row.Cells = append(row.Cells, table.NewCell(wa.Reason))
		return row
	})
	w.AddHeader("WEBHOOK", "REVISION", "INJECTED", "REASON")
	injectedTotal := 0
	for _, ws := range was {
		if ws.Injected {
			injectedTotal++
		}
		w.AddRow(ws)
	}
	w.Flush()
	if injectedTotal > 1 {
		fmt.Fprintf(writer, "ERROR: multiple webhooks will inject, which can lead to errors")
	}
	return nil
}

enable the integration of custom authentication methods, MinIO can be configured with an Identity Management Plugin webhook. When configured, this plugin enables the `AssumeRoleWithCustomToken` STS API extension. A user or application can now present a token to the `AssumeRoleWithCustomToken` API, and MinIO verifies this token by sending it to the Identity Management Plugin webhook. This plugin responds with some information and MinIO is able to generate temporary STS credentials to interact with...

#### Webhooks

Istio contains both Validation and Mutating webhook configurations. These need a `caBundle` specified in order to provision the TLS trust. Because Istiod's CA certificate is somewhat dynamic, this is patched at runtime (rather than part of the install). The webhook controllers handle this patching.

	scannerLastActivitySecondsMD = NewGaugeMD(scannerLastActivitySeconds,
		"Time elapsed (in seconds) since last scan activity.")
)

// loadClusterScannerMetrics - `MetricsLoaderFn` for cluster webhook
// such as failed objects and directories scanned.
func loadClusterScannerMetrics(ctx context.Context, m MetricValues, c *metricsCache) error {

### Logger webhook metrics

Metrics about MinIO logger webhooks.

| Path              | Description                         |
|-------------------|-------------------------------------|
| `/logger/webhook` | Metrics related to logger webhooks. |

#### `/logger/webhook`

}

// DefaultLambdaKVS - default notification list of kvs.
var (
	DefaultLambdaKVS = map[string]config.KVS{
		config.LambdaWebhookSubSys: DefaultWebhookKVS,
	}
)

// DefaultWebhookKVS - default KV for webhook config
var (
	DefaultWebhookKVS = config.KVS{
		config.KV{
			Key:   config.Enable,
			Value: config.EnableOff,
		},
		config.KV{
			Key:   target.WebhookEndpoint,
			Value: "",
		},

10.244.0.156:6443                                HEALTHY                  outbound|443||cert-manager-istio-csr.cert-manager.svc.cluster.local
10.244.0.139:10250                               HEALTHY                  outbound|443||cert-manager-webhook.cert-manager.svc.cluster.local
10.244.0.142:9402                                HEALTHY                  outbound|9402||cert-manager.cert-manager.svc.cluster.local

  // Annotations is a list of key-value pairs extracted from the Pod's annotations.
  // It only includes keys which match the pattern `*.image-policy.k8s.io/*`.
  // It is up to each webhook backend to determine how to interpret these annotations, if at all.
  // +optional
  map<string, string> annotations = 2;

  // Namespace is the namespace the pod is being created in.
  // +optional

                {
                    "endpoint_config": {
                        "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment",
                        "cluster_name": "outbound|443||cert-manager-webhook.cert-manager.svc.cluster.local",
                        "endpoints": [
                            {
                                "locality": {},
                                "lb_endpoints": [

			endpoint := getCfgVal(legacyEnvLoggerHTTPEndpoint, target, "")
			if endpoint == "" {
				continue
			}
			url, err := xnet.ParseHTTPURL(endpoint)
			if err != nil {
				LogOnceIf(ctx, "logging", err, "logger-webhook-"+endpoint)
				continue
			}
			cfg.HTTP[target] = http.Config{
				Enabled:  true,
				Endpoint: url,
			}
		}

	case config.AuditWebhookSubSys:
		// List legacy audit ENVs if any.