Closed odubajDT closed 10 months ago
Merging #582 (aa62297) into main (70fb5d9) will not change coverage. The diff coverage is
n/a
.
Can we add some kind of test for this? e2e or otherwise?
Another question I have is that wrote response {"webhook": "/mutate-v1-pod", "code": 200, "reason": "OpenFeature is disabled", "UID": "8f021e26-6d9b-47f2-90f2-588236ec388d", "allowed": true}
(meaning the openfeature/enabled
annotation isn't found) is also reported in the issue. Is that related or is that a totally different issue (I think it's different)? Note my comment here.
Can we add some kind of test for this? e2e or otherwise?
Another question I have is that
wrote response {"webhook": "/mutate-v1-pod", "code": 200, "reason": "OpenFeature is disabled", "UID": "8f021e26-6d9b-47f2-90f2-588236ec388d", "allowed": true}
(meaning theopenfeature/enabled
annotation isn't found) is also reported in the issue. Is that related or is that a totally different issue (I think it's different)? Note my comment here.
Hey, the problem comes from the webhook checking if the examinated pod has the proper annotation openfeature.dev/enabled: "true"
. According to Adam's manifests, this should be ok. Also if the OF is not enabled, we wouldn't receive the problems with backfilling permissions -> we won't be able to reach this part of code at all.
Maybe Argo was creating a Pod in a completely different namespace at that time (completely unrelated to this Deployment)? Here it would make sense that the podMutator kicks in, checks if this Pod is annotated, finds out it's not, writes out the message and lets the pod to be bind to a node without any mutation? I think here we need to have more info about what was happening in the system generally...
Fixes: #579