-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ignored namespaces aren't skipped for Deployment pods #52
Comments
I've logged this PR to address the issue: #53. I'm also interested in #44 though. Is there any utility in having the ignored namespaces in the code at all? Could this not be achieved more flexibly with a namespaceSelector on the webhook itself? That would unblock people (like myself) who would like to use the injector in kube-system. |
I personally think that will be a great improvement. |
Updated #53 to remove the ignored namespaces feature from the code altogether. |
* no message * service is array of service namespace and selector (no need for service name right now) * fix type * fix mistake * simple comment * better and fix tumblr#52 * fix review comment * disable the inject all option * fix comment * not sure why does this files changed but I see we need to check it them * delete travis yaml
What's going on?
The metadata of the CREATE request object doesn't always contain the namespace or the name of the pod. This seems to be the case when the pod is launched on behalf of a Deployment. It doesn't seem to be the case with StatefulSets or a bare Pod. I haven't tested Jobs or CronJobs or any other controllers.
The check for ignored namespaces uses
metadata.namespace
to perform the comparison, so pods in kube-system and kube-public aren't skipped for Deployment pods.Additionally, some logging statements are missing the namespace and name:
Expected Behavior
List of ignored namespaces should be respected for all pod admission requests, regardless of the source.
Reproducer
This is the Deployment I've been using to test:
Version Deets
1.18.5
,1.19.1
k8s-sidecar-injector
Version:release-v0.5.0
The text was updated successfully, but these errors were encountered: