From f60d2b5079b6199caf318208e1ba5e09d8ae982e Mon Sep 17 00:00:00 2001 From: Jan Wozniak Date: Fri, 11 Oct 2024 02:36:59 -0400 Subject: [PATCH] webhook: cache miss fallback to direct client for ScaledObject (#1478) Signed-off-by: Jan Wozniak --- content/docs/2.16/operate/admission-webhooks.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/content/docs/2.16/operate/admission-webhooks.md b/content/docs/2.16/operate/admission-webhooks.md index 7974df0ed..74545b8c7 100644 --- a/content/docs/2.16/operate/admission-webhooks.md +++ b/content/docs/2.16/operate/admission-webhooks.md @@ -10,6 +10,15 @@ By default, the admission webhooks are registered with `failurePolicy: Ignore`, In particular, the admission webhooks for HPA ownership validation can be skipped by setting the annotation `validations.keda.sh/hpa-ownership` to `"false"`. Be cautious when doing so as it exposes the system to potential risks. +### Cache Miss with Fallback to Direct Client for ScaledObject + +When validation enforcement is enabled, it's possible to run into a race condition when `ScaledObject` is part of the same deployment artifact as the `scaleTargetRef` (see also issue: [#5973](https://github.com/kedacore/keda/issues/5973)). For this purpose it's possible to configure additional argument for the webhook `Deployment`: +``` +--cache-miss-to-direct-client=true +``` +This will ensure that if getting the `scaleTargetRef` from the cached client returns `IsNotFound` error, the webhook will attempt to get the object directly from Kubernetes API. + + ## Custom Validations using Kubernetes ValidatingAdmissionPolicy > ⚠️ FEATURE STATE: Kubernetes v1.30 [stable]