Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

set GVK on AdmissionReview responses in webhook #296

Merged
merged 2 commits into from
Sep 11, 2021
Merged

set GVK on AdmissionReview responses in webhook #296

merged 2 commits into from
Sep 11, 2021

Conversation

ravilr
Copy link
Contributor

@ravilr ravilr commented Sep 7, 2021

Specifying multiple admissionReviewVersions in webhook config with v1 as the first version causes untyped (no GVK) AdmissionReview responses to fail with an error:

failed calling webhook \"vault.hashicorp.com\": expected webhook response of admission.k8s.io/v1, Kind=AdmissionReview, got /, Kind="

This error results from the kube-apiserver checking response type for v1.AdmissionReview's but not for v1beta1's. Hence, set the AdmissionReview response object's GVK to the request's type if it exists or defaulting to v1. with this change, eitheradmissionReviewVersions: ["v1beta1", "v1"] or admissionReviewVersions: ["v1", "v1beta1"] in webhookconfiguration spec works correctly as expected.

  • Also fix a typo in deploy/injector-mutating-webhook.yaml manifest.

@hashicorp-cla
Copy link

hashicorp-cla commented Sep 7, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

ravilr
ravilr commented Sep 7, 2021
View reviewed changes
agent-inject/agent/config.go
@@ -177,7 +177,7 @@ func (a *Agent) newConfig(init bool) ([]byte, error) {
},
Templates: a.newTemplateConfigs(),
TemplateConfig: &TemplateConfig{
ExitOnRetryFailure: a.VaultAgentTemplateConfig.ExitOnRetryFailure,
ExitOnRetryFailure: a.VaultAgentTemplateConfig.ExitOnRetryFailure,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make fmt/gofmt change.

@ravilr
Copy link
Contributor Author

ravilr commented Sep 8, 2021

@tvoran PTAL as this is updating #273..

@ravilr ravilr mentioned this pull request Sep 10, 2021
Closed
tvoran
tvoran approved these changes Sep 11, 2021
View reviewed changes
Copy link
Member

@tvoran tvoran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! This tested great for me, much appreciated.

@tvoran tvoran merged commit 8c072c7 into hashicorp:master Sep 11, 2021
@ravilr ravilr deleted the webhook_typed_response branch September 13, 2021 06:17
RemcoBuddelmeijer pushed a commit to RemcoBuddelmeijer/vault-k8s that referenced this pull request Feb 22, 2022
@ravilr
set GVK on AdmissionReview responses in webhook (hashicorp#296)
b79d59b 
also fix typo in webhook deploy manifests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvoran tvoran tvoran approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

webhook should write typed AdmissionReview response with GVK set
3 participants
@ravilr @hashicorp-cla @tvoran