Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't trigger any webhook on kube-system #11647

Closed
alpeb opened this issue Nov 23, 2023 · 0 comments · Fixed by #11649 or #11675
Closed

Don't trigger any webhook on kube-system #11647

alpeb opened this issue Nov 23, 2023 · 0 comments · Fixed by #11649 or #11675

Comments

@alpeb
Copy link
Member

alpeb commented Nov 23, 2023

Currently the proxy-injector skips the kube-system namespace by default in its MutatingWebhookConfiguration namespaceSelector. We should do the same for the tap-injector and the jaeger-injector, whose selectors are currently empty. Although innocuous, this is currently generating a warning, in the Google Cloud Console for example (see https://linkerd.slack.com/archives/C89RTCWJF/p1700493518265689)

mateiidavid pushed a commit that referenced this issue Nov 30, 2023
…or (#11649)

Linkerd's control plane will skip webhook requests for resources in kube-system. The same configuration should be applied for other webhooks, i.e. tap and jaeger injectors. This change allows users to skip webhook on kube-system by default for tap and jaeger injector.

Closes #11647

Signed-off-by: Takumi Sue <[email protected]>
mateiidavid added a commit that referenced this issue Nov 30, 2023
This edge release introduces new configuration values in the identity
controller for client-go's `QPS` and `Burst` settings. Default values for these
settings have also been raised from `5` (QPS) and `10` (Burst) to `100` and
`200` respectively.

* Added `namespaceSelector` fields for the tap-injector and jaeger-injector
  webhooks. The webhooks are now configured to skip `kube-system` by default
  ([#11649]; fixes [#11647]) (thanks @mikutas!)
* Added the ability to configure client-go's `QPS` and `Burst` settings in the
  identity controller ([#11644])
* Improved client-go logging visibility throughout the control plane's
  components ([#11632])
* Introduced `PodDisruptionBudgets` in the linkerd-viz Helm chart for tap and
  tap-injector ([#11628]; fixes [#11248]) (thanks @mcharriere!)

[#11649]: #11649
[#11647]: #11647
[#11644]: #11644
[#11632]: #11632
[#11628]: #11628
[#11248]: #11248

Signed-off-by: Matei David <[email protected]>
mateiidavid added a commit that referenced this issue Dec 1, 2023
This edge release introduces new configuration values in the identity
controller for client-go's `QPS` and `Burst` settings. Default values for these
settings have also been raised from `5` (QPS) and `10` (Burst) to `100` and
`200` respectively.

* Added `namespaceSelector` fields for the tap-injector and jaeger-injector
  webhooks. The webhooks are now configured to skip `kube-system` by default
  ([#11649]; fixes [#11647]) (thanks @mikutas!)
* Added the ability to configure client-go's `QPS` and `Burst` settings in the
  identity controller ([#11644])
* Improved client-go logging visibility throughout the control plane's
  components ([#11632])
* Introduced `PodDisruptionBudgets` in the linkerd-viz Helm chart for tap and
  tap-injector ([#11628]; fixes [#11248]) (thanks @mcharriere!)

[#11649]: #11649
[#11647]: #11647
[#11644]: #11644
[#11632]: #11632
[#11628]: #11628
[#11248]: #11248

Signed-off-by: Matei David <[email protected]>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
1 participant