Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
Currently, the admission controller is watching all namespaces and tries to validate all configmap changes. But we only need to validate the yunikorn-related changes.
Example:
$ kubectl logs yunikorn-admission-controller-695869b547-qtfpg ... 2021-10-04T11:52:19.379Z INFO webhook/webhook.go:83 the admission controller started {"port": 9089, "listeningOn": ["/mutate", "/validate-conf"]} $ kubectl create namespace testnamespace namespace/testnamespace created $ kubectl create configmap my-config --from-literal=mykey=myval --namespace=testnamespace configmap/my-config created $ kubectl get cm NAME DATA AGE yunikorn-configs 1 11m $ kubectl get cm --namespace=testnamespace NAME DATA AGE my-config 1 17s $ kubectl logs yunikorn-admission-controller-695869b547-qtfpg ... 2021-10-04T11:52:19.379Z INFO webhook/webhook.go:83 the admission controller started {"port": 9089, "listeningOn": ["/mutate", "/validate-conf"]} 2021-10-04T12:03:57.806Z INFO webhook/admission_controller.go:304 AdmissionReviewResponse {"allowed": true}
We need something like the following in validations.yaml.template:
namespaceSelector: matchLabels: yunikorn
This problem was originally found by kmarton.
Attachments
Issue Links
- links to