From 6f4b104c9e6cb8adb15933b77779ed530c96521d Mon Sep 17 00:00:00 2001
From: Mengqi Yu <mengqiy@google.com>
Date: Thu, 18 Apr 2019 10:30:04 -0700
Subject: [PATCH 1/2] add admission webhook types in the default cluster-scoped
 resource list

---
 pkg/gvk/gvk.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/gvk/gvk.go b/pkg/gvk/gvk.go
index 890c8e8b5..43ef3fbf5 100644
--- a/pkg/gvk/gvk.go
+++ b/pkg/gvk/gvk.go
@@ -158,6 +158,8 @@ var clusterLevelKinds = []string{
 	"CustomResourceDefinition",
 	"Namespace",
 	"PersistentVolume",
+	"MutatingWebhookConfiguration",
+	"ValidatingWebhookConfiguration",
 }
 
 // IsClusterKind returns true if x is a cluster-level Gvk

From bcb697eb0b11ebbf53f6e9f10b5d9c9a9c6a4b52 Mon Sep 17 00:00:00 2001
From: Mengqi Yu <mengqiy@google.com>
Date: Thu, 18 Apr 2019 10:31:17 -0700
Subject: [PATCH 2/2] fix namespace transformer for cluster-scoped resources

---
 pkg/transformers/namespace.go | 81 +++++++++++++++++++++++------------
 1 file changed, 54 insertions(+), 27 deletions(-)

diff --git a/pkg/transformers/namespace.go b/pkg/transformers/namespace.go
index 3087ad8e7..b47ccdede 100644
--- a/pkg/transformers/namespace.go
+++ b/pkg/transformers/namespace.go
@@ -48,14 +48,65 @@ func NewNamespaceTransformer(ns string, cf []config.FieldSpec) Transformer {
 
 // Transform adds the namespace.
 func (o *namespaceTransformer) Transform(m resmap.ResMap) error {
-	mf := resmap.ResMap{}
+	mf := o.filterResmap(m)
 
+	for id := range mf {
+		objMap := mf[id].Map()
+		for _, path := range o.fieldSpecsToUse {
+			switch path.Path {
+			// Special casing .metadata.namespace since it is a common metadata field across all runtime.Object
+			// We should add namespace if it's namespaced resource; otherwise, we should not.
+			case "metadata/namespace":
+				if id.Gvk().IsSelected(&path.Gvk) && !id.Gvk().IsClusterKind() {
+					if len(objMap) > 0 {
+						err := mutateField(
+							objMap, path.PathSlice(), path.CreateIfNotPresent,
+							func(_ interface{}) (interface{}, error) {
+								return o.namespace, nil
+							})
+						if err != nil {
+							return err
+						}
+					}
+				}
+			default:
+				if !id.Gvk().IsSelected(&path.Gvk) {
+					continue
+				}
+				// make sure the object is non empty
+				if len(objMap) > 0 {
+					err := mutateField(
+						objMap, path.PathSlice(), path.CreateIfNotPresent,
+						func(_ interface{}) (interface{}, error) {
+							return o.namespace, nil
+						})
+					if err != nil {
+						return err
+					}
+				}
+			}
+
+			if !id.Gvk().IsClusterKind() {
+				newid := id.CopyWithNewNamespace(o.namespace)
+				m[newid] = mf[id]
+			} else {
+				m[id] = mf[id]
+			}
+		}
+	}
+	o.updateClusterRoleBinding(m)
+	return nil
+}
+
+func (o *namespaceTransformer) filterResmap(m resmap.ResMap) resmap.ResMap {
+	mf := resmap.ResMap{}
 	for id := range m {
 		found := false
 		for _, path := range o.fieldSpecsToSkip {
 			if id.Gvk().IsSelected(&path.Gvk) {
 				found = true
-				break
+				mf[id] = m[id]
+				delete(m, id)
 			}
 		}
 		if !found {
@@ -63,31 +114,7 @@ func (o *namespaceTransformer) Transform(m resmap.ResMap) error {
 			delete(m, id)
 		}
 	}
-
-	for id := range mf {
-		objMap := mf[id].Map()
-		for _, path := range o.fieldSpecsToUse {
-			if !id.Gvk().IsSelected(&path.Gvk) {
-				continue
-			}
-			// make sure the object is non empty
-			if len(objMap) > 0 {
-				err := mutateField(
-					objMap, path.PathSlice(), path.CreateIfNotPresent,
-					func(_ interface{}) (interface{}, error) {
-						return o.namespace, nil
-					})
-				if err != nil {
-					return err
-				}
-			}
-			newid := id.CopyWithNewNamespace(o.namespace)
-			m[newid] = mf[id]
-		}
-
-	}
-	o.updateClusterRoleBinding(m)
-	return nil
+	return mf
 }
 
 func (o *namespaceTransformer) updateClusterRoleBinding(m resmap.ResMap) {