Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to delete old Rancher webhooks #185

Closed
3 tasks
richardcase opened this issue Oct 4, 2023 · 3 comments · Fixed by #192
Closed
3 tasks

Add option to delete old Rancher webhooks #185

richardcase opened this issue Oct 4, 2023 · 3 comments · Fixed by #192
Assignees
Labels
kind/feature priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.

Comments

@richardcase
Copy link
Contributor

What would you like to be added (User Story)?

As a operator
When i have an existing Rancher Manager Cluster
And i install Rancher Turtles
And disable the "embedded CAPI" feature in Rancher
I expect that i can apply CAPI cluster definitions to the cluster

Detailed Description

Currently doing the above results in validating/mutating webhooks being left behind after the feature is disabled. If you try and apply a CAPI manifest you will get an error:

time="2023-10-03T14:18:36Z" level=error msg="error syncing 'cluster-fleet-local-local-1a3d67d0a899/clusters-clusters': handler bundle-deploy: failed to create  │
│ resource: Internal error occurred: failed calling webhook \"default.cluster.cluster.x-k8s.io\": failed to call webhook: Post \"https://capi-webhook-service.cat/ │
│ tle-provisioning-capi-system.svc:443/mutate-cluster-x-k8s-io-v1beta1-cluster?timeout=10s\": service \"capi-webhook-service\" not found, requeuing"

Disabling the feature doesn't remove the webhooks. To fix this manually you can run the following commands after disabling the feature:

kubectl delete mutatingwebhookconfigurations.admissionregistration.k8s.io mutating-webhook-configuration
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io validating-webhook-configuration

We need to:

  • Update our docs so people can run those commands
  • Look at incorporating feature flag enabled functionality to automatically delete the webhooks (i.e. engineer a fix). Like we are doing in feat: add v2prov kubeconfig label patching #178 for labels on the kubeconfig secrets
  • Create a fix upstream in Rancher

Anything else you would like to add?

No response

Label(s) to be applied

/kind feature

@richardcase richardcase added kind/feature priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. labels Oct 4, 2023
@salasberryfin salasberryfin self-assigned this Oct 4, 2023
@salasberryfin salasberryfin moved this from CAPI Backlog to In Progress in CAPI & Hosted Kubernetes providers (EKS/AKS/GKE) Oct 4, 2023
@richardcase
Copy link
Contributor Author

Another option is that we create a small utility as there may be other "fixes" we need to apply to Rancher.

@Danil-Grigorev
Copy link
Contributor

As a pure cleanup option for rancher related leftovers, a pre-install hook with job cleaning these webhook configurations could be enough.

@salasberryfin
Copy link
Contributor

Created a PR with a pre-install hook (thanks @Danil-Grigorev and @richardcase) proposal that disables the embedded feature and deletes webhooks. With this change helm install should manage all requirements in an existing Rancher installation. #192

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/feature priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now.
Development

Successfully merging a pull request may close this issue.

4 participants