Tom Lebreux
Tom Lebreux
> I tried again the upgrade to 2.11, and I do not see this 'sleeping 'message using "kubectl logs -n cattle-system -l app=rancher-webhook" (no tail limit). Note that `-l app=rancher-webhook`...
/backport v2.10.7
/forwardport v2.12.0
We were unable to do this for the schema definition fix (https://github.com/rancher/rancher/issues/45157) because the kube-openapi library doesn't parse the references properly. So the definition schema ends up not having anything...
Just so I don't forget, we should look at the coverage from [schema definition fix](https://github.com/rancher/steve/pull/215) and see what can be added. For example, a test that returns an error if...
Related issue: https://github.com/rancher/rancher/issues/52913
@vatsalparekh actually I'm just realizing, how does this change prevent SAN bloat? Isn't the SAN bloat coming from the IP addresses that are added to the [default SANs added here](https://github.com/rancher/rancher/blob/ffdcd644220e59f0bb2744adfa4ff7fae291fbe6/pkg/tls/tls.go#L241-L244)?...
> I think a better approach may be removing the no longer used ip addresses from SAN, instead of preventing ips from being used altogether. Are we aware of those...
> so yes, if you are pointing a webhook or aggregated api endpoint at an in-cluster service, it is expected that you will see connections directly to the service's backing...
> I suspect that it probably hardcodes the SNI hostname and HTTP host header to reflect the service endpoint hostname, despite bypassing the kube-proxy service endpoint in favor of connecting...