After KCC is set up, the validationwebhook intercepts deletion of even non-kcc CRDs #758
Closed
3 tasks done
Labels
bug
Something isn't working
Checklist
Bug Description
Config Connector Version
Kubernetes Version
I have KCC set up in namespaced mode on GKE cluster. I also have other CRDs (non KCC) installed in the same cluster. When I try to delete the other CRDs (non KCC), the validation webhook configuration intercepts it.
This is not desirable to me for reasons described in the Log Output section.
I found this issue #202 which is somewhat related, but it focuses more on the KCC uninstallation process.
Additional Diagnostic Information
I see the config for
abandon-on-uninstall.cnrm.cloud.google.com
validation webhook isWould it be better if it has selector so that it only intercepts kcc CRDs? e.g. adding this to the validation webhook
Or is there any way I can do this already?
Kubernetes Cluster Version
GKE v1.23.14-gke.1800
Config Connector Version
1.99.0
Config Connector Mode
namespaced mode (default)
Log Output
In my case, I have a number of CRDs (some are namespace scoped) in the cluster and the default netpols is deny all, so I end up with below, when I try to delete them
I get this error when I try to delete the CRD
certificaterequests.cert-manager.io
Steps to reproduce the issue
Pre-requisite:
Have other non KCC CRDs (namespace scoped) in the cluster
Have the default netpols as deny all
Set up config connector in k8s cluster in namespaced mode https://cloud.google.com/config-connector/docs/how-to/advanced-install#manual
Delete any non KCC CRD in the cluster
You will see that the webhook call times out.
YAML snippets
No response
The text was updated successfully, but these errors were encountered: