src/test/resources/sample/mutation/mutation.glue.yaml

apiVersion: io.javaoperatorsdk.operator.glue/v1beta1
kind: Glue
metadata:
  name: mutation-webhook-deployment
spec:
  childResources:
    - name: service
      resource:
        apiVersion: v1
        kind: Service
        metadata:
          name: pod-mutating-hook
        spec:
          ports:
            - name: https
              port: 443
              protocol: TCP
              targetPort: 443
          selector:
            app.kubernetes.io/name: pod-mutating-hook
            app.kubernetes.io/version: 0.1.0
          type: NodePort
    - name: deployment
      readyPostCondition:
        type: ReadyCondition
      resource:
        apiVersion: apps/v1
        kind: Deployment
        metadata:
          name: pod-mutating-hook
        spec:
          replicas: 1
          selector:
            matchLabels:
              app.kubernetes.io/name: pod-mutating-hook
              app.kubernetes.io/version: 0.1.0
          template:
            metadata:
              labels:
                app.kubernetes.io/name: pod-mutating-hook
                app.kubernetes.io/version: 0.1.0
              namespace: default
            spec:
              containers:
                - env:
                    - name: KUBERNETES_NAMESPACE
                      valueFrom:
                        fieldRef:
                          fieldPath: metadata.namespace
                    - name: QUARKUS_HTTP_SSL_CERTIFICATE_KEY_STORE_FILE
                      value: /etc/certs/keystore.p12
                    - name: QUARKUS_HTTP_SSL_CERTIFICATE_KEY_STORE_FILE_TYPE
                      value: PKCS12
                    - name: QUARKUS_HTTP_SSL_CERTIFICATE_KEY_STORE_PASSWORD
                      valueFrom:
                        secretKeyRef:
                          key: password
                          name: pkcs12-pass
                  image: ghcr.io/csviri/sample-pod-mutating-webhook:0.1.0
                  imagePullPolicy: IfNotPresent
                  name: pod-mutating-hook
                  ports:
                    - containerPort: 443
                      name: https
                      protocol: TCP
                  volumeMounts:
                    - mountPath: /etc/certs
                      name: sample-pod-mutating-webhook
                      readOnly: true
              serviceAccountName: pod-mutating-hook
              volumes:
                - name: sample-pod-mutating-webhook
                  secret:
                    optional: false
                    secretName: tls-secret
    - name: mutation_hook_config
      clusterScoped: true
      dependsOn:
        - deployment
        - service
      resource:
        apiVersion: admissionregistration.k8s.io/v1
        kind: MutatingWebhookConfiguration
        metadata:
          annotations:
            cert-manager.io/inject-ca-from: default/sample-pod-mutating-webhook
          name: pod-mutating-webhook
        webhooks:
          - admissionReviewVersions:
              - v1
            clientConfig:
              service:
                name: pod-mutating-hook
                namespace: default
                path: /mutate
            failurePolicy: Fail
            name: sample.mutating.webhook
            rules:
              - apiGroups:
                  - ""
                apiVersions:
                  - v1
                operations:
                  - UPDATE
                  - CREATE
                resources:
                  - pods
            sideEffects: None
            timeoutSeconds: 5
              