Fix kyverno webhook namespace selectors (#434)

* Fix kyverno webhook namespace selectors * Fix waiting for kyverno webhook
timebertt · Jan 19, 2025 · 0064efc · 0064efc
1 parent 637af40
commit 0064efc
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/hack/config/kyverno/kustomization.yaml b/hack/config/kyverno/kustomization.yaml
@@ -14,7 +14,7 @@ configMapGenerator:
   # overwrite default namespaceSelector for webhook configs to exclude kube-system
   # the second part makes gardeners care controller/webhook remediation happy
   - >-
-    webhooks=[{
+    webhooks={
       "namespaceSelector": {
         "matchExpressions": [{
           "key": "kubernetes.io/metadata.name",
@@ -26,4 +26,4 @@ configMapGenerator:
           "values": ["kube-system"]
         }]
       }
-    }]
+    }
diff --git a/hack/config/skaffold.yaml b/hack/config/skaffold.yaml
@@ -111,7 +111,7 @@ deploy:
               - |
                 for i in $(seq 1 20); do
                   # create dummy policy with dry-run enabled to test availability of webhook
-                  if kubectl create --raw "/apis/kyverno.io/v1/clusterpolicies?dryRun=All" -f <(echo '{"apiVersion": "kyverno.io/v1", "kind": "ClusterPolicy", "metadata": {"name": "test"}, "spec": {}}') >/dev/null ; then
+                  if kubectl create --dry-run=server -f <(yq '.metadata.name |= "test-kyverno"' hack/config/policy/shoot/sharder-scheduling.yaml) ; then
                     exit 0
                   fi
                   echo "Waiting until kyverno webhook is ready to handle policy creation"