Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Webhook entry doesn't filter resources #282

Open
d-uzlov opened this issue May 10, 2023 · 0 comments
Open

Webhook entry doesn't filter resources #282

d-uzlov opened this issue May 10, 2023 · 0 comments
Labels
good first issue Good for newcomers

Comments

@d-uzlov
Copy link

d-uzlov commented May 10, 2023
edited
Loading

Currently the app doesn't specify any limits to matching resources when it registers the webhook, which results in a webhook with scope set to *, which means it matches any resources, regardless of labels, annotations, etc.

cmd-admission-webhook-k8s/internal/k8s/selfregister.go

Lines 91 to 105 in cf9eb5f

Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update},
Rule: admissionv1.Rule{
APIGroups: []string{""},
APIVersions: []string{"v1"},
Resources: []string{"pods"},
},
},
{
Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update},
Rule: admissionv1.Rule{
APIGroups: []string{"apps"},
APIVersions: []string{"v1"},
Resources: []string{"deployments", "statefulsets", "daemonsets", "replicasets"},
},
},

If the app is unavailable for any reason and k8s can't successfully call it when creating or updating a resource, the create/update action will fail, even if the resource doesn't have anything to do with NSM.
@d-uzlov d-uzlov mentioned this issue Oct 18, 2023
Merged
9 tasks
@dualBreath dualBreath mentioned this issue Nov 2, 2023
Open
@denis-tingaikin denis-tingaikin added the good first issue Good for newcomers label Apr 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
Backlog
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@d-uzlov @denis-tingaikin