Open thomasmckay opened 2 years ago
For the above use-case it's worth noting that the ability to test values allows the creation of oscillating mutations:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
From https://bugzilla.redhat.com/show_bug.cgi?id=2010219 (see for kyverno example using
preconditions
)Currently, it is not possible to truncate "unreasonably" large/short values in a mutation policy. In this way, the mutating webhook only truncates values on requests that exceed a cluster administrator selected maximum.
Let's take as an example a mutation policy that controls the termination GracePeriodSeconds (tGPS) of pods (see below).
If the user tries to create a pod with a tGPS larger than 60s, then the mutating webhook should truncate the request assigning a tGPS of 60s to the deployed pod.
If by the opposite, the request is lower than 60s, then we just keep the Kubernetes default (which is 30s).
In the current implementation, this is not possible, the user can only apply a value (let's say 60s) to any request regardless of the value requested by the user.