Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

allow one to specify namespace or object selectors #43

Merged
merged 2 commits into from
Oct 6, 2021
Merged

allow one to specify namespace or object selectors #43

merged 2 commits into from
Oct 6, 2021

Conversation

KhrisRichardson-BO
Copy link
Contributor

Without this, if one were to set the webhook policy to Fail, a k8s-image-swapper pod would not be allowed to be created by kube-apiserver.

@KhrisRichardson-BO KhrisRichardson-BO force-pushed the mutating-webhook-configuration-selectors branch from f7de701 to 1127048 Compare October 6, 2021 01:13
@estahn
Copy link
Owner

estahn commented Oct 6, 2021

@KhrisRichardson-BO Thanks for the PR.

Imo the point of setting the policy to Fail is to prevent the creation of the pod, otherwise, you can just set it to Ignore.

@KhrisRichardson-BO
Copy link
Contributor Author

@estahn I want the pod creation to fail if the mutation fails for whatever reason. I've observed a few instances where the image pull and push succeeded, but the pod spec mutation does not, resulting in the pod running with the public vs. private image repository, which is especially troublesome for nodes that cannot egress to the public image repository (i.e. - k8s-image-swapper runs on a tainted node that has permissions to egress).

@estahn
Copy link
Owner

estahn commented Oct 6, 2021

@KhrisRichardson-BO I see. I think it makes sense to have the ability to preselect what should be mutated by the webhook. Let's get it merged :)

@KhrisRichardson-BO KhrisRichardson-BO force-pushed the mutating-webhook-configuration-selectors branch 2 times, most recently from b883ae6 to cb6fd75 Compare October 6, 2021 01:24
@KhrisRichardson-BO KhrisRichardson-BO force-pushed the mutating-webhook-configuration-selectors branch from cb6fd75 to 31d5d9e Compare October 6, 2021 01:26
@estahn
Copy link
Owner

estahn commented Oct 6, 2021

@KhrisRichardson-BO Please ignore lint-test. I need to fix up the integration test.

estahn
estahn requested changes Oct 6, 2021
View reviewed changes
Copy link
Owner

@estahn estahn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, missed that.

@KhrisRichardson-BO KhrisRichardson-BO force-pushed the mutating-webhook-configuration-selectors branch from 31d5d9e to 48dde24 Compare October 6, 2021 01:32
@estahn estahn merged commit eb591ca into estahn:main Oct 6, 2021
@KhrisRichardson-BO KhrisRichardson-BO deleted the mutating-webhook-configuration-selectors branch October 6, 2021 01:39
@KhrisRichardson-BO
Copy link
Contributor Author

Thanks, Enrico

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@estahn estahn estahn requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KhrisRichardson-BO @estahn