguration(ctx *pulumi.Context,
	name string, args *ValidatingWebhookConfigurationArgs, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfiguration, error)

NewValidatingWebhookConfiguration registers a new resource with the given unique name, arguments, and options.

func (*ValidatingWebhookConfiguration) ElementType

func (*ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutput

func (i *ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutput() ValidatingWebhookConfigurationOutput

func (*ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutputWithContext

func (i *ValidatingWebhookConfiguration) ToValidatingWebhookConfigurationOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationOutput

type ValidatingWebhookConfigurationArgs

type ValidatingWebhookConfigurationArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookArrayInput
}

The set of arguments for constructing a ValidatingWebhookConfiguration resource.

func (ValidatingWebhookConfigurationArgs) ElementType

type ValidatingWebhookConfigurationArray

type ValidatingWebhookConfigurationArray []ValidatingWebhookConfigurationInput

func (ValidatingWebhookConfigurationArray) ElementType

func (ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutput

func (i ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutput() ValidatingWebhookConfigurationArrayOutput

func (ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutputWithContext

func (i ValidatingWebhookConfigurationArray) ToValidatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationArrayOutput

type ValidatingWebhookConfigurationArrayInput

type ValidatingWebhookConfigurationArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationArrayOutput() ValidatingWebhookConfigurationArrayOutput
	ToValidatingWebhookConfigurationArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationArrayOutput
}

ValidatingWebhookConfigurationArrayInput is an input type that accepts ValidatingWebhookConfigurationArray and ValidatingWebhookConfigurationArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationArrayInput` via:

ValidatingWebhookConfigurationArray{ ValidatingWebhookConfigurationArgs{...} }

type ValidatingWebhookConfigurationArrayOutput

type ValidatingWebhookConfigurationArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationArrayOutput) ElementType

func (ValidatingWebhookConfigurationArrayOutput) Index

func (ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutput

func (o ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutput() ValidatingWebhookConfigurationArrayOutput

func (ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutputWithContext

func (o ValidatingWebhookConfigurationArrayOutput) ToValidatingWebhookConfigurationArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationArrayOutput

type ValidatingWebhookConfigurationInput

type ValidatingWebhookConfigurationInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationOutput() ValidatingWebhookConfigurationOutput
	ToValidatingWebhookConfigurationOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationOutput
}

type ValidatingWebhookConfigurationList

type ValidatingWebhookConfigurationList struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringOutput `pulumi:"apiVersion"`
	// List of ValidatingWebhookConfiguration.
	Items ValidatingWebhookConfigurationTypeArrayOutput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringOutput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaOutput `pulumi:"metadata"`
}

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

func GetValidatingWebhookConfigurationList

func GetValidatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingWebhookConfigurationListState, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationList, error)

GetValidatingWebhookConfigurationList gets an existing ValidatingWebhookConfigurationList resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingWebhookConfigurationList

func NewValidatingWebhookConfigurationList(ctx *pulumi.Context,
	name string, args *ValidatingWebhookConfigurationListArgs, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationList, error)

NewValidatingWebhookConfigurationList registers a new resource with the given unique name, arguments, and options.

func (*ValidatingWebhookConfigurationList) ElementType

func (*ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutput

func (i *ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutput() ValidatingWebhookConfigurationListOutput

func (*ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutputWithContext

func (i *ValidatingWebhookConfigurationList) ToValidatingWebhookConfigurationListOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListOutput

type ValidatingWebhookConfigurationListArgs

type ValidatingWebhookConfigurationListArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// List of ValidatingWebhookConfiguration.
	Items ValidatingWebhookConfigurationTypeArrayInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput
}

The set of arguments for constructing a ValidatingWebhookConfigurationList resource.

func (ValidatingWebhookConfigurationListArgs) ElementType

type ValidatingWebhookConfigurationListArray

type ValidatingWebhookConfigurationListArray []ValidatingWebhookConfigurationListInput

func (ValidatingWebhookConfigurationListArray) ElementType

func (ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutput

func (i ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutput() ValidatingWebhookConfigurationListArrayOutput

func (ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutputWithContext

func (i ValidatingWebhookConfigurationListArray) ToValidatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListArrayOutput

type ValidatingWebhookConfigurationListArrayInput

type ValidatingWebhookConfigurationListArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListArrayOutput() ValidatingWebhookConfigurationListArrayOutput
	ToValidatingWebhookConfigurationListArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationListArrayOutput
}

ValidatingWebhookConfigurationListArrayInput is an input type that accepts ValidatingWebhookConfigurationListArray and ValidatingWebhookConfigurationListArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationListArrayInput` via:

ValidatingWebhookConfigurationListArray{ ValidatingWebhookConfigurationListArgs{...} }

type ValidatingWebhookConfigurationListArrayOutput

type ValidatingWebhookConfigurationListArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationListArrayOutput) ElementType

func (ValidatingWebhookConfigurationListArrayOutput) Index

func (ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutput

func (o ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutput() ValidatingWebhookConfigurationListArrayOutput

func (ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutputWithContext

func (o ValidatingWebhookConfigurationListArrayOutput) ToValidatingWebhookConfigurationListArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListArrayOutput

type ValidatingWebhookConfigurationListInput

type ValidatingWebhookConfigurationListInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListOutput() ValidatingWebhookConfigurationListOutput
	ToValidatingWebhookConfigurationListOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListOutput
}

type ValidatingWebhookConfigurationListMap

type ValidatingWebhookConfigurationListMap map[string]ValidatingWebhookConfigurationListInput

func (ValidatingWebhookConfigurationListMap) ElementType

func (ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutput

func (i ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutput() ValidatingWebhookConfigurationListMapOutput

func (ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutputWithContext

func (i ValidatingWebhookConfigurationListMap) ToValidatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListMapOutput

type ValidatingWebhookConfigurationListMapInput

type ValidatingWebhookConfigurationListMapInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListMapOutput() ValidatingWebhookConfigurationListMapOutput
	ToValidatingWebhookConfigurationListMapOutputWithContext(context.Context) ValidatingWebhookConfigurationListMapOutput
}

ValidatingWebhookConfigurationListMapInput is an input type that accepts ValidatingWebhookConfigurationListMap and ValidatingWebhookConfigurationListMapOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationListMapInput` via:

ValidatingWebhookConfigurationListMap{ "key": ValidatingWebhookConfigurationListArgs{...} }

type ValidatingWebhookConfigurationListMapOutput

type ValidatingWebhookConfigurationListMapOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationListMapOutput) ElementType

func (ValidatingWebhookConfigurationListMapOutput) MapIndex

func (ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutput

func (o ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutput() ValidatingWebhookConfigurationListMapOutput

func (ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutputWithContext

func (o ValidatingWebhookConfigurationListMapOutput) ToValidatingWebhookConfigurationListMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListMapOutput

type ValidatingWebhookConfigurationListOutput

type ValidatingWebhookConfigurationListOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationListOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationListOutput) ElementType

func (ValidatingWebhookConfigurationListOutput) Items

List of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListOutput) Metadata

Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutput

func (o ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutput() ValidatingWebhookConfigurationListOutput

func (ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutputWithContext

func (o ValidatingWebhookConfigurationListOutput) ToValidatingWebhookConfigurationListOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListOutput

type ValidatingWebhookConfigurationListState

type ValidatingWebhookConfigurationListState struct {
}

func (ValidatingWebhookConfigurationListState) ElementType

type ValidatingWebhookConfigurationListType

type ValidatingWebhookConfigurationListType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// List of ValidatingWebhookConfiguration.
	Items []ValidatingWebhookConfigurationType `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata *metav1.ListMeta `pulumi:"metadata"`
}

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

type ValidatingWebhookConfigurationListTypeArgs

type ValidatingWebhookConfigurationListTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// List of ValidatingWebhookConfiguration.
	Items ValidatingWebhookConfigurationTypeArrayInput `pulumi:"items"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Metadata metav1.ListMetaPtrInput `pulumi:"metadata"`
}

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListTypeArgs) ElementType

func (ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutput

func (i ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutput() ValidatingWebhookConfigurationListTypeOutput

func (ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutputWithContext

func (i ValidatingWebhookConfigurationListTypeArgs) ToValidatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListTypeOutput

type ValidatingWebhookConfigurationListTypeInput

type ValidatingWebhookConfigurationListTypeInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationListTypeOutput() ValidatingWebhookConfigurationListTypeOutput
	ToValidatingWebhookConfigurationListTypeOutputWithContext(context.Context) ValidatingWebhookConfigurationListTypeOutput
}

ValidatingWebhookConfigurationListTypeInput is an input type that accepts ValidatingWebhookConfigurationListTypeArgs and ValidatingWebhookConfigurationListTypeOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationListTypeInput` via:

ValidatingWebhookConfigurationListTypeArgs{...}

type ValidatingWebhookConfigurationListTypeOutput

type ValidatingWebhookConfigurationListTypeOutput struct{ *pulumi.OutputState }

ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationListTypeOutput) ElementType

func (ValidatingWebhookConfigurationListTypeOutput) Items

List of ValidatingWebhookConfiguration.

func (ValidatingWebhookConfigurationListTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutput

func (o ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutput() ValidatingWebhookConfigurationListTypeOutput

func (ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutputWithContext

func (o ValidatingWebhookConfigurationListTypeOutput) ToValidatingWebhookConfigurationListTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationListTypeOutput

type ValidatingWebhookConfigurationMap

type ValidatingWebhookConfigurationMap map[string]ValidatingWebhookConfigurationInput

func (ValidatingWebhookConfigurationMap) ElementType

func (ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutput

func (i ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutput() ValidatingWebhookConfigurationMapOutput

func (ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutputWithContext

func (i ValidatingWebhookConfigurationMap) ToValidatingWebhookConfigurationMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationMapOutput

type ValidatingWebhookConfigurationMapInput

type ValidatingWebhookConfigurationMapInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationMapOutput() ValidatingWebhookConfigurationMapOutput
	ToValidatingWebhookConfigurationMapOutputWithContext(context.Context) ValidatingWebhookConfigurationMapOutput
}

ValidatingWebhookConfigurationMapInput is an input type that accepts ValidatingWebhookConfigurationMap and ValidatingWebhookConfigurationMapOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationMapInput` via:

ValidatingWebhookConfigurationMap{ "key": ValidatingWebhookConfigurationArgs{...} }

type ValidatingWebhookConfigurationMapOutput

type ValidatingWebhookConfigurationMapOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationMapOutput) ElementType

func (ValidatingWebhookConfigurationMapOutput) MapIndex

func (ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutput

func (o ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutput() ValidatingWebhookConfigurationMapOutput

func (ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutputWithContext

func (o ValidatingWebhookConfigurationMapOutput) ToValidatingWebhookConfigurationMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationMapOutput

type ValidatingWebhookConfigurationOutput

type ValidatingWebhookConfigurationOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationOutput) ElementType

func (ValidatingWebhookConfigurationOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutput

func (o ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutput() ValidatingWebhookConfigurationOutput

func (ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutputWithContext

func (o ValidatingWebhookConfigurationOutput) ToValidatingWebhookConfigurationOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationOutput

func (ValidatingWebhookConfigurationOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookConfigurationPatch

type ValidatingWebhookConfigurationPatch struct {
	pulumi.CustomResourceState

	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrOutput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrOutput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrOutput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookPatchArrayOutput `pulumi:"webhooks"`
}

Patch resources are used to modify existing Kubernetes resources by using Server-Side Apply updates. The name of the resource must be specified, but all other properties are optional. More than one patch may be applied to the same resource, and a random FieldManager name will be used for each Patch resource. Conflicts will result in an error by default, but can be forced using the "pulumi.com/patchForce" annotation. See the [Server-Side Apply Docs](https://www.pulumi.com/registry/packages/kubernetes/how-to-guides/managing-resources-with-server-side-apply/) for additional information about using Server-Side Apply to manage Kubernetes resources with Pulumi. ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func GetValidatingWebhookConfigurationPatch

func GetValidatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ValidatingWebhookConfigurationPatchState, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationPatch, error)

GetValidatingWebhookConfigurationPatch gets an existing ValidatingWebhookConfigurationPatch resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewValidatingWebhookConfigurationPatch

func NewValidatingWebhookConfigurationPatch(ctx *pulumi.Context,
	name string, args *ValidatingWebhookConfigurationPatchArgs, opts ...pulumi.ResourceOption) (*ValidatingWebhookConfigurationPatch, error)

NewValidatingWebhookConfigurationPatch registers a new resource with the given unique name, arguments, and options.

func (*ValidatingWebhookConfigurationPatch) ElementType

func (*ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutput

func (i *ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutput() ValidatingWebhookConfigurationPatchOutput

func (*ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutputWithContext

func (i *ValidatingWebhookConfigurationPatch) ToValidatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchOutput

type ValidatingWebhookConfigurationPatchArgs

type ValidatingWebhookConfigurationPatchArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookPatchArrayInput
}

The set of arguments for constructing a ValidatingWebhookConfigurationPatch resource.

func (ValidatingWebhookConfigurationPatchArgs) ElementType

type ValidatingWebhookConfigurationPatchArray

type ValidatingWebhookConfigurationPatchArray []ValidatingWebhookConfigurationPatchInput

func (ValidatingWebhookConfigurationPatchArray) ElementType

func (ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutput

func (i ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutput() ValidatingWebhookConfigurationPatchArrayOutput

func (ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutputWithContext

func (i ValidatingWebhookConfigurationPatchArray) ToValidatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchArrayOutput

type ValidatingWebhookConfigurationPatchArrayInput

type ValidatingWebhookConfigurationPatchArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchArrayOutput() ValidatingWebhookConfigurationPatchArrayOutput
	ToValidatingWebhookConfigurationPatchArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationPatchArrayOutput
}

ValidatingWebhookConfigurationPatchArrayInput is an input type that accepts ValidatingWebhookConfigurationPatchArray and ValidatingWebhookConfigurationPatchArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationPatchArrayInput` via:

ValidatingWebhookConfigurationPatchArray{ ValidatingWebhookConfigurationPatchArgs{...} }

type ValidatingWebhookConfigurationPatchArrayOutput

type ValidatingWebhookConfigurationPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationPatchArrayOutput) ElementType

func (ValidatingWebhookConfigurationPatchArrayOutput) Index

func (ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutput

func (o ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutput() ValidatingWebhookConfigurationPatchArrayOutput

func (ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutputWithContext

func (o ValidatingWebhookConfigurationPatchArrayOutput) ToValidatingWebhookConfigurationPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchArrayOutput

type ValidatingWebhookConfigurationPatchInput

type ValidatingWebhookConfigurationPatchInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchOutput() ValidatingWebhookConfigurationPatchOutput
	ToValidatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchOutput
}

type ValidatingWebhookConfigurationPatchMap

type ValidatingWebhookConfigurationPatchMap map[string]ValidatingWebhookConfigurationPatchInput

func (ValidatingWebhookConfigurationPatchMap) ElementType

func (ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutput

func (i ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutput() ValidatingWebhookConfigurationPatchMapOutput

func (ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutputWithContext

func (i ValidatingWebhookConfigurationPatchMap) ToValidatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchMapOutput

type ValidatingWebhookConfigurationPatchMapInput

type ValidatingWebhookConfigurationPatchMapInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchMapOutput() ValidatingWebhookConfigurationPatchMapOutput
	ToValidatingWebhookConfigurationPatchMapOutputWithContext(context.Context) ValidatingWebhookConfigurationPatchMapOutput
}

ValidatingWebhookConfigurationPatchMapInput is an input type that accepts ValidatingWebhookConfigurationPatchMap and ValidatingWebhookConfigurationPatchMapOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationPatchMapInput` via:

ValidatingWebhookConfigurationPatchMap{ "key": ValidatingWebhookConfigurationPatchArgs{...} }

type ValidatingWebhookConfigurationPatchMapOutput

type ValidatingWebhookConfigurationPatchMapOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationPatchMapOutput) ElementType

func (ValidatingWebhookConfigurationPatchMapOutput) MapIndex

func (ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutput

func (o ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutput() ValidatingWebhookConfigurationPatchMapOutput

func (ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutputWithContext

func (o ValidatingWebhookConfigurationPatchMapOutput) ToValidatingWebhookConfigurationPatchMapOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchMapOutput

type ValidatingWebhookConfigurationPatchOutput

type ValidatingWebhookConfigurationPatchOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationPatchOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationPatchOutput) ElementType

func (ValidatingWebhookConfigurationPatchOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutput

func (o ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutput() ValidatingWebhookConfigurationPatchOutput

func (ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutputWithContext

func (o ValidatingWebhookConfigurationPatchOutput) ToValidatingWebhookConfigurationPatchOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchOutput

func (ValidatingWebhookConfigurationPatchOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookConfigurationPatchState

type ValidatingWebhookConfigurationPatchState struct {
}

func (ValidatingWebhookConfigurationPatchState) ElementType

type ValidatingWebhookConfigurationPatchType

type ValidatingWebhookConfigurationPatchType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMetaPatch `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []ValidatingWebhookPatch `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

type ValidatingWebhookConfigurationPatchTypeArgs

type ValidatingWebhookConfigurationPatchTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPatchPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookPatchArrayInput `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationPatchTypeArgs) ElementType

func (ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutput

func (i ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutput() ValidatingWebhookConfigurationPatchTypeOutput

func (ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutputWithContext

func (i ValidatingWebhookConfigurationPatchTypeArgs) ToValidatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchTypeOutput

type ValidatingWebhookConfigurationPatchTypeInput

type ValidatingWebhookConfigurationPatchTypeInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationPatchTypeOutput() ValidatingWebhookConfigurationPatchTypeOutput
	ToValidatingWebhookConfigurationPatchTypeOutputWithContext(context.Context) ValidatingWebhookConfigurationPatchTypeOutput
}

ValidatingWebhookConfigurationPatchTypeInput is an input type that accepts ValidatingWebhookConfigurationPatchTypeArgs and ValidatingWebhookConfigurationPatchTypeOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationPatchTypeInput` via:

ValidatingWebhookConfigurationPatchTypeArgs{...}

type ValidatingWebhookConfigurationPatchTypeOutput

type ValidatingWebhookConfigurationPatchTypeOutput struct{ *pulumi.OutputState }

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationPatchTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationPatchTypeOutput) ElementType

func (ValidatingWebhookConfigurationPatchTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationPatchTypeOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutput

func (o ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutput() ValidatingWebhookConfigurationPatchTypeOutput

func (ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutputWithContext

func (o ValidatingWebhookConfigurationPatchTypeOutput) ToValidatingWebhookConfigurationPatchTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationPatchTypeOutput

func (ValidatingWebhookConfigurationPatchTypeOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookConfigurationState

type ValidatingWebhookConfigurationState struct {
}

func (ValidatingWebhookConfigurationState) ElementType

type ValidatingWebhookConfigurationType

type ValidatingWebhookConfigurationType struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion *string `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind *string `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata *metav1.ObjectMeta `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks []ValidatingWebhook `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

type ValidatingWebhookConfigurationTypeArgs

type ValidatingWebhookConfigurationTypeArgs struct {
	// APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
	ApiVersion pulumi.StringPtrInput `pulumi:"apiVersion"`
	// Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
	Kind pulumi.StringPtrInput `pulumi:"kind"`
	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
	Metadata metav1.ObjectMetaPtrInput `pulumi:"metadata"`
	// Webhooks is a list of webhooks and the affected resources and operations.
	Webhooks ValidatingWebhookArrayInput `pulumi:"webhooks"`
}

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationTypeArgs) ElementType

func (ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutput

func (i ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutput() ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutputWithContext

func (i ValidatingWebhookConfigurationTypeArgs) ToValidatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeOutput

type ValidatingWebhookConfigurationTypeArray

type ValidatingWebhookConfigurationTypeArray []ValidatingWebhookConfigurationTypeInput

func (ValidatingWebhookConfigurationTypeArray) ElementType

func (ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutput

func (i ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutput() ValidatingWebhookConfigurationTypeArrayOutput

func (ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutputWithContext

func (i ValidatingWebhookConfigurationTypeArray) ToValidatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeArrayOutput

type ValidatingWebhookConfigurationTypeArrayInput

type ValidatingWebhookConfigurationTypeArrayInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationTypeArrayOutput() ValidatingWebhookConfigurationTypeArrayOutput
	ToValidatingWebhookConfigurationTypeArrayOutputWithContext(context.Context) ValidatingWebhookConfigurationTypeArrayOutput
}

ValidatingWebhookConfigurationTypeArrayInput is an input type that accepts ValidatingWebhookConfigurationTypeArray and ValidatingWebhookConfigurationTypeArrayOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationTypeArrayInput` via:

ValidatingWebhookConfigurationTypeArray{ ValidatingWebhookConfigurationTypeArgs{...} }

type ValidatingWebhookConfigurationTypeArrayOutput

type ValidatingWebhookConfigurationTypeArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookConfigurationTypeArrayOutput) ElementType

func (ValidatingWebhookConfigurationTypeArrayOutput) Index

func (ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutput

func (o ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutput() ValidatingWebhookConfigurationTypeArrayOutput

func (ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutputWithContext

func (o ValidatingWebhookConfigurationTypeArrayOutput) ToValidatingWebhookConfigurationTypeArrayOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeArrayOutput

type ValidatingWebhookConfigurationTypeInput

type ValidatingWebhookConfigurationTypeInput interface {
	pulumi.Input

	ToValidatingWebhookConfigurationTypeOutput() ValidatingWebhookConfigurationTypeOutput
	ToValidatingWebhookConfigurationTypeOutputWithContext(context.Context) ValidatingWebhookConfigurationTypeOutput
}

ValidatingWebhookConfigurationTypeInput is an input type that accepts ValidatingWebhookConfigurationTypeArgs and ValidatingWebhookConfigurationTypeOutput values. You can construct a concrete instance of `ValidatingWebhookConfigurationTypeInput` via:

ValidatingWebhookConfigurationTypeArgs{...}

type ValidatingWebhookConfigurationTypeOutput

type ValidatingWebhookConfigurationTypeOutput struct{ *pulumi.OutputState }

ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.

func (ValidatingWebhookConfigurationTypeOutput) ApiVersion

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

func (ValidatingWebhookConfigurationTypeOutput) ElementType

func (ValidatingWebhookConfigurationTypeOutput) Kind

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

func (ValidatingWebhookConfigurationTypeOutput) Metadata

Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.

func (ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutput

func (o ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutput() ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutputWithContext

func (o ValidatingWebhookConfigurationTypeOutput) ToValidatingWebhookConfigurationTypeOutputWithContext(ctx context.Context) ValidatingWebhookConfigurationTypeOutput

func (ValidatingWebhookConfigurationTypeOutput) Webhooks

Webhooks is a list of webhooks and the affected resources and operations.

type ValidatingWebhookInput

type ValidatingWebhookInput interface {
	pulumi.Input

	ToValidatingWebhookOutput() ValidatingWebhookOutput
	ToValidatingWebhookOutputWithContext(context.Context) ValidatingWebhookOutput
}

ValidatingWebhookInput is an input type that accepts ValidatingWebhookArgs and ValidatingWebhookOutput values. You can construct a concrete instance of `ValidatingWebhookInput` via:

ValidatingWebhookArgs{...}

type ValidatingWebhookOutput

type ValidatingWebhookOutput struct{ *pulumi.OutputState }

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookOutput) AdmissionReviewVersions

func (o ValidatingWebhookOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (ValidatingWebhookOutput) ClientConfig

ClientConfig defines how to communicate with the hook. Required

func (ValidatingWebhookOutput) ElementType

func (ValidatingWebhookOutput) ElementType() reflect.Type

func (ValidatingWebhookOutput) FailurePolicy

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingWebhookOutput) MatchConditions

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (ValidatingWebhookOutput) MatchPolicy

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (ValidatingWebhookOutput) Name

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (ValidatingWebhookOutput) NamespaceSelector

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookOutput) ObjectSelector

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookOutput) Rules

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (ValidatingWebhookOutput) SideEffects

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (ValidatingWebhookOutput) TimeoutSeconds

func (o ValidatingWebhookOutput) TimeoutSeconds() pulumi.IntPtrOutput

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (ValidatingWebhookOutput) ToValidatingWebhookOutput

func (o ValidatingWebhookOutput) ToValidatingWebhookOutput() ValidatingWebhookOutput

func (ValidatingWebhookOutput) ToValidatingWebhookOutputWithContext

func (o ValidatingWebhookOutput) ToValidatingWebhookOutputWithContext(ctx context.Context) ValidatingWebhookOutput

type ValidatingWebhookPatch

type ValidatingWebhookPatch struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions []string `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig *WebhookClientConfigPatch `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy *string `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions []MatchConditionPatch `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy *string `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name *string `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector *metav1.LabelSelectorPatch `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector *metav1.LabelSelectorPatch `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules []RuleWithOperationsPatch `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects *string `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds *int `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

type ValidatingWebhookPatchArgs

type ValidatingWebhookPatchArgs struct {
	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.
	AdmissionReviewVersions pulumi.StringArrayInput `pulumi:"admissionReviewVersions"`
	// ClientConfig defines how to communicate with the hook. Required
	ClientConfig WebhookClientConfigPatchPtrInput `pulumi:"clientConfig"`
	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.
	FailurePolicy pulumi.StringPtrInput `pulumi:"failurePolicy"`
	// MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.
	//
	// The exact matching logic is (in order):
	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
	//   3. If any matchCondition evaluates to an error (but none are FALSE):
	//      - If failurePolicy=Fail, reject the request
	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
	//
	// This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.
	MatchConditions MatchConditionPatchArrayInput `pulumi:"matchConditions"`
	// matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".
	//
	// - Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
	//
	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
	//
	// Defaults to "Equivalent"
	MatchPolicy pulumi.StringPtrInput `pulumi:"matchPolicy"`
	// The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.
	Name pulumi.StringPtrInput `pulumi:"name"`
	// NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.
	//
	// For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "runlevel",
	//       "operator": "NotIn",
	//       "values": [
	//         "0",
	//         "1"
	//       ]
	//     }
	//   ]
	// }
	//
	// If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
	//   "matchExpressions": [
	//     {
	//       "key": "environment",
	//       "operator": "In",
	//       "values": [
	//         "prod",
	//         "staging"
	//       ]
	//     }
	//   ]
	// }
	//
	// See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
	//
	// Default to the empty LabelSelector, which matches everything.
	NamespaceSelector metav1.LabelSelectorPatchPtrInput `pulumi:"namespaceSelector"`
	// ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.
	ObjectSelector metav1.LabelSelectorPatchPtrInput `pulumi:"objectSelector"`
	// Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
	Rules RuleWithOperationsPatchArrayInput `pulumi:"rules"`
	// SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.
	SideEffects pulumi.StringPtrInput `pulumi:"sideEffects"`
	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.
	TimeoutSeconds pulumi.IntPtrInput `pulumi:"timeoutSeconds"`
}

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookPatchArgs) ElementType

func (ValidatingWebhookPatchArgs) ElementType() reflect.Type

func (ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutput

func (i ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutput() ValidatingWebhookPatchOutput

func (ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutputWithContext

func (i ValidatingWebhookPatchArgs) ToValidatingWebhookPatchOutputWithContext(ctx context.Context) ValidatingWebhookPatchOutput

type ValidatingWebhookPatchArray

type ValidatingWebhookPatchArray []ValidatingWebhookPatchInput

func (ValidatingWebhookPatchArray) ElementType

func (ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutput

func (i ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutput() ValidatingWebhookPatchArrayOutput

func (ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutputWithContext

func (i ValidatingWebhookPatchArray) ToValidatingWebhookPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookPatchArrayOutput

type ValidatingWebhookPatchArrayInput

type ValidatingWebhookPatchArrayInput interface {
	pulumi.Input

	ToValidatingWebhookPatchArrayOutput() ValidatingWebhookPatchArrayOutput
	ToValidatingWebhookPatchArrayOutputWithContext(context.Context) ValidatingWebhookPatchArrayOutput
}

ValidatingWebhookPatchArrayInput is an input type that accepts ValidatingWebhookPatchArray and ValidatingWebhookPatchArrayOutput values. You can construct a concrete instance of `ValidatingWebhookPatchArrayInput` via:

ValidatingWebhookPatchArray{ ValidatingWebhookPatchArgs{...} }

type ValidatingWebhookPatchArrayOutput

type ValidatingWebhookPatchArrayOutput struct{ *pulumi.OutputState }

func (ValidatingWebhookPatchArrayOutput) ElementType

func (ValidatingWebhookPatchArrayOutput) Index

func (ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutput

func (o ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutput() ValidatingWebhookPatchArrayOutput

func (ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutputWithContext

func (o ValidatingWebhookPatchArrayOutput) ToValidatingWebhookPatchArrayOutputWithContext(ctx context.Context) ValidatingWebhookPatchArrayOutput

type ValidatingWebhookPatchInput

type ValidatingWebhookPatchInput interface {
	pulumi.Input

	ToValidatingWebhookPatchOutput() ValidatingWebhookPatchOutput
	ToValidatingWebhookPatchOutputWithContext(context.Context) ValidatingWebhookPatchOutput
}

ValidatingWebhookPatchInput is an input type that accepts ValidatingWebhookPatchArgs and ValidatingWebhookPatchOutput values. You can construct a concrete instance of `ValidatingWebhookPatchInput` via:

ValidatingWebhookPatchArgs{...}

type ValidatingWebhookPatchOutput

type ValidatingWebhookPatchOutput struct{ *pulumi.OutputState }

ValidatingWebhook describes an admission webhook and the resources and operations it applies to.

func (ValidatingWebhookPatchOutput) AdmissionReviewVersions

func (o ValidatingWebhookPatchOutput) AdmissionReviewVersions() pulumi.StringArrayOutput

AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.

func (ValidatingWebhookPatchOutput) ClientConfig

ClientConfig defines how to communicate with the hook. Required

func (ValidatingWebhookPatchOutput) ElementType

func (ValidatingWebhookPatchOutput) FailurePolicy

FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.

func (ValidatingWebhookPatchOutput) MatchConditions

MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.

The exact matching logic is (in order):

  1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
  2. If ALL matchConditions evaluate to TRUE, the webhook is called.
  3. If any matchCondition evaluates to an error (but none are FALSE): - If failurePolicy=Fail, reject the request - If failurePolicy=Ignore, the error is ignored and the webhook is skipped

This is an alpha feature and managed by the AdmissionWebhookMatchConditions feature gate.

func (ValidatingWebhookPatchOutput) MatchPolicy

matchPolicy defines how the "rules" list is used to match incoming requests. Allowed values are "Exact" or "Equivalent".

- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.

- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.

Defaults to "Equivalent"

func (ValidatingWebhookPatchOutput) Name

The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where "imagepolicy" is the name of the webhook, and kubernetes.io is the name of the organization. Required.

func (ValidatingWebhookPatchOutput) NamespaceSelector

NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.

For example, to run the webhook on any objects whose namespace is not associated with "runlevel" of "0" or "1";  you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "runlevel",
      "operator": "NotIn",
      "values": [
        "0",
        "1"
      ]
    }
  ]
}

If instead you want to only run the webhook on any objects whose namespace is associated with the "environment" of "prod" or "staging"; you will set the selector as follows: "namespaceSelector": {
  "matchExpressions": [
    {
      "key": "environment",
      "operator": "In",
      "values": [
        "prod",
        "staging"
      ]
    }
  ]
}

See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.

Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookPatchOutput) ObjectSelector

ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.

func (ValidatingWebhookPatchOutput) Rules

Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.

func (ValidatingWebhookPatchOutput) SideEffects

SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.

func (ValidatingWebhookPatchOutput) TimeoutSeconds

TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.

func (ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutput

func (o ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutput() ValidatingWebhookPatchOutput

func (ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutputWithContext

func (o ValidatingWebhookPatchOutput) ToValidatingWebhookPatchOutputWithContext(ctx context.Context) ValidatingWebhookPatchOutput

type WebhookClientConfig

type WebhookClientConfig struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle *string `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service *ServiceReference `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url *string `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

type WebhookClientConfigArgs

type WebhookClientConfigArgs struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle pulumi.StringPtrInput `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service ServiceReferencePtrInput `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url pulumi.StringPtrInput `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigArgs) ElementType

func (WebhookClientConfigArgs) ElementType() reflect.Type

func (WebhookClientConfigArgs) ToWebhookClientConfigOutput

func (i WebhookClientConfigArgs) ToWebhookClientConfigOutput() WebhookClientConfigOutput

func (WebhookClientConfigArgs) ToWebhookClientConfigOutputWithContext

func (i WebhookClientConfigArgs) ToWebhookClientConfigOutputWithContext(ctx context.Context) WebhookClientConfigOutput

type WebhookClientConfigInput

type WebhookClientConfigInput interface {
	pulumi.Input

	ToWebhookClientConfigOutput() WebhookClientConfigOutput
	ToWebhookClientConfigOutputWithContext(context.Context) WebhookClientConfigOutput
}

WebhookClientConfigInput is an input type that accepts WebhookClientConfigArgs and WebhookClientConfigOutput values. You can construct a concrete instance of `WebhookClientConfigInput` via:

WebhookClientConfigArgs{...}

type WebhookClientConfigOutput

type WebhookClientConfigOutput struct{ *pulumi.OutputState }

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigOutput) CaBundle

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

func (WebhookClientConfigOutput) ElementType

func (WebhookClientConfigOutput) ElementType() reflect.Type

func (WebhookClientConfigOutput) Service

`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (WebhookClientConfigOutput) ToWebhookClientConfigOutput

func (o WebhookClientConfigOutput) ToWebhookClientConfigOutput() WebhookClientConfigOutput

func (WebhookClientConfigOutput) ToWebhookClientConfigOutputWithContext

func (o WebhookClientConfigOutput) ToWebhookClientConfigOutputWithContext(ctx context.Context) WebhookClientConfigOutput

func (WebhookClientConfigOutput) Url

`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.

The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.

type WebhookClientConfigPatch

type WebhookClientConfigPatch struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle *string `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service *ServiceReferencePatch `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url *string `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

type WebhookClientConfigPatchArgs

type WebhookClientConfigPatchArgs struct {
	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.
	CaBundle pulumi.StringPtrInput `pulumi:"caBundle"`
	// `service` is a reference to the service for this webhook. Either `service` or `url` must be specified.
	//
	// If the webhook is running within the cluster, then you should use `service`.
	Service ServiceReferencePatchPtrInput `pulumi:"service"`
	// `url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.
	//
	// The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.
	//
	// Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
	//
	// The scheme must be "https"; the URL must begin with "https://".
	//
	// A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
	//
	// Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.
	Url pulumi.StringPtrInput `pulumi:"url"`
}

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigPatchArgs) ElementType

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutput

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutput() WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutputWithContext

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchOutputWithContext(ctx context.Context) WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutput

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutputWithContext

func (i WebhookClientConfigPatchArgs) ToWebhookClientConfigPatchPtrOutputWithContext(ctx context.Context) WebhookClientConfigPatchPtrOutput

type WebhookClientConfigPatchInput

type WebhookClientConfigPatchInput interface {
	pulumi.Input

	ToWebhookClientConfigPatchOutput() WebhookClientConfigPatchOutput
	ToWebhookClientConfigPatchOutputWithContext(context.Context) WebhookClientConfigPatchOutput
}

WebhookClientConfigPatchInput is an input type that accepts WebhookClientConfigPatchArgs and WebhookClientConfigPatchOutput values. You can construct a concrete instance of `WebhookClientConfigPatchInput` via:

WebhookClientConfigPatchArgs{...}

type WebhookClientConfigPatchOutput

type WebhookClientConfigPatchOutput struct{ *pulumi.OutputState }

WebhookClientConfig contains the information to make a TLS connection with the webhook

func (WebhookClientConfigPatchOutput) CaBundle

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

func (WebhookClientConfigPatchOutput) ElementType

func (WebhookClientConfigPatchOutput) Service

`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutput

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutput() WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutputWithContext

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchOutputWithContext(ctx context.Context) WebhookClientConfigPatchOutput

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutput

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutputWithContext

func (o WebhookClientConfigPatchOutput) ToWebhookClientConfigPatchPtrOutputWithContext(ctx context.Context) WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchOutput) Url

`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.

The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.

type WebhookClientConfigPatchPtrInput

type WebhookClientConfigPatchPtrInput interface {
	pulumi.Input

	ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput
	ToWebhookClientConfigPatchPtrOutputWithContext(context.Context) WebhookClientConfigPatchPtrOutput
}

WebhookClientConfigPatchPtrInput is an input type that accepts WebhookClientConfigPatchArgs, WebhookClientConfigPatchPtr and WebhookClientConfigPatchPtrOutput values. You can construct a concrete instance of `WebhookClientConfigPatchPtrInput` via:

        WebhookClientConfigPatchArgs{...}

or:

        nil

type WebhookClientConfigPatchPtrOutput

type WebhookClientConfigPatchPtrOutput struct{ *pulumi.OutputState }

func (WebhookClientConfigPatchPtrOutput) CaBundle

`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.

func (WebhookClientConfigPatchPtrOutput) Elem

func (WebhookClientConfigPatchPtrOutput) ElementType

func (WebhookClientConfigPatchPtrOutput) Service

`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.

If the webhook is running within the cluster, then you should use `service`.

func (WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutput

func (o WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutput() WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutputWithContext

func (o WebhookClientConfigPatchPtrOutput) ToWebhookClientConfigPatchPtrOutputWithContext(ctx context.Context) WebhookClientConfigPatchPtrOutput

func (WebhookClientConfigPatchPtrOutput) Url

`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.

The `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.

Please note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.

The scheme must be "https"; the URL must begin with "https://".

A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.

Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fragments ("#...") and query parameters ("?...") are not allowed, either.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL