Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: block policy admission if kyverno is down #5677

Merged
merged 4 commits into from
Dec 16, 2022
Merged

fix: block policy admission if kyverno is down #5677

merged 4 commits into from
Dec 16, 2022

Conversation

eddycharly
Copy link
Member

Signed-off-by: Charles-Edouard Brétéché charles.edouard@nirmata.com

Explanation

This PR blocks policy admission if kyverno is down.

Related issue

Fixes #5371

What type of PR is this

/kind bug

@eddycharly
fix: block policy admission if kyverno is down
3e4a3b6 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
@eddycharly eddycharly added this to the Kyverno Release 1.9.0 milestone Dec 13, 2022
@codecov
Copy link

codecov bot commented Dec 13, 2022
edited

Codecov Report

Merging #5677 (f0e399b) into main (8fd841a) will not change coverage.
The diff coverage is 0.00%.

@@           Coverage Diff           @@
##             main    #5677   +/-   ##
=======================================
  Coverage   34.42%   34.42%           
=======================================
  Files         191      191           
  Lines       21146    21146           
=======================================
  Hits         7280     7280           
  Misses      13065    13065           
  Partials      801      801
Impacted Files Coverage Δ
pkg/controllers/webhook/controller.go 0.00% <0.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@chipzoller
Copy link
Member

Does this work by configuring the policy webhook to a failure mode of Fail?

@realshuting
Copy link
Member

realshuting commented Dec 16, 2022
edited

Does this work by configuring the policy webhook to a failure mode of Fail?

yes, I think so. FailurePolicy Fail rejects requests when fails to call the webhook:

Fail means that an error calling the webhook causes the admission to fail and the API request to be rejected.

@realshuting realshuting enabled auto-merge (squash) December 16, 2022 06:15
@realshuting realshuting merged commit a34bbaa into kyverno:main Dec 16, 2022
MdSahil-oss pushed a commit to MdSahil-oss/kyverno that referenced this pull request Dec 29, 2022
@eddycharly @realshuting @MdSahil-oss
fix: block policy admission if kyverno is down (kyverno#5677)
63f2b71 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: Md Sahil <Mohdssahil1@gmail.com>
MdSahil-oss pushed a commit to MdSahil-oss/kyverno that referenced this pull request Jan 11, 2023
@eddycharly @realshuting @MdSahil-oss
fix: block policy admission if kyverno is down (kyverno#5677)
08e3a0b 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
MdSahil-oss pushed a commit to MdSahil-oss/kyverno that referenced this pull request Jan 11, 2023
@eddycharly @realshuting @MdSahil-oss
fix: block policy admission if kyverno is down (kyverno#5677)
a53b3cd 
Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
Co-authored-by: shuting <shuting@nirmata.com>
Signed-off-by: MdSahil-oss <Mohdssahil1@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@realshuting realshuting realshuting approved these changes

@chipzoller chipzoller Awaiting requested review from chipzoller

@JimBugwadia JimBugwadia Awaiting requested review from JimBugwadia

Assignees
No one assigned
Labels
milestone 1.9.0
Projects
None yet
Milestone
Kyverno Release 1.9.0
Development

Successfully merging this pull request may close these issues.

Handle policy validation when kyverno pod is down
3 participants
@eddycharly @chipzoller @realshuting