azure-workload-identity icon indicating copy to clipboard operation
azure-workload-identity copied to clipboard

Published 20 hours ago verified publisher icon Azure

Pod with workload identity not functioning when webhook has no replicas

Open karataliu opened this issue 2 years ago • 0 comments

Describe the bug If there is a node state change, it is possible that webhook active replicas become 0 pod created during this period will skip webhook that would not function with workload identity.

Steps To Reproduce Scale down webhook replica to 0 Create a new pod with workload identity func.

Expected behavior New created pod work with workload identity

Additional context The cause is:

  1. mutating webhook policy is set to ignore
  2. No PodDisruptionBudget specified
  3. replicas is set 2

Solutions to discuss From pod identity side, can enforce policy/add pdb/increase replica? From user pod side, can add a condition that if workload identity env is not detected, the pod should terminate and restart?

karataliu avatar Aug 26 '22 04:08 karataliu