csheremeta
diff --git a/‎build/selectorsyncset.yaml‎
Lines changed: 0 additions & 32 deletions b/‎build/selectorsyncset.yaml‎
Lines changed: 0 additions & 32 deletions
diff --git a/‎docs/webhooks-short.json‎
Lines changed: 1 addition & 5 deletions b/‎docs/webhooks-short.json‎
Lines changed: 1 addition & 5 deletions
diff --git a/‎docs/webhooks.json‎
Lines changed: 1 addition & 24 deletions b/‎docs/webhooks.json‎
Lines changed: 1 addition & 24 deletions
diff --git a/‎pkg/webhooks/add_ingresscontroller.go‎
Lines changed: 0 additions & 9 deletions b/‎pkg/webhooks/add_ingresscontroller.go‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎pkg/webhooks/ingresscontroller/ingresscontroller.go‎
Lines changed: 0 additions & 187 deletions b/‎pkg/webhooks/ingresscontroller/ingresscontroller.go‎
Lines changed: 0 additions & 187 deletions
@@ -237,38 +237,6 @@ objects:
           scope: Cluster
         sideEffects: None
         timeoutSeconds: 2
-    - apiVersion: admissionregistration.k8s.io/v1
-      kind: ValidatingWebhookConfiguration
-      metadata:
-        annotations:
-          service.beta.openshift.io/inject-cabundle: "true"
-        creationTimestamp: null
-        name: sre-ingresscontroller-validation
-      webhooks:
-      - admissionReviewVersions:
-        - v1
-        clientConfig:
-          service:
-            name: validation-webhook
-            namespace: openshift-validation-webhook
-            path: /ingresscontroller-validation
-        failurePolicy: Ignore
-        matchPolicy: Equivalent
-        name: ingresscontroller-validation.managed.openshift.io
-        rules:
-        - apiGroups:
-          - operator.openshift.io
-          apiVersions:
-          - '*'
-          operations:
-          - CREATE
-          - UPDATE
-          resources:
-          - ingresscontroller
-          - ingresscontrollers
-          scope: Namespaced
-        sideEffects: None
-        timeoutSeconds: 1
     - apiVersion: admissionregistration.k8s.io/v1
       kind: ValidatingWebhookConfiguration
       metadata:
 
@@ -15,10 +15,6 @@
     "webhookName": "imagecontentpolicies-validation",
     "documentString": "Managed OpenShift customers may not create ImageContentSourcePolicy, ImageDigestMirrorSet, or ImageTagMirrorSet resources that configure mirrors for the entirety of quay.io, registry.redhat.io, nor registry.access.redhat.com. If needed, specific repositories can have mirrors configured, such as quay.io/example."
   },
-  {
-    "webhookName": "ingresscontroller-validation",
-    "documentString": "Managed OpenShift Customer may create IngressControllers without necessary taints. This can cause those workloads to be provisioned on infra or master nodes."
-  },
   {
     "webhookName": "namespace-validation",
     "documentString": "Managed OpenShift Customers may not modify namespaces specified in the [openshift-monitoring/addons-namespaces openshift-monitoring/managed-namespaces openshift-monitoring/ocp-namespaces] ConfigMaps because customer workloads should be placed in customer-created namespaces. Customers may not create namespaces identified by this regular expression (^com$|^io$|^in$) because it could interfere with critical DNS resolution. Additionally, customers may not set or change the values of these Namespace labels [managed.openshift.io/storage-pv-quota-exempt managed.openshift.io/service-lb-quota-exempt]."
@@ -33,7 +29,7 @@
   },
   {
     "webhookName": "regular-user-validation",
-    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [autoscaling.openshift.io cloudcredential.openshift.io admissionregistration.k8s.io ocmagent.managed.openshift.io upgrade.managed.openshift.io machine.openshift.io managed.openshift.io operator.openshift.io splunkforwarder.managed.openshift.io network.openshift.io addons.managed.openshift.io cloudingress.managed.openshift.io config.openshift.io machineconfiguration.openshift.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Proxy or SubjectPermission objects."
+    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [cloudcredential.openshift.io machine.openshift.io admissionregistration.k8s.io operator.openshift.io splunkforwarder.managed.openshift.io upgrade.managed.openshift.io machineconfiguration.openshift.io managed.openshift.io ocmagent.managed.openshift.io network.openshift.io config.openshift.io addons.managed.openshift.io cloudingress.managed.openshift.io autoscaling.openshift.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Proxy or SubjectPermission objects."
   },
   {
     "webhookName": "regular-user-validation-osd",
 
@@ -108,29 +108,6 @@
     ],
     "documentString": "Managed OpenShift customers may not create ImageContentSourcePolicy, ImageDigestMirrorSet, or ImageTagMirrorSet resources that configure mirrors for the entirety of quay.io, registry.redhat.io, nor registry.access.redhat.com. If needed, specific repositories can have mirrors configured, such as quay.io/example."
   },
-  {
-    "webhookName": "ingresscontroller-validation",
-    "rules": [
-      {
-        "operations": [
-          "CREATE",
-          "UPDATE"
-        ],
-        "apiGroups": [
-          "operator.openshift.io"
-        ],
-        "apiVersions": [
-          "*"
-        ],
-        "resources": [
-          "ingresscontroller",
-          "ingresscontrollers"
-        ],
-        "scope": "Namespaced"
-      }
-    ],
-    "documentString": "Managed OpenShift Customer may create IngressControllers without necessary taints. This can cause those workloads to be provisioned on infra or master nodes."
-  },
   {
     "webhookName": "namespace-validation",
     "rules": [
@@ -341,7 +318,7 @@
         "scope": "*"
       }
     ],
-    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [operator.openshift.io splunkforwarder.managed.openshift.io config.openshift.io upgrade.managed.openshift.io autoscaling.openshift.io machineconfiguration.openshift.io network.openshift.io cloudcredential.openshift.io managed.openshift.io addons.managed.openshift.io cloudingress.managed.openshift.io ocmagent.managed.openshift.io machine.openshift.io admissionregistration.k8s.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Proxy or SubjectPermission objects."
+    "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [addons.managed.openshift.io ocmagent.managed.openshift.io operator.openshift.io network.openshift.io admissionregistration.k8s.io cloudingress.managed.openshift.io splunkforwarder.managed.openshift.io upgrade.managed.openshift.io config.openshift.io cloudcredential.openshift.io machine.openshift.io managed.openshift.io autoscaling.openshift.io machineconfiguration.openshift.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Proxy or SubjectPermission objects."
   },
   {
     "webhookName": "regular-user-validation-osd",
Original file line number	Diff line number	Diff line change
`@@ -15,10 +15,6 @@`
`15`	`15`	`"webhookName": "imagecontentpolicies-validation",`
`16`	`16`	`"documentString": "Managed OpenShift customers may not create ImageContentSourcePolicy, ImageDigestMirrorSet, or ImageTagMirrorSet resources that configure mirrors for the entirety of quay.io, registry.redhat.io, nor registry.access.redhat.com. If needed, specific repositories can have mirrors configured, such as quay.io/example."`
`17`	`17`	`},`
`18`		`- {`
`19`		`- "webhookName": "ingresscontroller-validation",`
`20`		`- "documentString": "Managed OpenShift Customer may create IngressControllers without necessary taints. This can cause those workloads to be provisioned on infra or master nodes."`
`21`		`- },`
`22`	`18`	`{`
`23`	`19`	`"webhookName": "namespace-validation",`
`24`	`20`	"documentString": "Managed OpenShift Customers may not modify namespaces specified in the [openshift-monitoring/addons-namespaces openshift-monitoring/managed-namespaces openshift-monitoring/ocp-namespaces] ConfigMaps because customer workloads should be placed in customer-created namespaces. Customers may not create namespaces identified by this regular expression (^com$\|^io$\|^in$) because it could interfere with critical DNS resolution. Additionally, customers may not set or change the values of these Namespace labels [managed.openshift.io/storage-pv-quota-exempt managed.openshift.io/service-lb-quota-exempt]."
`@@ -33,7 +29,7 @@`
`33`	`29`	`},`
`34`	`30`	`{`
`35`	`31`	`"webhookName": "regular-user-validation",`
`36`		- "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [autoscaling.openshift.io cloudcredential.openshift.io admissionregistration.k8s.io ocmagent.managed.openshift.io upgrade.managed.openshift.io machine.openshift.io managed.openshift.io operator.openshift.io splunkforwarder.managed.openshift.io network.openshift.io addons.managed.openshift.io cloudingress.managed.openshift.io config.openshift.io machineconfiguration.openshift.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Proxy or SubjectPermission objects."
	`32`	+ "documentString": "Managed OpenShift customers may not manage any objects in the following APIgroups [cloudcredential.openshift.io machine.openshift.io admissionregistration.k8s.io operator.openshift.io splunkforwarder.managed.openshift.io upgrade.managed.openshift.io machineconfiguration.openshift.io managed.openshift.io ocmagent.managed.openshift.io network.openshift.io config.openshift.io addons.managed.openshift.io cloudingress.managed.openshift.io autoscaling.openshift.io], nor may Managed OpenShift customers alter the APIServer, KubeAPIServer, OpenShiftAPIServer, ClusterVersion, Proxy or SubjectPermission objects."
`37`	`33`	`},`
`38`	`34`	`{`
`39`	`35`	`"webhookName": "regular-user-validation-osd",`