Comments (3)
tested with the simple poddefault example in /tests/integration in an air-gapped environment, the poddefault was applied as expected in spite of the TLS errors.
workload container logs:
2023-09-01T07:55:51.005Z [pebble] GET /v1/checks?names=admission-webhook-up 52.665µs 200
2023-09-01T07:56:15.821Z [admission-webhook] 2023/09/01 07:56:15 http: TLS handshake error from [::1]:42064: EOF
2023-09-01T07:56:45.821Z [admission-webhook] 2023/09/01 07:56:45 http: TLS handshake error from [::1]:46242: EOF
2023-09-01T07:57:15.822Z [admission-webhook] 2023/09/01 07:57:15 http: TLS handshake error from [::1]:36116: EOF
2023-09-01T07:57:29.319Z [admission-webhook] I0901 07:57:29.319109 13 main.go:598] Entering mutatePods in mutating webhook
2023-09-01T07:57:29.319Z [admission-webhook] I0901 07:57:29.319360 13 main.go:624] Looking at pod annotations, found: map[kubectl.kubernetes.io/last-applied-configuration:{"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{},"labels":{"access-ml-pipeline":"true"},"name":"testpod","namespace":"test-admission-webhook-user-namespace"},"spec":{"containers":[{"args":["while true; do sleep 3600; done"],"command":["/bin/bash","-c","--"],"image":"172.17.0.2:5000/minio/minio:RELEASE.2021-09-03T03-56-13Z","imagePullPolicy":"Always","name":"ubuntu"}]}}
2023-09-01T07:57:29.319Z [admission-webhook] ]
2023-09-01T07:57:29.524Z [admission-webhook] I0901 07:57:29.523992 13 main.go:644] fetched 1 poddefault(s) in namespace test-admission-webhook-user-namespace
2023-09-01T07:57:29.524Z [admission-webhook] I0901 07:57:29.524048 13 main.go:660] 1 matching pod defaults, for pod testpod
2023-09-01T07:57:29.524Z [admission-webhook] I0901 07:57:29.524059 13 main.go:666] Matching PD detected of count 1, patching spec
2023-09-01T07:57:29.524Z [admission-webhook] I0901 07:57:29.524083 13 main.go:479] mutating pod: testpod
2023-09-01T07:57:29.524Z [admission-webhook] I0901 07:57:29.524102 13 main.go:681] applied poddefaults: access-ml-pipeline successfully on Pod: testpod
2023-09-01T07:57:45.821Z [admission-webhook] 2023/09/01 07:57:45 http: TLS handshake error from [::1]:41702: EOF
2023-09-01T07:58:15.821Z [admission-webhook] 2023/09/01 07:58:15 http: TLS handshake error from [::1]:51300: EOF
2023-09-01T07:58:45.821Z [admission-webhook] 2023/09/01 07:58:45 http: TLS handshake error from [::1]:52200: EOF
It seems that the TLS error does not affect the functionality of the webhook operator.
will need to confirm this when doing bundle testing in airgapped.
from admission-webhook-operator.
tried creating a notebook in air-gapped, the pod-default wasn't applied as expected
logs from admission-webhook:
2023-09-21T22:55:45.570Z [admission-webhook] 2023/09/21 22:55:45 http: TLS handshake error from [::1]:56262: EOF
2023-09-21T22:56:15.570Z [admission-webhook] 2023/09/21 22:56:15 http: TLS handshake error from [::1]:41634: EOF
2023-09-21T22:56:45.570Z [admission-webhook] 2023/09/21 22:56:45 http: TLS handshake error from [::1]:53972: EOF
2023-09-21T22:56:58.329Z [pebble] GET /v1/checks?names=admission-webhook-up 54.67µs 200
2023-09-21T22:57:15.570Z [admission-webhook] 2023/09/21 22:57:15 http: TLS handshake error from [::1]:55470: EOF
2023-09-21T22:57:38.939Z [admission-webhook] I0921 22:57:38.939819 13 main.go:598] Entering mutatePods in mutating webhook
2023-09-21T22:57:38.940Z [admission-webhook] I0921 22:57:38.940462 13 main.go:598] Entering mutatePods in mutating webhook
2023-09-21T22:57:40.007Z [admission-webhook] I0921 22:57:40.007746 13 request.go:665] Waited for 1.01705739s due to client-side throttling, not priority and fairness, request: GET:https://10.152.183.1:443/apis/machinelearning.seldon.io/v1?timeout=32s
2023-09-21T22:57:40.615Z [admission-webhook] I0921 22:57:40.614642 13 main.go:644] fetched 1 poddefault(s) in namespace profilename
2023-09-21T22:57:40.617Z [admission-webhook] I0921 22:57:40.617480 13 main.go:644] fetched 1 poddefault(s) in namespace profilename
2023-09-21T22:57:45.570Z [admission-webhook] 2023/09/21 22:57:45 http: TLS handshake error from [::1]:58420: EOF
2023-09-21T22:58:15.570Z [admission-webhook] 2023/09/21 22:58:15 http: TLS handshake error from [::1]:44606: EOF
2023-09-21T22:58:16.417Z [admission-webhook] I0921 22:58:16.416987 13 main.go:598] Entering mutatePods in mutating webhook
2023-09-21T22:58:17.467Z [admission-webhook] I0921 22:58:17.467713 13 request.go:665] Waited for 1.046999552s due to client-side throttling, not priority and fairness, request: GET:https://10.152.183.1:443/apis/apiextensions.k8s.io/v1?timeout=32s
2023-09-21T22:58:18.073Z [admission-webhook] I0921 22:58:18.073845 13 main.go:644] fetched 1 poddefault(s) in namespace profilename
2023-09-21T22:58:45.570Z [admission-webhook] 2023/09/21 22:58:45 http: TLS handshake error from [::1]:52854: EOF
2023-09-21T22:59:15.569Z [admission-webhook] 2023/09/21 22:59:15 http: TLS handshake error from [::1]:53128: EOF
2023-09-21T22:59:45.570Z [admission-webhook] 2023/09/21 22:59:45 http: TLS handshake error from [::1]:47726: EOF
2023-09-21T23:00:15.570Z [admission-webhook] 2023/09/21 23:00:15 http: TLS handshake error from [::1]:45644: EOF
I still need to investigate what is causing this, whether it's related to the TLS handshake error.
from admission-webhook-operator.
This issue is possibly related to kubeflow/kubeflow#6708
We're not sure why it's only happening in air-gapped
from admission-webhook-operator.
Related Issues (17)
- latest/edge charm stuck in maintenance with `Workload failed health check`
- Make charm's images configurable in track/<last-version> branch HOT 2
- `MutatingWebhook` namespace selector missing, giving it wider scope than intended HOT 1
- Integration CI "passes" even if charm goes to `Error` HOT 2
- Add missing unit tests
- Admission webhook using incorrect certificate after restart HOT 3
- poddefaults go into wrong namespace HOT 2
- kubeflow deploy deadlocks after deploying admission-webhook HOT 4
- Admission Webhook charm rewrite using sidecar pattern HOT 1
- `mutatingwebhookconfiguration`/`validatingwebhookconfiguration` objects left behind after application removal HOT 3
- Fix update status handler
- incorrect on_remove logs
- Missing aggregtaion ClusterRoles
- Upgrade test is failing in CI due to authorization issues
- Missing pod-defaults interface
- `MutatingWebhookConfiguration` conflict when upgrading from 1.6 to 1.7 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from admission-webhook-operator.