Open Policy Agent
Gatekeeper mutations not applied during failure of node hosting audit pod #573
Unanswered
KKonak
asked this question in
Gatekeeper
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In my environment I am using gatekeeper to mutate Rook/Ceph pods to comply with restrictions. While doing failure testing of a single node I encounter an issue where if the node hosting the audit pod fails, the jobs the Rook operator starts before the audit pod reschedules do not get mutated.
I've worked around this problem by scaling the gatekeeper audit pod deployment to replica 2, but noticed it is recommended to have this as a singleton pod to limit traffic.
Question: Am I right to assume the audit pod handles these mutation webhooks and if so is there a helm option to apply replica 2? Based on these options it appears replica option is only available for controller manager. Or even better is there a way to have mutations always applied another way?
Thanks in advance!
Beta Was this translation helpful? Give feedback.
All reactions