-
Notifications
You must be signed in to change notification settings - Fork 193
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After KCC is set up, the validationwebhook intercepts deletion of even non-kcc CRDs #758
Comments
@koustubh25 could you please share more details on step 2? Do you have a sample YAML which shows how you set the default netpols? |
thanks for the reply @diviner524
But, my question really is - is it necessary for the the validationwebhookconfiguration or would it be better if the webhook has an objectSelector like this
|
@koustubh25 Thanks for providing the YAML! Yes your are correct. An objectSelector can be introduced to specify this webhook only affects KCC CRDs. We will add that. |
This was fixed in KCC v1.100.0. |
Checklist
Bug Description
Config Connector Version
Kubernetes Version
I have KCC set up in namespaced mode on GKE cluster. I also have other CRDs (non KCC) installed in the same cluster. When I try to delete the other CRDs (non KCC), the validation webhook configuration intercepts it.
This is not desirable to me for reasons described in the Log Output section.
I found this issue #202 which is somewhat related, but it focuses more on the KCC uninstallation process.
Additional Diagnostic Information
I see the config for
abandon-on-uninstall.cnrm.cloud.google.com
validation webhook isWould it be better if it has selector so that it only intercepts kcc CRDs? e.g. adding this to the validation webhook
Or is there any way I can do this already?
Kubernetes Cluster Version
GKE v1.23.14-gke.1800
Config Connector Version
1.99.0
Config Connector Mode
namespaced mode (default)
Log Output
In my case, I have a number of CRDs (some are namespace scoped) in the cluster and the default netpols is deny all, so I end up with below, when I try to delete them
I get this error when I try to delete the CRD
certificaterequests.cert-manager.io
Steps to reproduce the issue
Pre-requisite:
Have other non KCC CRDs (namespace scoped) in the cluster
Have the default netpols as deny all
Set up config connector in k8s cluster in namespaced mode https://cloud.google.com/config-connector/docs/how-to/advanced-install#manual
Delete any non KCC CRD in the cluster
You will see that the webhook call times out.
YAML snippets
No response
The text was updated successfully, but these errors were encountered: