amazon-eks-pod-identity-webhook We should stop replace the whole containers in mutating webhook

We should stop replace the whole containers in mutating webhook

Open M00nF1sh opened this issue 3 years ago • 0 comments

What happened: we fixed https://github.com/aws/amazon-eks-pod-identity-webhook/issues/84 by upgrade client-go, however, it's not ideal.

What you expected to happen: we shouldn't replace the whole containers in our mutating requests as https://github.com/aws/amazon-eks-pod-identity-webhook/blob/master/pkg/handler/handler.go#L349. Doing that will make us encounter similar issues again once we forget to upgrade client-go or unable to. We should generate the patch similar to https://github.com/kubernetes-sigs/aws-load-balancer-controller/blob/main/pkg/webhook/mutating_handler.go#L86, which will generate patches like {add /spec/containers/0/env/1 map[name:env-key value:env-val]}.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

AWS Region:
EKS Platform version (if using EKS, run aws eks describe-cluster --name <name> --query cluster.platformVersion):
Kubernetes version (if using EKS, run aws eks describe-cluster --name <name> --query cluster.version):
Webhook Version:

Apr 26 '21 19:04 M00nF1sh

amazon-eks-pod-identity-webhook amazon-eks-pod-identity-webhook copied to clipboard

We should stop replace the whole containers in mutating webhook

amazon-eks-pod-identity-webhook
amazon-eks-pod-identity-webhook copied to clipboard