Reputation: 571
Kubernetes Admission webhook for Statefulset
I created an admission webhook in Kubernetes including resources for deployments and StatefulSet.
The mutation webhook works on Deployments but not in StatefulSets.
I tried searching in documentations, but the example is only on deployments and ReplicaSets.
Are admission controllers supported in StatefulSets in Kubernetes? I am using the 1.16 version.
In the documentation:
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
...
webhooks:
- name: my-webhook.example.com
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["apps"]
apiVersions: ["v1", "v1beta1"]
resources: ["deployments", "replicasets"]
scope: "Namespaced"
Please advise.
Upvotes: 2
Views: 458
Answers (1)
Reputation: 61661
It should be, for example, the PingCap TiDB operator has an option to enable/disable the admission controller for the StatefulSet it manages.
I'm not really sure what behavior you are seeing? It's not allowing you to create a StatefulSet? If yes, you can start you with '*' values and work your way down. For example, allow all namespaces:
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
...
webhooks:
- name: my-webhook.example.com
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["apps"]
apiVersions: ["v1", "v1beta1"]
resources: ["deployments", "replicasets", "statefulsets"]
scope: "*"
Upvotes: 2
Related Questions
- validating webhook configuration not getting any request
- mutating admission webhook static namespaceselector
- Deploying multiple validating webhooks in the same kubernates cluster
- Is a mutating admission webhook able the change the resource's group, version or kind
- Validating Webhook for configmap
- Kubernetes liveness probe: webhook notification on failure
- API endpoints for kubernetes mutating webhook server
- Start Kubernetes job with http request
- kubeadm with admission webhooks
- Enable webhook authentication kubelet api