Event: Move event recording in ValidatingWebhook to controller

Question

Event: Move event recording in ValidatingWebhook to controller

devholic opened this issue 2 months ago · comments

Background

As @hiddeco pointed out, recording Events on ValidatingWebhook doesn't guarantee that the given event is really happened or not because other ValidatingWebhook in cluster can affect the result of validation.

Proposal

Instead of recording events in ValidatingWebhook,

MutatingWebhook annotates event payload to target resources
Controller records event in initial phase of reconciliation loop if payload presents in annotation and clear from annotations

References

Admission Control Phases

Kent Rancourt commented 2 months ago

Agreed.

Kent Rancourt · Answer 1 · Tue Apr 16 2024 21:54:51 GMT+0800 (China Standard Time)

@devholic I'll leave it up to you whether this needs to be changed in the v0.6.0 timeline or if the current behavior is acceptable for now, making this lower priority. Your call.

Sunghoon Kang · Answer 2 · Tue Apr 16 2024 23:37:38 GMT+0800 (China Standard Time)

@krancour Focusing on event tracking itself has higher priority for v0.6.0, so I think we can do this after v0.6.0 is released.