Peter Bacsko created YUNIKORN-871:
-------------------------------------
Summary: Admission controller should only validate yunikorn
configmap changes
Key: YUNIKORN-871
URL: https://issues.apache.org/jira/browse/YUNIKORN-871
Project: Apache YuniKorn
Issue Type: Bug
Components: shim - kubernetes
Reporter: Peter Bacsko
Currently, the admission controller is watching all namespaces and tries to
validate all configmap changes. But we only need to validate the
yunikorn-related changes.
Example:
{noformat}
$ kubectl logs yunikorn-admission-controller-695869b547-qtfpg
...
2021-10-04T11:52:19.379Z INFO webhook/webhook.go:83 the admission
controller started {"port": 9089, "listeningOn": ["/mutate",
"/validate-conf"]}
$ kubectl create namespace testnamespace
namespace/testnamespace created
$ kubectl create configmap my-config --from-literal=mykey=myval
--namespace=testnamespace
configmap/my-config created
$ kubectl get cm
NAME DATA AGE
yunikorn-configs 1 11m
$ kubectl get cm --namespace=testnamespace
NAME DATA AGE
my-config 1 17s
$ kubectl logs yunikorn-admission-controller-695869b547-qtfpg
...
2021-10-04T11:52:19.379Z INFO webhook/webhook.go:83 the admission
controller started {"port": 9089, "listeningOn": ["/mutate",
"/validate-conf"]}
2021-10-04T12:03:57.806Z INFO webhook/admission_controller.go:304
AdmissionReviewResponse {"allowed": true}
{noformat}
We need something like the following in {{validations.yaml.template}}:
{noformat}
namespaceSelector:
matchLabels:
yunikorn
{noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
