This issue appears because k8s does not support annotation filtering in webhooks.
Now we have a configuration file for mutating webhook: https://github.com/networkservicemesh/deployments-k8s/pull/10139/files#diff-44daa96e3cdba7c4414e87f6831e06bd63a9984e606efc8a5cd7e4d7829d6850
These mutations will be applied to all resources by default. The idea of the new functionality is to add labels to all resources that should be affected by the webhook mutation, and configure filtering by labels in the webhook configuration file. This problem was described here: #282 but it looks like the "scope" field is not applicable for this purpose. Most likely using objectSelector and namespaceSelector with matchLabel may lead to necessary resource filtering, something similar is done in the Kuma webhook configuration: https://github.com/kumahq/kuma/blob/6f86847aee5d50fd912aeaaa8f5470427f127676/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml#L610
https://github.com/kumahq/kuma/blob/6f86847aee5d50fd912aeaaa8f5470427f127676/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml#L588
We already have labelling support for namespaces so let's add labelling support for all other resources
Label example: networkservicemesh.io: "nsm-1://kernel/value"
This issue appears because k8s does not support annotation filtering in webhooks.
Now we have a configuration file for mutating webhook: https://github.com/networkservicemesh/deployments-k8s/pull/10139/files#diff-44daa96e3cdba7c4414e87f6831e06bd63a9984e606efc8a5cd7e4d7829d6850
These mutations will be applied to all resources by default. The idea of the new functionality is to add labels to all resources that should be affected by the webhook mutation, and configure filtering by labels in the webhook configuration file. This problem was described here: #282 but it looks like the "scope" field is not applicable for this purpose. Most likely using
objectSelectorandnamespaceSelectorwithmatchLabelmay lead to necessary resource filtering, something similar is done in the Kuma webhook configuration: https://github.com/kumahq/kuma/blob/6f86847aee5d50fd912aeaaa8f5470427f127676/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml#L610https://github.com/kumahq/kuma/blob/6f86847aee5d50fd912aeaaa8f5470427f127676/app/kumactl/cmd/install/testdata/install-control-plane.with-helm-values.yaml#L588
We already have labelling support for namespaces so let's add labelling support for all other resources
Label example:
networkservicemesh.io: "nsm-1://kernel/value"