csheremeta
diff --git a/‎build/selectorsyncset.yaml‎
Lines changed: 0 additions & 32 deletions b/‎build/selectorsyncset.yaml‎
Lines changed: 0 additions & 32 deletions
diff --git a/‎docs/webhooks-short.json‎
Lines changed: 2 additions & 18 deletions b/‎docs/webhooks-short.json‎
Lines changed: 2 additions & 18 deletions
diff --git a/‎docs/webhooks.json‎
Lines changed: 9 additions & 134 deletions b/‎docs/webhooks.json‎
Lines changed: 9 additions & 134 deletions
diff --git a/‎pkg/webhooks/add_ingresscontroller.go‎
Lines changed: 0 additions & 9 deletions b/‎pkg/webhooks/add_ingresscontroller.go‎
Lines changed: 0 additions & 9 deletions
@@ -207,38 +207,6 @@ objects:
           scope: Cluster
         sideEffects: None
         timeoutSeconds: 2
-    - apiVersion: admissionregistration.k8s.io/v1
-      kind: ValidatingWebhookConfiguration
-      metadata:
-        annotations:
-          service.beta.openshift.io/inject-cabundle: "true"
-        creationTimestamp: null
-        name: sre-ingresscontroller-validation
-      webhooks:
-      - admissionReviewVersions:
-        - v1
-        clientConfig:
-          service:
-            name: validation-webhook
-            namespace: openshift-validation-webhook
-            path: /ingresscontroller-validation
-        failurePolicy: Ignore
-        matchPolicy: Equivalent
-        name: ingresscontroller-validation.managed.openshift.io
-        rules:
-        - apiGroups:
-          - operator.openshift.io
-          apiVersions:
-          - '*'
-          operations:
-          - CREATE
-          - UPDATE
-          resources:
-          - ingresscontroller
-          - ingresscontrollers
-          scope: Namespaced
-        sideEffects: None
-        timeoutSeconds: 1
     - apiVersion: admissionregistration.k8s.io/v1
       kind: ValidatingWebhookConfiguration
       metadata:
 
@@ -7,14 +7,6 @@
     "webhookName": "hiveownership-validation",
     "documentString": "Managed OpenShift customers may not edit certain managed resources. A managed resource has a \"hive.openshift.io/managed\": \"true\" label."
   },
-  {
-    "webhookName": "imagecontentpolicies-validation",
-    "documentString": "Managed OpenShift customers may not create ImageContentSourcePolicy, ImageDigestMirrorSet, or ImageTagMirrorSet resources that configure mirrors for the entirety of quay.io, registry.redhat.io, nor registry.access.redhat.com. If needed, specific repositories can have mirrors configured, such as quay.io/example."
-  },
-  {
-    "webhookName": "ingresscontroller-validation",
-    "documentString": "Managed OpenShift Customer may create IngressControllers without necessary taints. This can cause those workloads to be provisioned on infra or master nodes."
-  },
   {
     "webhookName": "namespace-validation",
     "documentString": "Managed OpenShift Customers may not modify namespaces specified in the [openshift-monitoring/addons-namespaces openshift-monitoring/managed-namespaces openshift-monitoring/ocp-namespaces] ConfigMaps because customer workloads should be placed in customer-created namespaces. Customers may not create namespaces identified by this regular expression (^com$|^io$|^in$) because it could interfere with critical DNS resolution. Additionally, customers may not set or change the values of these Namespace labels [managed.openshift.io/storage-pv-quota-exempt managed.openshift.io/service-lb-quota-exempt]."
@@ -23,21 +15,13 @@
     "webhookName": "pod-validation",
     "documentString": "Managed OpenShift Customers may use tolerations on Pods that could cause those Pods to be scheduled on infra or master nodes."
   },
-  {
-    "webhookName": "prometheusrule-validation",
-    "documentString": "Managed OpenShift Customers may not create PrometheusRule in namespaces managed by Red Hat."
-  },
   {
     "webhookName": "regular-user-validation",
-    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [network.openshift.io admissionregistration.k8s.io cloudingress.managed.openshift.io config.openshift.io cloudcredential.openshift.io addons.managed.openshift.io upgrade.managed.openshift.io autoscaling.openshift.io machineconfiguration.openshift.io operator.openshift.io machine.openshift.io splunkforwarder.managed.openshift.io managed.openshift.io ocmagent.managed.openshift.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Proxy or SubjectPermission objects."
-  },
-  {
-    "webhookName": "regular-user-validation-osd",
-    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [], nor may Managed OpenShift customers alter the Node objects."
+    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [autoscaling.openshift.io config.openshift.io operator.openshift.io network.openshift.io machine.openshift.io admissionregistration.k8s.io splunkforwarder.managed.openshift.io upgrade.managed.openshift.io ocmagent.managed.openshift.io cloudcredential.openshift.io addons.managed.openshift.io cloudingress.managed.openshift.io managed.openshift.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Node or SubjectPermission objects."
   },
   {
     "webhookName": "scc-validation",
-    "documentString": "Managed OpenShift Customers may not modify the following default SCCs: [anyuid hostaccess hostmount-anyuid hostnetwork hostnetwork-v2 node-exporter nonroot nonroot-v2 privileged restricted restricted-v2]"
+    "documentString": "Managed OpenShift Customers may not modify the following default SCCs: [anyuid hostaccess hostmount-anyuid hostnetwork node-exporter nonroot privileged restricted]"
   },
   {
     "webhookName": "techpreviewnoupgrade-validation",
 
@@ -48,68 +48,6 @@
     },
     "documentString": "Managed OpenShift customers may not edit certain managed resources. A managed resource has a \"hive.openshift.io/managed\": \"true\" label."
   },
-  {
-    "webhookName": "imagecontentpolicies-validation",
-    "rules": [
-      {
-        "operations": [
-          "CREATE",
-          "UPDATE"
-        ],
-        "apiGroups": [
-          "config.openshift.io"
-        ],
-        "apiVersions": [
-          "*"
-        ],
-        "resources": [
-          "imagedigestmirrorsets",
-          "imagetagmirrorsets"
-        ],
-        "scope": "Cluster"
-      },
-      {
-        "operations": [
-          "CREATE",
-          "UPDATE"
-        ],
-        "apiGroups": [
-          "operator.openshift.io"
-        ],
-        "apiVersions": [
-          "*"
-        ],
-        "resources": [
-          "imagecontentsourcepolicies"
-        ],
-        "scope": "Cluster"
-      }
-    ],
-    "documentString": "Managed OpenShift customers may not create ImageContentSourcePolicy, ImageDigestMirrorSet, or ImageTagMirrorSet resources that configure mirrors for the entirety of quay.io, registry.redhat.io, nor registry.access.redhat.com. If needed, specific repositories can have mirrors configured, such as quay.io/example."
-  },
-  {
-    "webhookName": "ingresscontroller-validation",
-    "rules": [
-      {
-        "operations": [
-          "CREATE",
-          "UPDATE"
-        ],
-        "apiGroups": [
-          "operator.openshift.io/v1"
-        ],
-        "apiVersions": [
-          "*"
-        ],
-        "resources": [
-          "ingresscontroller",
-          "ingresscontrollers"
-        ],
-        "scope": "Namespaced"
-      }
-    ],
-    "documentString": "Managed OpenShift Customer may create IngressControllers without necessary taints. This can cause those workloads to be provisioned on infra or master nodes."
-  },
   {
     "webhookName": "namespace-validation",
     "rules": [
@@ -154,29 +92,6 @@
     ],
     "documentString": "Managed OpenShift Customers may use tolerations on Pods that could cause those Pods to be scheduled on infra or master nodes."
   },
-  {
-    "webhookName": "prometheusrule-validation",
-    "rules": [
-      {
-        "operations": [
-          "CREATE",
-          "UPDATE",
-          "DELETE"
-        ],
-        "apiGroups": [
-          "monitoring.coreos.com"
-        ],
-        "apiVersions": [
-          "*"
-        ],
-        "resources": [
-          "prometheusrules"
-        ],
-        "scope": "Namespaced"
-      }
-    ],
-    "documentString": "Managed OpenShift Customers may not create PrometheusRule in namespaces managed by Red Hat."
-  },
   {
     "webhookName": "regular-user-validation",
     "rules": [
@@ -233,25 +148,7 @@
           "clusterversions",
           "clusterversions/status",
           "schedulers",
-          "apiservers",
-          "proxies"
-        ],
-        "scope": "*"
-      },
-      {
-        "operations": [
-          "CREATE",
-          "UPDATE",
-          "DELETE"
-        ],
-        "apiGroups": [
-          ""
-        ],
-        "apiVersions": [
-          "*"
-        ],
-        "resources": [
-          "configmaps"
+          "apiservers"
         ],
         "scope": "*"
       },
@@ -260,14 +157,14 @@
           "*"
         ],
         "apiGroups": [
-          "machineconfiguration.openshift.io"
+          "operator.openshift.io"
         ],
         "apiVersions": [
           "*"
         ],
         "resources": [
-          "machineconfigs",
-          "machineconfigpools"
+          "kubeapiservers",
+          "openshiftapiservers"
         ],
         "scope": "*"
       },
@@ -276,14 +173,14 @@
           "*"
         ],
         "apiGroups": [
-          "operator.openshift.io"
+          ""
         ],
         "apiVersions": [
           "*"
         ],
         "resources": [
-          "kubeapiservers",
-          "openshiftapiservers"
+          "nodes",
+          "nodes/*"
         ],
         "scope": "*"
       },
@@ -320,29 +217,7 @@
         "scope": "*"
       }
     ],
-    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [admissionregistration.k8s.io config.openshift.io operator.openshift.io network.openshift.io cloudcredential.openshift.io machine.openshift.io managed.openshift.io machineconfiguration.openshift.io autoscaling.openshift.io addons.managed.openshift.io ocmagent.managed.openshift.io splunkforwarder.managed.openshift.io upgrade.managed.openshift.io cloudingress.managed.openshift.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Proxy or SubjectPermission objects."
-  },
-  {
-    "webhookName": "regular-user-validation-osd",
-    "rules": [
-      {
-        "operations": [
-          "*"
-        ],
-        "apiGroups": [
-          ""
-        ],
-        "apiVersions": [
-          "*"
-        ],
-        "resources": [
-          "nodes",
-          "nodes/*"
-        ],
-        "scope": "*"
-      }
-    ],
-    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [], nor may Managed OpenShift customers alter the Node objects."
+    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [network.openshift.io cloudcredential.openshift.io managed.openshift.io ocmagent.managed.openshift.io upgrade.managed.openshift.io config.openshift.io operator.openshift.io machine.openshift.io admissionregistration.k8s.io addons.managed.openshift.io cloudingress.managed.openshift.io splunkforwarder.managed.openshift.io autoscaling.openshift.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Node or SubjectPermission objects."
   },
   {
     "webhookName": "scc-validation",
@@ -364,7 +239,7 @@
         "scope": "Cluster"
       }
     ],
-    "documentString": "Managed OpenShift Customers may not modify the following default SCCs: [anyuid hostaccess hostmount-anyuid hostnetwork hostnetwork-v2 node-exporter nonroot nonroot-v2 privileged restricted restricted-v2]"
+    "documentString": "Managed OpenShift Customers may not modify the following default SCCs: [anyuid hostaccess hostmount-anyuid hostnetwork node-exporter nonroot privileged restricted]"
   },
   {
     "webhookName": "techpreviewnoupgrade-validation",