webhooks enabled by default

Question

webhooks enabled by default

ianb-mp opened this issue 8 months ago · comments

According to the quickstart quide webhooks should be disabled by default and yet it appears to be enabled by default!?

I followed the install instructions in the quickstart guide and did not set ENABLE_ADMISSION_CONTROLLER=true. The install appears to have been successful, however I see a couple of pods that are failing to start:

$ kubectl get pods -n sriov-network-operator
NAME                                      READY   STATUS              RESTARTS   AGE
network-resources-injector-kmx4n          0/1     ContainerCreating   0          2d18h
operator-webhook-sr7jc                    0/1     ContainerCreating   0          2d18h
sriov-network-operator-7c76968557-wpfqn   1/1     Running             0          2d18h

If I describe the webhook and network-resources pods I see these event messages:

Events:
  Type     Reason       Age                     From     Message
  ----     ------       ----                    ----     -------
  Warning  FailedMount  59m (x1743 over 2d18h)  kubelet  Unable to attach or mount volumes: unmounted volumes=[tls], unattached volumes=[], failed to process volumes=[]: timed out waiting for the condition
  Warning  FailedMount  49m (x1955 over 2d18h)  kubelet  MountVolume.SetUp failed for volume "tls" : secret "operator-webhook-service" not found
  Warning  FailedMount  12m (x23 over 42m)      kubelet  MountVolume.SetUp failed for volume "tls" : secret "operator-webhook-service" not found
  Warning  FailedMount  2m11s (x18 over 40m)    kubelet  Unable to attach or mount volumes: unmounted volumes=[tls], unattached volumes=[], failed to process volumes=[]: timed out waiting for the condition

I'm using Kubernetes v1.27.7+k3s2

Fred Rolland · Answer 1 · Wed Dec 06 2023 16:27:55 GMT+0800 (China Standard Time)

Hey, how did you deployed? Did you use a make target?

Ian Bishop · Answer 2 · Thu Dec 07 2023 06:23:05 GMT+0800 (China Standard Time)

I used make deploy-setup-k8s. I did a complete reinstall (for other reasons) and had the same issue on the second attempt. Installing cert-manager as per the quickstart instructions has resolved the issue.

Ian Bishop · Answer 3 · Thu Dec 07 2023 06:36:51 GMT+0800 (China Standard Time)

Unless I'm mistaken, the Makefile will set ENABLE_ADMISSION_CONTROLLER to be true unless the variable is already set prior to make being called. Would it make sense to modify the Makefile like this? master...ianb-mp:sriov-network-operator:patch-1

Adrian Chiris · Answer 4 · Thu Dec 07 2023 22:48:41 GMT+0800 (China Standard Time)

im fine with disabling by default to align with quickstart guide.