Add default labels and ignored namespaces, improved build chain

[alanhughes]

Would be nice to be able to apply default labels to pods for all namespaces (with configurable ignored ones)

[liangrog]

Hi there, Thanks for the pull request. What is your use case here for the default label/ignore namespaces? The current design is whitelist style. If using default label, it's the opposite of the design. It could confuse the end user when configuring. Moreover, if only defining default label, it can cause issues for system level of namespaces such as kube-system or daemonset type of pod.

[alanhughes]

Hi @liangrog . Our use case is that we want to be able to apply different NodeSelectors to pods in some namespaces, and then for pods in all other namespaces we want to have the same NodeSelector applied. In our use-case, the majority of namespaces will be created by end-users, and we want to avoid having to reconfigure the podNodesSelectorConfig env var each time a new namespace comes up.

Using the IGNORED_NAMESPACES env var, one can exclude namespaces from having the 'default' NodeSelector applied. Also, further namespace filtering is done within the webhook server, e.g. to ensure that the NodeSelector is not applied to pods in kube-system.

[liangrog]

I'll take the idea onboard however whitelist and blacklist style need to be mutually exclusive. In addition, it must has some checks making sure namespaces like kube-sytem are required to be setup mandatorily. I suggest to have those new features for the next release. I'll work on it once I got some breathing room.

[liangrog]

Considered and added to proposed https://github.com/liangrog/admission-webhook-server/issues/4