Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't trigger any webhook on kube-system #11647

Closed
alpeb opened this issue Nov 23, 2023 · 0 comments · Fixed by #11649 or #11675
Closed

Don't trigger any webhook on kube-system #11647

alpeb opened this issue Nov 23, 2023 · 0 comments · Fixed by #11649 or #11675
Labels
good first issue help wanted

Comments

@alpeb
Copy link
Member

alpeb commented Nov 23, 2023

Currently the proxy-injector skips the kube-system namespace by default in its MutatingWebhookConfiguration namespaceSelector. We should do the same for the tap-injector and the jaeger-injector, whose selectors are currently empty. Although innocuous, this is currently generating a warning, in the Google Cloud Console for example (see https://linkerd.slack.com/archives/C89RTCWJF/p1700493518265689)
@mikutas mikutas mentioned this issue Nov 24, 2023
Merged
mateiidavid pushed a commit that referenced this issue Nov 30, 2023
@mikutas
Skip webhook on kube-system by default for tap-injector/jaeger-inject…
1da8fcc 
…or (#11649)

Linkerd's control plane will skip webhook requests for resources in kube-system. The same configuration should be applied for other webhooks, i.e. tap and jaeger injectors. This change allows users to skip webhook on kube-system by default for tap and jaeger injector.

Closes #11647

Signed-off-by: Takumi Sue <u630868b@alumni.osaka-u.ac.jp>
mateiidavid added a commit that referenced this issue Nov 30, 2023
@mateiidavid
edge-23.12.1
4f0b9b3 
This edge release introduces new configuration values in the identity
controller for client-go's `QPS` and `Burst` settings. Default values for these
settings have also been raised from `5` (QPS) and `10` (Burst) to `100` and
`200` respectively.

* Added `namespaceSelector` fields for the tap-injector and jaeger-injector
  webhooks. The webhooks are now configured to skip `kube-system` by default
  ([#11649]; fixes [#11647]) (thanks @mikutas!)
* Added the ability to configure client-go's `QPS` and `Burst` settings in the
  identity controller ([#11644])
* Improved client-go logging visibility throughout the control plane's
  components ([#11632])
* Introduced `PodDisruptionBudgets` in the linkerd-viz Helm chart for tap and
  tap-injector ([#11628]; fixes [#11248]) (thanks @mcharriere!)

[#11649]: #11649
[#11647]: #11647
[#11644]: #11644
[#11632]: #11632
[#11628]: #11628
[#11248]: #11248

Signed-off-by: Matei David <matei@buoyant.io>
@mateiidavid mateiidavid mentioned this issue Nov 30, 2023
Merged
mateiidavid added a commit that referenced this issue Dec 1, 2023
@mateiidavid
edge-23.12.1 (#11675)
d0ca071 
This edge release introduces new configuration values in the identity
controller for client-go's `QPS` and `Burst` settings. Default values for these
settings have also been raised from `5` (QPS) and `10` (Burst) to `100` and
`200` respectively.

* Added `namespaceSelector` fields for the tap-injector and jaeger-injector
  webhooks. The webhooks are now configured to skip `kube-system` by default
  ([#11649]; fixes [#11647]) (thanks @mikutas!)
* Added the ability to configure client-go's `QPS` and `Burst` settings in the
  identity controller ([#11644])
* Improved client-go logging visibility throughout the control plane's
  components ([#11632])
* Introduced `PodDisruptionBudgets` in the linkerd-viz Helm chart for tap and
  tap-injector ([#11628]; fixes [#11248]) (thanks @mcharriere!)

[#11649]: #11649
[#11647]: #11647
[#11644]: #11644
[#11632]: #11632
[#11628]: #11628
[#11248]: #11248

Signed-off-by: Matei David <matei@buoyant.io>
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 31, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
good first issue help wanted
Projects
None yet
Milestone
No milestone
1 participant
@alpeb