Put back in.

charts/gardener-extension-admission-metal/charts/runtime/templates/deployment.yaml

@@ -78,6 +78,10 @@ spec:
           value: {{ $value | quote }}
 {{- end }}
 {{- end }}
+        {{- if .Values.global.virtualGarden.enabled }}
+        - name: SOURCE_CLUSTER
+          value: enabled
+        {{- end }}
         ports:
         - name: webhook-server
           containerPort: {{ .Values.global.webhookConfig.serverPort }}

pkg/admission/validator/secretbinding.go

@@ -25,7 +25,7 @@ func NewSecretBindingValidator(mgr manager.Manager) extensionswebhook.Validator
 	}
 }
 
-// Validate checks whether the given SecretBinding refers to a Secret with valid AWS credentials.
+// Validate checks whether the given SecretBinding refers to a Secret with valid metal-api credentials.
 func (sb *secretBinding) Validate(ctx context.Context, newObj, oldObj client.Object) error {
 	secretBinding, ok := newObj.(*core.SecretBinding)
 	if !ok {

pkg/admission/validator/secrets.go

@@ -19,7 +19,7 @@ func NewSecretValidator() extensionswebhook.Validator {
 	return &secret{}
 }
 
-// Validate checks whether the given new secret contains valid AWS credentials.
+// Validate checks whether the given new secret contains valid metal-api credentials.
 func (s *secret) Validate(_ context.Context, newObj, oldObj client.Object) error {
 	secret, ok := newObj.(*corev1.Secret)
 	if !ok {

pkg/apis/metal/validation/secrets.go

@@ -8,7 +8,7 @@ import (
 	"github.com/metal-stack/gardener-extension-provider-metal/pkg/metal"
 )
 
-// ValidateCloudProviderSecret checks whether the given secret contains a valid AWS access keys.
+// ValidateCloudProviderSecret checks whether the given secret contains a valid metal-api credentials.
 func ValidateCloudProviderSecret(secret *corev1.Secret) error {
 	creds, err := metal.ReadCredentialsSecret(secret)
 	if err != nil {