[Release-1.26] - rke2-snapshot-validation-webhook fails to get endpoints while the pod returns ready

[brandond]

Backport fix for rke2-snapshot-validation-webhook fails to get endpoints while the pod returns ready

• rke2-snapshot-validation-webhook fails to get endpoints while the pod returns ready #5519

[ShylajaDevadiga]

Validated fix on rke2 version v1.26.14-rc3+rke2r1

Environment Details

Infrastructure
Cloud EC2 instance

Node(s) CPU architecture, OS, and Version:

cat /etc/os-release 
ec2-user@ip-172-31-4-114:~> cat /etc/os-release
NAME="SLES"
VERSION="15-SP4"
VERSION_ID="15.4"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP4"

Cluster Configuration:
3 server 1 agent

Config.yaml:

cat /etc/rancher/rke2/config,yaml
write-kubeconfig-mode: "0644"
tls-san:
  - fake.fqdn.value
node-name: ip-172-31-4-114.us-east-2.compute.internal
profile: cis-1.23
cni: calico

Steps to validate

1. Install rke2 in cis mode on ha setup
2. Check endpoint for rke2-snapshot-validation-webhook

Validation results:

ec2-user@ip-172-31-12-188:~> rke2 -v
rke2 version v1.26.14-rc3+rke2r1 (93518400c62043756be7e321480bcd5f19f42bbf)
go version go1.21.7 X:boringcrypto
ec2-user@ip-172-31-12-188:~> kubectl get endpoints -n kube-system rke2-snapshot-validation-webhook
NAME                               ENDPOINTS           AGE
rke2-snapshot-validation-webhook   10.42.87.202:8443   3h28m
ec2-user@ip-172-31-12-188:~> kubectl create -f - <<EOF
> apiVersion: snapshot.storage.k8s.io/v1
> kind: VolumeSnapshot
> metadata:
>   name: bad-snapshot-demo
>   namespace: default
> spec:
>   source:
>     persistentVolumeClaimName: csi-pvc
>   volumeSnapshotClassName: ""
> EOF
Error from server: error when creating "STDIN": admission webhook "rke2-snapshot-validation-webhook.csi.kubernetes.io" denied the request: Spec.VolumeSnapshotClassName must not be the empty string
ec2-user@ip-172-31-12-188:~>