Gatekeeper Mutator doesn't re-apply mutations to rescheduled pods #3295
Labels
bug
Something isn't working
Comments
|
Since ceph pods are controlled by the Rook operator we mutated the deployments instead of pods and resolved the issue of mutations not persisting. |
|
Interesting. There is no reason why the mutations would not get re-applied, I wonder if this was a webhook failure? In any case, glad you found a workaround. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What steps did you take and what happened:
Using mutations I apply SELinux contexts to pods and it works properly to give them contexts. On node failure that causes pods to reschedule/restart the mutations do not persist/dont get re-applied causing the pods to error out and not start due to SEL.
What did you expect to happen:
Rescheduled pods persist mutations.
Environment:
We are applying these contexts to Rook/Ceph pods.
kubectl version): {Major:"1", Minor:"24", GitVersion:"v1.24.15+rke2r1", GitCommit:"2c67202dc0bb96a7a837cbfb8d72e1f34dfc2808", GitTreeState:"clean", BuildDate:"2023-06-14T21:17:38Z", GoVersion:"go1.19.10 X:boringcrypto", Compiler:"gc", Platform:"linux/amd64"}The text was updated successfully, but these errors were encountered: