From 32aec04fa9d1173445af8256109c0a63edd9d100 Mon Sep 17 00:00:00 2001
From: peefy <xpf6677@163.com>
Date: Wed, 4 Sep 2024 17:09:15 +0800
Subject: [PATCH] feat: add mutate webhook config create

Signed-off-by: peefy <xpf6677@163.com>
---
 cmd/webhook-init/main.go        |  2 ++
 config/all.yaml                 | 12 ++++++++++++
 config/rbac/role.yaml           | 12 ++++++++++++
 pkg/webhook/handler/mutation.go |  1 +
 4 files changed, 27 insertions(+)

diff --git a/cmd/webhook-init/main.go b/cmd/webhook-init/main.go
index 10c8dfa..653d530 100644
--- a/cmd/webhook-init/main.go
+++ b/cmd/webhook-init/main.go
@@ -147,6 +147,8 @@ func WriteFile(filepath string, sCert *bytes.Buffer) error {
 	return nil
 }
 
+//+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
+
 func createMutationConfig(caCert *bytes.Buffer) {
 	var (
 		webhookNamespace, _ = os.LookupEnv("WEBHOOK_NAMESPACE")
diff --git a/config/all.yaml b/config/all.yaml
index 60eafa7..33ba664 100644
--- a/config/all.yaml
+++ b/config/all.yaml
@@ -71,6 +71,18 @@ kind: ClusterRole
 metadata:
   name: webhook-role
 rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - krm.kcl.dev
   resources:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 10df539..5ec84b7 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -4,6 +4,18 @@ kind: ClusterRole
 metadata:
   name: webhook-role
 rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - krm.kcl.dev
   resources:
diff --git a/pkg/webhook/handler/mutation.go b/pkg/webhook/handler/mutation.go
index 3b75940..0b3aefe 100644
--- a/pkg/webhook/handler/mutation.go
+++ b/pkg/webhook/handler/mutation.go
@@ -22,6 +22,7 @@ import (
 //+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/finalizers,verbs=update
+//+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
 
 // MutationHandler validates Kubernetes resources using the KCL source.
 type MutationHandler struct {