I tried to use the autotrace webhook within my Openshift environment and ran into the following problem:
Setup: OCP version 4.5 on IBM Cloud (managed Openshift on IBM Cloud) / I installed the autotrace webhook with all default settings, i.e. no namespaces excluded except the build in ones.
Created an new namespace to deploy a simple prometheus server. The autotrace webhook was enabled for that namespace too. Used the following command:
oc new-app --as-deployment-config --name prometheus --docker-image quay.io/prometheus/prometheus
and ran into a problem where the instrumentation with the init container breaks the deploy pod of the above command.
I ran the helm upgrade command to exclude the namespace for the prometheus pod and did the exact same command again and the deployment worked like a charm.
Conclusion: The autotrace webhook can have a bad impact on some deployments so it would be better to NOT let the webhook do the instrumentation with the init container to everything by default, but to manage it with an exclusive opt-in. So that it is only applied to namespaces and ressources when they are explicitly given to the webhook.
I tried to use the autotrace webhook within my Openshift environment and ran into the following problem: Setup: OCP version 4.5 on IBM Cloud (managed Openshift on IBM Cloud) / I installed the autotrace webhook with all default settings, i.e. no namespaces excluded except the build in ones. Created an new namespace to deploy a simple prometheus server. The autotrace webhook was enabled for that namespace too. Used the following command: oc new-app --as-deployment-config --name prometheus --docker-image quay.io/prometheus/prometheus and ran into a problem where the instrumentation with the init container breaks the deploy pod of the above command. I ran the helm upgrade command to exclude the namespace for the prometheus pod and did the exact same command again and the deployment worked like a charm.
Conclusion: The autotrace webhook can have a bad impact on some deployments so it would be better to NOT let the webhook do the instrumentation with the init container to everything by default, but to manage it with an exclusive opt-in. So that it is only applied to namespaces and ressources when they are explicitly given to the webhook.