From f0c709452f879d6304b8506b9baeda743ceed8db Mon Sep 17 00:00:00 2001
From: Miguel Duarte Barroso <mdbarroso@redhat.com>
Date: Fri, 10 May 2024 17:39:52 +0200
Subject: [PATCH] deploy, webhook: only listen to kubevirt launcher pod
 creation events

This way, the webhook is less disruptive in the cluster - i.e. it will
only impact KubeVirt VM workloads.

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
---
 config/default/kustomization.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index 2f746b38..6bbfcd2d 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -22,6 +22,17 @@ resources:
 patches:
 - path: manager_webhook_patch.yaml
 - path: webhookcainjection_patch.yaml
+- patch: |-
+    - op: add
+      path: /webhooks/0/objectSelector
+      value:
+        matchLabels:
+          kubevirt.io: virt-launcher
+  target:
+    kind: MutatingWebhookConfiguration
+    group: admissionregistration.k8s.io
+    version: v1
+    name: mutating-webhook-configuration
 
 replacements:
   - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs