Skip to content

Commit

Permalink
Remove old Istio mutating webhook patches (kyma-project#11502)
Browse files Browse the repository at this point in the history
  • Loading branch information
cnvergence authored Jun 24, 2021
1 parent e386863 commit 120e9e0
Show file tree
Hide file tree
Showing 7 changed files with 4 additions and 24 deletions.
6 changes: 2 additions & 4 deletions resources/istio/files/istio-install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ istioctl install -f "${OPERATOR_FILE}" -y
echo "Apply custom kyma manifests"
kubectl apply -f /opt/istio/manifests

#This is still needed as mutating webhook disrupts Gardener cluster operations, like being able to hibernate the cluster. See https://github.com/kyma-project/kyma/issues/8868#issuecomment-658764987
echo "Apply Kyma related checks and patches"
kubectl patch MutatingWebhookConfiguration istio-sidecar-injector --type 'json' -p '[{"op":"add","path":"/webhooks/0/namespaceSelector/matchExpressions/-","value":{"key":"gardener.cloud/purpose","operator":"NotIn","values":["kube-system"]}}]'

echo "patching namespace selector of mutating webhook istio-sidecar-injector with kube-system"
kubectl patch MutatingWebhookConfiguration istio-sidecar-injector --type 'json' -p '[{"op":"add","path":"/webhooks/0/namespaceSelector/matchExpressions/0/values/-","value": "kube-system"}]'
kubectl patch MutatingWebhookConfiguration istio-sidecar-injector --type 'json' -p '[{"op":"add","path":"/webhooks/4/namespaceSelector/matchExpressions/-","value":{"key":"gardener.cloud/purpose","operator":"NotIn","values":["kube-system"]}}]'
5 changes: 0 additions & 5 deletions resources/istio/files/istio-operator-cluster-evaluation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -213,10 +213,6 @@ spec:
type: LoadBalancer
zvpn: {}
global:
arch:
amd64: 2
ppc64le: 2
s390x: 2
configValidation: true
defaultNodeSelector: {}
defaultPodDisruptionBudget:
Expand Down Expand Up @@ -301,7 +297,6 @@ spec:
replicaCount: 1
traceSampling: 1
sidecarInjectorWebhook:
useLegacySelectors: true
enableNamespacesByDefault: true
objectSelector:
autoInject: true
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,6 @@ spec:
replicaCount: 1
traceSampling: 1
sidecarInjectorWebhook:
useLegacySelectors: true
enableNamespacesByDefault: true
objectSelector:
autoInject: true
Expand Down
1 change: 0 additions & 1 deletion resources/istio/files/istio-operator-cluster.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,6 @@ spec:
replicaCount: 1
traceSampling: 1
sidecarInjectorWebhook:
useLegacySelectors: true
enableNamespacesByDefault: true
objectSelector:
autoInject: true
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -308,7 +308,6 @@ spec:
replicaCount: 1
traceSampling: 1
sidecarInjectorWebhook:
useLegacySelectors: true
enableNamespacesByDefault: true
objectSelector:
autoInject: true
Expand Down
1 change: 0 additions & 1 deletion resources/istio/files/istio-operator-minikube.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -306,7 +306,6 @@ spec:
replicaCount: 1
traceSampling: 1
sidecarInjectorWebhook:
useLegacySelectors: true
enableNamespacesByDefault: true
objectSelector:
autoInject: true
Expand Down
13 changes: 2 additions & 11 deletions resources/istio/files/istio-upgrade.sh
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,6 @@ istioctl upgrade -f "${OPERATOR_FILE}" -y
echo "Apply custom kyma manifests"
kubectl apply -f /opt/istio/manifests

#This is still needed as mutating webhook disrupts Gardener cluster operations, like being able to hibernate the cluster. See https://github.com/kyma-project/kyma/issues/8868#issuecomment-658764987
echo "Apply Kyma related checks and patches"
kubectl patch MutatingWebhookConfiguration istio-sidecar-injector --type 'json' -p '[{"op":"add","path":"/webhooks/0/namespaceSelector/matchExpressions/-","value":{"key":"gardener.cloud/purpose","operator":"NotIn","values":["kube-system"]}}]'

kubeSystemSelector="$(kubectl get mutatingwebhookconfigurations.admissionregistration.k8s.io istio-sidecar-injector -o jsonpath='{.webhooks[0].namespaceSelector.matchExpressions[0]}' | { grep "kube-system" || test $? == 1; })"

if [ -z "$kubeSystemSelector" ]
then
echo "patching namespace selector of mutating webhook istio-sidecar-injector with kube-system"
kubectl patch MutatingWebhookConfiguration istio-sidecar-injector --type 'json' -p '[{"op":"add","path":"/webhooks/0/namespaceSelector/matchExpressions/0/values/-","value": "kube-system"}]'
else
echo "namespace selector for kube-system in of mutating webhook istio-sidecar-injector already exists, skipping operation"
fi
kubectl patch MutatingWebhookConfiguration istio-sidecar-injector --type 'json' -p '[{"op":"add","path":"/webhooks/4/namespaceSelector/matchExpressions/-","value":{"key":"gardener.cloud/purpose","operator":"NotIn","values":["kube-system"]}}]'

0 comments on commit 120e9e0

Please sign in to comment.