Is it working with other Kubernetes distributions ?

[aliokaitis]

Is thisdesigned to be used only on OpenShift? Trying to implement on Rundeck. It is applying random (only one) podpreset and it doesnt react to namespaces (podpreset in one namespace and pod gets affected on anther namespace.) Also logs doenst seem to be full(but havent seen ones on fully functional setup):

I0604 08:41:51.790827 1 leaderelection.go:253] successfully acquired lease podpreset-webhook/7256067a.redhat.io 2021-06-04T08:41:51.790Z DEBUG controller-runtime.manager.events Normal {"object": {"kind":"ConfigMap","namespace":"podpreset-webhook","name":"7256067a.redhat.io","uid":"b18c3c09-db28-4492-8051-b6394bc83485","apiVersion":"v1","resourceVersion":"119096141"}, "reason": "LeaderElection", "message": "podpreset-webhook-controller-manager-58d4d4cf59-lmsph_2f3d0e6d-a8d4-46dd-a15e-2172b1cea6e3 became leader"} 2021-06-04T08:42:11.370Z DEBUG controller-runtime.webhook.webhooks received request {"webhook": "/mutate", "UID": "f1b29e6c-eb85-46b8-922e-8d6b392554e2", "kind": "/v1, Kind=Pod", "resource": {"group":"","version":"v1","resource":"pods"}} 2021-06-04T08:42:11.517Z DEBUG controller-runtime.webhook.webhooks wrote response {"webhook": "/mutate", "code": 200, "reason": "", "UID": "f1b29e6c-eb85-46b8-922e-8d6b392554e2", "allowed": true} 2021-06-04T08:45:02.316Z DEBUG controller-runtime.webhook.webhooks received request {"webhook": "/mutate", "UID": "82bfbe7f-58c8-4537-865c-2d9b5b6f4cc0", "kind": "/v1, Kind=Pod", "resource": {"group":"","version":"v1","resource":"pods"}} 2021-06-04T08:45:02.320Z DEBUG controller-runtime.webhook.webhooks wrote response {"webhook": "/mutate", "code": 200, "reason": "", "UID": "82bfbe7f-58c8-4537-865c-2d9b5b6f4cc0", "allowed": true} 2021-06-04T08:48:32.367Z DEBUG controller-runtime.webhook.webhooks received request {"webhook": "/mutate", "UID": "f0c1d1d3-4d66-46fe-bb3a-c1804d636ec9", "kind": "/v1, Kind=Pod", "resource": {"group":"","version":"v1","resource":"pods"}} 2021-06-04T08:48:32.369Z DEBUG controller-runtime.webhook.webhooks wrote response {"webhook": "/mutate", "code": 200, "reason": "", "UID": "f0c1d1d3-4d66-46fe-bb3a-c1804d636ec9", "allowed": true}

[aliokaitis]

Seems like it doesnt work in OC also. I applies only one random podpreset and dosnt respect namespaces:

$ oc get podpresets.redhatcop.redhat.io --all-namespaces NAMESPACE NAME AGE cert-manager frontend2 53s default frontend 3m57s

$ oc get pod -n default nginx-deployment-78db6b646b-kbnfv -o yaml apiVersion: v1 kind: Pod metadata: annotations: k8s.v1.cni.cncf.io/network-status: |- [{ "name": "openshift-sdn", "interface": "eth0", "ips": [ "10.116.0.81" ], "default": true, "dns": {} }] k8s.v1.cni.cncf.io/networks-status: |- [{ "name": "openshift-sdn", "interface": "eth0", "ips": [ "10.116.0.81" ], "default": true, "dns": {} }] podpreset.admission.kubernetes.io/podpreset-frontend2: "299934" creationTimestamp: "2021-06-08T15:22:49Z" generateName: nginx-deployment-78db6b646b- labels: app: nginx pod-template-hash: 78db6b646b role: frontend rule: frontend2 managedFields:

• apiVersion: v1

$ oc get podpresets.redhatcop.redhat.io --all-namespaces -o yaml apiVersion: v1 items:

• apiVersion: redhatcop.redhat.io/v1alpha1 kind: PodPreset metadata: creationTimestamp: "2021-06-08T15:22:38Z" generation: 1 managedFields:
  • apiVersion: redhatcop.redhat.io/v1alpha1 fieldsType: FieldsV1 fieldsV1: f:spec: .: {} f:env: {} f:selector: .: {} f:matchLabels: .: {} f:rule: {} manager: oc operation: Update time: "2021-06-08T15:22:38Z" name: frontend2 namespace: cert-manager resourceVersion: "299934" selfLink: /apis/redhatcop.redhat.io/v1alpha1/namespaces/cert-manager/podpresets/frontend2 uid: 90576fbe-5b68-4aa7-ac5a-51462e3e4af9 spec: env:
  • name: FOO2 value: bar2 selector: matchLabels: rule: frontend2
• apiVersion: redhatcop.redhat.io/v1alpha1 kind: PodPreset metadata: creationTimestamp: "2021-06-08T15:19:34Z" generation: 1 managedFields:
  • apiVersion: redhatcop.redhat.io/v1alpha1 fieldsType: FieldsV1 fieldsV1: f:spec: .: {} f:env: {} f:selector: .: {} f:matchLabels: .: {} f:role: {} manager: oc operation: Update time: "2021-06-08T15:19:34Z" name: frontend namespace: default resourceVersion: "299259" selfLink: /apis/redhatcop.redhat.io/v1alpha1/namespaces/default/podpresets/frontend uid: 0642f1e9-d7fc-4109-bf64-d6fb9cdc16dd spec: env:
  • name: FOO value: bar selector: matchLabels: role: frontend kind: List metadata: resourceVersion: "" selfLink: "" $

[krbcmt]

I'm using k3d/k3s and I'm seeing this same behavior PodPreset getting applied across namespaces.

[sabre1041]

@aliokaitis @krbcmt Thanks for the feedback. I'll be looking into these issues this upcoming weekend and will report back on my findings.

[sabre1041]

@aliokaitis @krbcmt I discovered an issue with where applicable podpresets are sourced from and are addressed here

Would you be able to pull down the latest tag and retest to see if it resolved the issues that you were facing?

[sabre1041]

Closing due to lack of additional information