diff --git a/website/docs/customize-startup.md b/website/docs/customize-startup.md index 601f4d5f44a..abf2b93b459 100644 --- a/website/docs/customize-startup.md +++ b/website/docs/customize-startup.md @@ -57,6 +57,8 @@ The `--mutation-annotations` flag adds the following two annotations to mutated | `gatekeeper.sh/mutation-id` | The UUID of the mutation. | | `gatekeeper.sh/mutations` | A list of comma-separated mutations in the format of `//:` that are applied to the object. | +> ❗ Note that this will break the idempotence requirement that Kubernetes sets for mutation webhooks. See the [Kubernetes docs here](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#idempotence) for more details + ## Other Configuration Options For the complete list of configuration flags for your specific version of Gatekeeper, run the Gatekeeper binary with the `--help` flag. For example: diff --git a/website/docs/mutation.md b/website/docs/mutation.md index 13de1c26e0e..88a45a3cfb5 100644 --- a/website/docs/mutation.md +++ b/website/docs/mutation.md @@ -252,6 +252,11 @@ must start with `:` or `@`. Also, if `assignPath` is set to a value which could be interpreted as a domain, such as `my.repo.lib/app`, then `assignDomain` must also be specified. +### Mutation Annotations + +You can have two recording annotations applied at mutation time by enabling the `--mutation-annotations` flag. More details can be found on the +[customize startup docs page](./customize-startup.md). + ## Examples ### Adding an annotation diff --git a/website/versioned_docs/version-v3.10.x/customize-startup.md b/website/versioned_docs/version-v3.10.x/customize-startup.md index 9fe4fad10b9..c6bdce6a479 100644 --- a/website/versioned_docs/version-v3.10.x/customize-startup.md +++ b/website/versioned_docs/version-v3.10.x/customize-startup.md @@ -53,6 +53,8 @@ The `--mutation-annotations` flag adds the following two annotations to mutated | `gatekeeper.sh/mutation-id` | The UUID of the mutation. | | `gatekeeper.sh/mutations` | A list of comma-separated mutations in the format of `//:` that are applied to the object. | +> ❗ Note that this will break the idempotence requirement that Kubernetes sets for mutation webhooks. See the [Kubernetes docs here](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#idempotence) for more details + ## Other Configuration Options For the complete list of configuration flags for your specific version of Gatekeeper, run the Gatekeeper binary with the `--help` flag. For example: diff --git a/website/versioned_docs/version-v3.10.x/mutation.md b/website/versioned_docs/version-v3.10.x/mutation.md index 9012402c99a..19a2bb44f75 100644 --- a/website/versioned_docs/version-v3.10.x/mutation.md +++ b/website/versioned_docs/version-v3.10.x/mutation.md @@ -213,6 +213,10 @@ spec: - `spec.parameters.values.fromList` holds the list of values that will be added or removed. - `operation` can be `merge` to insert values into the list if missing, or `prune` to remove values from the list. `merge` is default. +### Mutation Annotations + +You can have two recording annotations applied at mutation time by enabling the `--mutation-annotations` flag. More details can be found on the +[customize startup docs page](./customize-startup.md). ## Examples diff --git a/website/versioned_docs/version-v3.11.x/customize-startup.md b/website/versioned_docs/version-v3.11.x/customize-startup.md index 9fe4fad10b9..c6bdce6a479 100644 --- a/website/versioned_docs/version-v3.11.x/customize-startup.md +++ b/website/versioned_docs/version-v3.11.x/customize-startup.md @@ -53,6 +53,8 @@ The `--mutation-annotations` flag adds the following two annotations to mutated | `gatekeeper.sh/mutation-id` | The UUID of the mutation. | | `gatekeeper.sh/mutations` | A list of comma-separated mutations in the format of `//:` that are applied to the object. | +> ❗ Note that this will break the idempotence requirement that Kubernetes sets for mutation webhooks. See the [Kubernetes docs here](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#idempotence) for more details + ## Other Configuration Options For the complete list of configuration flags for your specific version of Gatekeeper, run the Gatekeeper binary with the `--help` flag. For example: diff --git a/website/versioned_docs/version-v3.11.x/mutation.md b/website/versioned_docs/version-v3.11.x/mutation.md index 9012402c99a..19a2bb44f75 100644 --- a/website/versioned_docs/version-v3.11.x/mutation.md +++ b/website/versioned_docs/version-v3.11.x/mutation.md @@ -213,6 +213,10 @@ spec: - `spec.parameters.values.fromList` holds the list of values that will be added or removed. - `operation` can be `merge` to insert values into the list if missing, or `prune` to remove values from the list. `merge` is default. +### Mutation Annotations + +You can have two recording annotations applied at mutation time by enabling the `--mutation-annotations` flag. More details can be found on the +[customize startup docs page](./customize-startup.md). ## Examples diff --git a/website/versioned_docs/version-v3.12.x/customize-startup.md b/website/versioned_docs/version-v3.12.x/customize-startup.md index 601f4d5f44a..abf2b93b459 100644 --- a/website/versioned_docs/version-v3.12.x/customize-startup.md +++ b/website/versioned_docs/version-v3.12.x/customize-startup.md @@ -57,6 +57,8 @@ The `--mutation-annotations` flag adds the following two annotations to mutated | `gatekeeper.sh/mutation-id` | The UUID of the mutation. | | `gatekeeper.sh/mutations` | A list of comma-separated mutations in the format of `//:` that are applied to the object. | +> ❗ Note that this will break the idempotence requirement that Kubernetes sets for mutation webhooks. See the [Kubernetes docs here](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#idempotence) for more details + ## Other Configuration Options For the complete list of configuration flags for your specific version of Gatekeeper, run the Gatekeeper binary with the `--help` flag. For example: diff --git a/website/versioned_docs/version-v3.12.x/mutation.md b/website/versioned_docs/version-v3.12.x/mutation.md index 13de1c26e0e..88a45a3cfb5 100644 --- a/website/versioned_docs/version-v3.12.x/mutation.md +++ b/website/versioned_docs/version-v3.12.x/mutation.md @@ -252,6 +252,11 @@ must start with `:` or `@`. Also, if `assignPath` is set to a value which could be interpreted as a domain, such as `my.repo.lib/app`, then `assignDomain` must also be specified. +### Mutation Annotations + +You can have two recording annotations applied at mutation time by enabling the `--mutation-annotations` flag. More details can be found on the +[customize startup docs page](./customize-startup.md). + ## Examples ### Adding an annotation diff --git a/website/versioned_docs/version-v3.13.x/customize-startup.md b/website/versioned_docs/version-v3.13.x/customize-startup.md index 601f4d5f44a..abf2b93b459 100644 --- a/website/versioned_docs/version-v3.13.x/customize-startup.md +++ b/website/versioned_docs/version-v3.13.x/customize-startup.md @@ -57,6 +57,8 @@ The `--mutation-annotations` flag adds the following two annotations to mutated | `gatekeeper.sh/mutation-id` | The UUID of the mutation. | | `gatekeeper.sh/mutations` | A list of comma-separated mutations in the format of `//:` that are applied to the object. | +> ❗ Note that this will break the idempotence requirement that Kubernetes sets for mutation webhooks. See the [Kubernetes docs here](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#idempotence) for more details + ## Other Configuration Options For the complete list of configuration flags for your specific version of Gatekeeper, run the Gatekeeper binary with the `--help` flag. For example: diff --git a/website/versioned_docs/version-v3.13.x/mutation.md b/website/versioned_docs/version-v3.13.x/mutation.md index 13de1c26e0e..88a45a3cfb5 100644 --- a/website/versioned_docs/version-v3.13.x/mutation.md +++ b/website/versioned_docs/version-v3.13.x/mutation.md @@ -252,6 +252,11 @@ must start with `:` or `@`. Also, if `assignPath` is set to a value which could be interpreted as a domain, such as `my.repo.lib/app`, then `assignDomain` must also be specified. +### Mutation Annotations + +You can have two recording annotations applied at mutation time by enabling the `--mutation-annotations` flag. More details can be found on the +[customize startup docs page](./customize-startup.md). + ## Examples ### Adding an annotation diff --git a/website/versioned_docs/version-v3.7.x/customize-startup.md b/website/versioned_docs/version-v3.7.x/customize-startup.md index 203009c687b..fabe886050e 100644 --- a/website/versioned_docs/version-v3.7.x/customize-startup.md +++ b/website/versioned_docs/version-v3.7.x/customize-startup.md @@ -52,3 +52,5 @@ The `--mutation-annotations` flag adds the following two annotations to mutated | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `gatekeeper.sh/mutation-id` | The UUID of the mutation. | | `gatekeeper.sh/mutations` | A list of comma-separated mutations in the format of `//:` that are applied to the object. | + +> ❗ Note that this will break the idempotence requirement that Kubernetes sets for mutation webhooks. See the [Kubernetes docs here](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#idempotence) for more details diff --git a/website/versioned_docs/version-v3.7.x/mutation.md b/website/versioned_docs/version-v3.7.x/mutation.md index ae8af54ec35..85c49aae037 100644 --- a/website/versioned_docs/version-v3.7.x/mutation.md +++ b/website/versioned_docs/version-v3.7.x/mutation.md @@ -211,6 +211,10 @@ spec: - `spec.parameters.values.fromList` holds the list of values that will be added or removed. - `operation` can be `merge` to insert values into the list if missing, or `prune` to remove values from the list. `merge` is default. +### Mutation Annotations + +You can have two recording annotations applied at mutation time by enabling the `--mutation-annotations` flag. More details can be found on the +[customize startup docs page](./customize-startup.md). ## Examples diff --git a/website/versioned_docs/version-v3.8.x/customize-startup.md b/website/versioned_docs/version-v3.8.x/customize-startup.md index 9fe4fad10b9..c6bdce6a479 100644 --- a/website/versioned_docs/version-v3.8.x/customize-startup.md +++ b/website/versioned_docs/version-v3.8.x/customize-startup.md @@ -53,6 +53,8 @@ The `--mutation-annotations` flag adds the following two annotations to mutated | `gatekeeper.sh/mutation-id` | The UUID of the mutation. | | `gatekeeper.sh/mutations` | A list of comma-separated mutations in the format of `//:` that are applied to the object. | +> ❗ Note that this will break the idempotence requirement that Kubernetes sets for mutation webhooks. See the [Kubernetes docs here](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#idempotence) for more details + ## Other Configuration Options For the complete list of configuration flags for your specific version of Gatekeeper, run the Gatekeeper binary with the `--help` flag. For example: diff --git a/website/versioned_docs/version-v3.8.x/mutation.md b/website/versioned_docs/version-v3.8.x/mutation.md index 12ba809da24..5fe5b4edbf9 100644 --- a/website/versioned_docs/version-v3.8.x/mutation.md +++ b/website/versioned_docs/version-v3.8.x/mutation.md @@ -211,6 +211,10 @@ spec: - `spec.parameters.values.fromList` holds the list of values that will be added or removed. - `operation` can be `merge` to insert values into the list if missing, or `prune` to remove values from the list. `merge` is default. +### Mutation Annotations + +You can have two recording annotations applied at mutation time by enabling the `--mutation-annotations` flag. More details can be found on the +[customize startup docs page](./customize-startup.md). ## Examples diff --git a/website/versioned_docs/version-v3.9.x/customize-startup.md b/website/versioned_docs/version-v3.9.x/customize-startup.md index 9fe4fad10b9..c6bdce6a479 100644 --- a/website/versioned_docs/version-v3.9.x/customize-startup.md +++ b/website/versioned_docs/version-v3.9.x/customize-startup.md @@ -53,6 +53,8 @@ The `--mutation-annotations` flag adds the following two annotations to mutated | `gatekeeper.sh/mutation-id` | The UUID of the mutation. | | `gatekeeper.sh/mutations` | A list of comma-separated mutations in the format of `//:` that are applied to the object. | +> ❗ Note that this will break the idempotence requirement that Kubernetes sets for mutation webhooks. See the [Kubernetes docs here](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#idempotence) for more details + ## Other Configuration Options For the complete list of configuration flags for your specific version of Gatekeeper, run the Gatekeeper binary with the `--help` flag. For example: diff --git a/website/versioned_docs/version-v3.9.x/mutation.md b/website/versioned_docs/version-v3.9.x/mutation.md index 12ba809da24..5fe5b4edbf9 100644 --- a/website/versioned_docs/version-v3.9.x/mutation.md +++ b/website/versioned_docs/version-v3.9.x/mutation.md @@ -211,6 +211,10 @@ spec: - `spec.parameters.values.fromList` holds the list of values that will be added or removed. - `operation` can be `merge` to insert values into the list if missing, or `prune` to remove values from the list. `merge` is default. +### Mutation Annotations + +You can have two recording annotations applied at mutation time by enabling the `--mutation-annotations` flag. More details can be found on the +[customize startup docs page](./customize-startup.md). ## Examples