Multiple ValidatingWebhookConfiguration objects in the cluster will collide
Summary
Related to #601 (closed)
The ValidatingWebhookConfiguration objects we deploy to the cluster can collide because they do not limit which GitLab CRs are accepted.
This is primarily a problem in our CI, but could pose a problem for anyone deploying multiple instances of the Operator to a single cluster.
For example, if VWC 1, 2, and 3 are applied to a cluster, all requests seem to get routed to VWC 1 (i.e. the oldest resource).
Looking at the VWC docs, I expect that we'll need to use further scoping configuration to ensure each webhook only accepts CRs applied to the related namespace.
Acceptance criteria
-
When multiple VWCs are deployed to a cluster, each one only accepts CRs applied to the related namespace.
Edited by Mitchell Nielsen