Closed britdm closed 2 months ago
Hi Brittany, you should open an issue in the upstream project as the webhook is for now created by the application here: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/pkg/admission-controller/config.go#L47
I had plan to manage the webhook directly in the Helm chart but it would introduce a breaking change for current users of the chart.
Hello, I have the vertical-pod-autoscaler chart installed on a GKE cluster, and in the UI I am notified that the mutatingwebhookconfiguration
vpa-webhook-config
raises a warning:I was able to patch the mutatingwebhookconfiguration object using a post-upgrade helm chart hook, following these instructions: https://cloud.google.com/kubernetes-engine/docs/how-to/optimize-webhooks?&_ga=2.18119354.-2077099904.1664205505#unsafe-webhooks
Since there isn't really a way to add deny rules to the clusterrole definition, this would need to be patched onto the mutatingwebhookconfiguration object.
Steps
c. use kubectl to patch the changes to the
namespaceSelector
I was not able to get this to work including annotation
"helm.sh/hook-delete-policy": hook-succeeded
.