[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

How to specify admission controller correctly?



I've got origin 3.9 running and trying to setup an admission controller webhook.  I added the appropriate confgurations to master-config.yaml.  I added the following:

kind: ValidatingWebhookConfiguration
apiVersion: admissionregistration.k8s.io/v1beta1
metadata:
  name: opa-validating-webhook
webhooks:
  - name: validating-webhook.openpolicyagent.org
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["*"]
        apiVersions: ["*"]
        resources: ["pods"]
    clientConfig:
      #url: https://unison-opa.unison.svc/kubernetes/admission/reveiw
      service:
        namespace: unison
        name: unison-opa


here's the unison-opa service:
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: 2018-07-18T01:35:21Z
  labels:
    app: unison
  name: unison-opa
  namespace: unison
  resourceVersion: "13118928"
  selfLink: /api/v1/namespaces/unison/services/unison-opa
  uid: d596be9f-8a2a-11e8-9ee7-525400887c40
spec:
  clusterIP: 172.30.254.250
  ports:
  - name: 443-tcp
    port: 443
    protocol: TCP
    targetPort: 8444
  selector:
    deploymentconfig: unison
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

here's what i see in the master logs:
Jul 24 14:21:26 os atomic-openshift-master-api: W0724 14:21:26.389179    1723 admission.go:252] Failed calling webhook, failing open validating-webhook.openpolicyagent.org: failed calling admission webhook "validating-webhook.openpolicyagent.org": Post https://unison-opa.unison.svc:443/?timeout=30s: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Jul 24 14:21:26 os atomic-openshift-master-api: E0724 14:21:26.389241    1723 admission.go:253] failed calling admission webhook "validating-webhook.openpolicyagent.org": Post https://unison-opa.unison.svc:443/?timeout=30s: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

I've also tried running through the router and going directly to 8444.  Nothing seems to work.  The service is setup correctly, i can connect from inside of containers.

Thanks

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]