Merge pull request #1 from achrefbensaad/updateFailbehavior

honor controller failback logic
rksharma95 · Jun 20, 2022 · c9b60c8 · c9b60c8
2 parents 7277a6d + 7ae03c5
commit c9b60c8
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/deployments/annotations/kubearmor-annotation-manager.yaml b/deployments/annotations/kubearmor-annotation-manager.yaml
@@ -292,7 +292,7 @@ webhooks:
       name: kubearmor-annotation-webhook-service
       namespace: kube-system
       path: /mutate-pods
-  failurePolicy: Fail
+  failurePolicy: Ignore
   name: annotation.kubearmor.com
   rules:
   - apiGroups:

diff --git a/pkg/KubeArmorAnnotation/config/webhook/manifests.yaml b/pkg/KubeArmorAnnotation/config/webhook/manifests.yaml
@@ -13,7 +13,7 @@ webhooks:
       name: webhook-service
       namespace: system
       path: /mutate-pods
-  failurePolicy: Fail
+  failurePolicy: Ignore
   name: annotation.kubearmor.com
   rules:
   - apiGroups:

diff --git a/pkg/KubeArmorAnnotation/handlers/pod_mutation.go b/pkg/KubeArmorAnnotation/handlers/pod_mutation.go
@@ -25,7 +25,7 @@ type PodAnnotator struct {
 const k8sVisibility = "process,file,network,capabilities"
 const appArmorAnnotation = "container.apparmor.security.beta.kubernetes.io/"
 
-// +kubebuilder:webhook:path=/mutate-pods,mutating=true,failurePolicy=Fail,groups="",resources=pods,verbs=create;update,versions=v1,name=annotation.kubearmor.com,admissionReviewVersions=v1,sideEffects=NoneOnDryRun
+// +kubebuilder:webhook:path=/mutate-pods,mutating=true,failurePolicy=Ignore,groups="",resources=pods,verbs=create;update,versions=v1,name=annotation.kubearmor.com,admissionReviewVersions=v1,sideEffects=NoneOnDryRun
 
 func (a *PodAnnotator) Handle(ctx context.Context, req admission.Request) admission.Response {
 	pod := &corev1.Pod{}