-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't trigger any webhook on kube-system #11647
Labels
Comments
mateiidavid
pushed a commit
that referenced
this issue
Nov 30, 2023
…or (#11649) Linkerd's control plane will skip webhook requests for resources in kube-system. The same configuration should be applied for other webhooks, i.e. tap and jaeger injectors. This change allows users to skip webhook on kube-system by default for tap and jaeger injector. Closes #11647 Signed-off-by: Takumi Sue <[email protected]>
mateiidavid
added a commit
that referenced
this issue
Nov 30, 2023
This edge release introduces new configuration values in the identity controller for client-go's `QPS` and `Burst` settings. Default values for these settings have also been raised from `5` (QPS) and `10` (Burst) to `100` and `200` respectively. * Added `namespaceSelector` fields for the tap-injector and jaeger-injector webhooks. The webhooks are now configured to skip `kube-system` by default ([#11649]; fixes [#11647]) (thanks @mikutas!) * Added the ability to configure client-go's `QPS` and `Burst` settings in the identity controller ([#11644]) * Improved client-go logging visibility throughout the control plane's components ([#11632]) * Introduced `PodDisruptionBudgets` in the linkerd-viz Helm chart for tap and tap-injector ([#11628]; fixes [#11248]) (thanks @mcharriere!) [#11649]: #11649 [#11647]: #11647 [#11644]: #11644 [#11632]: #11632 [#11628]: #11628 [#11248]: #11248 Signed-off-by: Matei David <[email protected]>
Merged
mateiidavid
added a commit
that referenced
this issue
Dec 1, 2023
This edge release introduces new configuration values in the identity controller for client-go's `QPS` and `Burst` settings. Default values for these settings have also been raised from `5` (QPS) and `10` (Burst) to `100` and `200` respectively. * Added `namespaceSelector` fields for the tap-injector and jaeger-injector webhooks. The webhooks are now configured to skip `kube-system` by default ([#11649]; fixes [#11647]) (thanks @mikutas!) * Added the ability to configure client-go's `QPS` and `Burst` settings in the identity controller ([#11644]) * Improved client-go logging visibility throughout the control plane's components ([#11632]) * Introduced `PodDisruptionBudgets` in the linkerd-viz Helm chart for tap and tap-injector ([#11628]; fixes [#11248]) (thanks @mcharriere!) [#11649]: #11649 [#11647]: #11647 [#11644]: #11644 [#11632]: #11632 [#11628]: #11628 [#11248]: #11248 Signed-off-by: Matei David <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Currently the proxy-injector skips the kube-system namespace by default in its MutatingWebhookConfiguration namespaceSelector. We should do the same for the tap-injector and the jaeger-injector, whose selectors are currently empty. Although innocuous, this is currently generating a warning, in the Google Cloud Console for example (see https://linkerd.slack.com/archives/C89RTCWJF/p1700493518265689)
The text was updated successfully, but these errors were encountered: