Skip to content

Add ClusterInformation write-protection to webhook config#4499

Open
caseydavenport wants to merge 2 commits intotigera:masterfrom
caseydavenport:caseydavenport/clusterinfo-write-protect
Open

Add ClusterInformation write-protection to webhook config#4499
caseydavenport wants to merge 2 commits intotigera:masterfrom
caseydavenport:caseydavenport/clusterinfo-write-protect

Conversation

@caseydavenport
Copy link
Member

@caseydavenport caseydavenport commented Mar 5, 2026

Adds clusterinformations to the ValidatingWebhookConfiguration managed by the operator. This routes Create/Update/Delete requests to the /cluster-info handler on the webhook server, which blocks writes from non-system users — matching the behavior of the aggregated API server.

The handler itself is in projectcalico/calico#12010.

Ref: CORE-12369

@caseydavenport
Add ClusterInformation to ValidatingWebhookConfiguration
0f00f53 
Register the ClusterInformation write-protection webhook in the
ValidatingWebhookConfiguration. This routes Create/Update/Delete
requests for clusterinformations to the /cluster-info handler on
the webhook server, which blocks writes from non-system users.

The handler itself is implemented in projectcalico/calico#12010.

Ref: CORE-12369
@caseydavenport caseydavenport requested a review from a team as a code owner March 5, 2026 20:52
@marvin-tigera marvin-tigera added this to the v1.42.0 milestone Mar 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

docs-not-required release-note-not-required

Projects

None yet

Milestone

v1.42.0

Development

Successfully merging this pull request may close these issues.

2 participants

@caseydavenport @marvin-tigera