Closed kravciak closed 1 year ago
@kravciak thanks for submitting this issue.
Some questions:
default
pod is deleted, I create a policy? Is the Pod recreated?Does your cluster have some policy CR defined?
Just defaults that come with installation, I did not crate any policies. Existing clusteradmissionpolicies went from active into pending state when I deleted policyserver pod.
ε k get customresourcedefinitions | grep kubewarden
policyservers.policies.kubewarden.io 2022-10-24T13:35:34Z
admissionpolicies.policies.kubewarden.io 2022-10-24T13:35:34Z
clusteradmissionpolicies.policies.kubewarden.io 2022-10-24T13:35:34Z
ε k get clusteradmissionpolicies.policies.kubewarden.io
NAME POLICY SERVER MUTATING MODE OBSERVED MODE STATUS
no-host-namespace-sharing default false monitor monitor pending
no-privilege-escalation default true monitor monitor pending
no-privileged-pod default false monitor monitor pending
do-not-run-as-root default true monitor monitor pending
do-not-share-host-paths default false monitor monitor pending
drop-capabilities default true monitor monitor pending
ε k get admissionpolicies.policies.kubewarden.io -A
No resources found
What is the status of the Deployment that controls the default policy
ε k get deploy -n kubewarden policy-server-default -o yaml
...
message: 'Internal error occurred: failed calling webhook "clusterwide-do-not-run-as-root.kubewarden.admission":
failed to call webhook: Post "https://policy-server-default.kubewarden.svc:8443/validate/clusterwide-do-not-run-as-root?timeout=10s":
no endpoints available for service "policy-server-default"'
reason: FailedCreate
status: "True"
type: ReplicaFailure
I create a policy? Is the Pod recreated?
When I create policy it stays in pending state. Pod is not created.
If your cluster has no policies defined..
Pod is recreated as expected.
This seems to be a bug in the controller. I reproduced the issue.
Is there an existing issue for this?
Current Behavior
Default policy server pod is not recreated (deleted it manually) when there are clusteradmissionpolicies running.
Expected Behavior
Pod is recreated when I delete it manually. It should not depend on existing clusteradmissionpolicies.
Steps To Reproduce
Create kubewarden cluster with recommendedPolicies.enabled=True and delete policy-server pod.
Environment
No response
Anything else?
No response