webhook - Address is not allowed about mariadb-operator HOT 12 CLOSED

That would make sense. I'll try this again and report back. Sorry the delay. The link you provided is for pod security policies. It's now depricated in favor of pod security standards in 1.25+ https://docs.rke2.io/security/pod_security_standards. Tough I'm not sure that it has something to do with that - it's probably more network-policies related. I'll try a few settings and get back to you.

from mariadb-operator.

Hey @ox1depl ! Is the mariadb-webhook Pods ready by the time you apply the manifests in the CI? I've seen the webhook server taking a bit longer to respond, even after the Pods are reported to be ready.

from mariadb-operator.

In fact, you can't see it on the cluster, but right after the operator deployment, the manifest is deployed and probably the webhook pod is not ready yet,
I added a simple sleep to check it and it is indeed as you say.
thank you ;) And forgive me for being off topic, the error was very similar.

from mariadb-operator.

Thanks for reporting @tirelibirefe !

it seems like it's a webhook misconfiguration, could you provide the following:

• Kubernetes version:
• mariadb-operator version:
• Install method: helm, OLM or static manifests
• Install flavour: minimal, recommended or custom

Thanks, will look into it when I have the details.

from mariadb-operator.

I'm having a similar issue... Basically, what I think happens here is that the webhook url doesn't contain the cluster domain (example: "cluster.local") - so the address isn't resolved. Checking if I can work around it.

from mariadb-operator.

Okay - so installing the controller in kube-system seems like it fixes it. I guess it has something to do with network policies on rke2 when project isolation is enabled in Rancher... Just a guess..

from mariadb-operator.

Thanks for your feedback @RegisHubelia !

I'm not familiar with RKE2, but it seems like they do configure NetworkPolicies by default:

• https://docs.rke2.io/security/pod_security_policies

Could you confirm that you have NetworkPolicies in the namespace where you initially have issues? It would be ideal if you could share them here.

If that was the case, we could do like cert-manager and create a NetworkPolicy inside of the helm chart to allow traffic to the webhook, something like this:

• https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/templates/networkpolicy-webhooks.yaml

from mariadb-operator.

it's probably more network-policies related

I'm betting the same, drop a comment here when you find the time to debug 👍🏻

from mariadb-operator.

Hi. i have similar issue, when try deploy with gitlab-ci but i`ve got context deadline exceeded at the end, its related ?

k8s version: 1.26.6
k8s provisioner: kOps
Operator version: v0.18.0

Error from server (InternalError): error when creating "extras/mariadb.yaml": Internal error occurred: failed calling webhook "mmariadb.kb.io": failed to call webhook: Post "[https://mariadb-operator-webhook.platform.svc:443/mutate-mariadb-mmontes-io-v1alpha1-mariadb?timeout=10s](https://mariadb-operator-webhook.platform.svc/mutate-mariadb-mmontes-io-v1alpha1-mariadb?timeout=10s)": context deadline exceeded

But, when I manualy apply the same manifest with kubectl apply -f file it works... strange.

from mariadb-operator.

@ox1depl no worries, here to help

@RegisHubelia @tirelibirefe is this still an issue for you? if not, we can close

from mariadb-operator.

This issue is stale because it has been open 30 days with no activity.

from mariadb-operator.

This issue was closed because it has been stalled for 5 days with no activity.

from mariadb-operator.