Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(clustertool) fix systemupgrade with kyverno 1.13.0 #28614

Merged

Conversation

gismo2004
Copy link
Contributor

Description
it seems like something has changed in kyverno 1.13.0 (3.3.0) compared to 1.12.x (3.2.7) which now requires the "get verb" for admissionController to be set.

event log of the apply-talos pod:
SchedulerError: running Bind plugin "DefaultBinder": admission webhook "mutate.kyverno.svc-fail" denied the request: mutation policy mutate-pod-binding error: failed to apply policy mutate-pod-binding rules [project-foo: variable substitution failed: failed to resolve schematic at path /mutate/patchStrategicMerge/metadata/annotations/extensions.talos.dev\/schematic: failed to fetch data for APICall: failed to GET resource with raw url : /api/v1/nodes/k8s-control-1: unknown]

⚒️ Fixes #

⚙️ Type of change

  • ⚙️ Feature/App addition
  • 🪛 Bugfix
  • ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • 🔃 Refactor of current code

🧪 How Has This Been Tested?
on a fresh RC20 bootstrapped VM after updating kyverno chart to 3.3.0

📃 Notes:
this is not reproducable with kyverno chart 3.2.7

✔️ Checklist:

  • ⚖️ My code follows the style guidelines of this project
  • 👀 I have performed a self-review of my own code
  • #️⃣ I have commented my code, particularly in hard-to-understand areas
  • 📄 I have made corresponding changes to the documentation
  • ⚠️ My changes generate no new warnings
  • 🧪 I have added tests to this description that prove my fix is effective or that my feature works
  • ⬆️ I increased versions for any altered app according to semantic versioning
  • I made sure the title starts with feat(chart-name):, fix(chart-name): or chore(chart-name):

➕ App addition

If this PR is an app addition please make sure you have done the following.

  • 🖼️ I have added an icon in the Chart's root directory called icon.png

Please don't blindly check all the boxes. Read them and only check those that apply.
Those checkboxes are there for the reviewer to see what is this all about and
the status of this PR with a quick glance.

@PrivatePuffin
Copy link
Member

PrivatePuffin commented Oct 30, 2024

Ahh now I "get" what you mean.
Please next time call it "get verb missing from RBAC", its not just "the get verb" its get verb on the RBAC, RBAC being the actual object/section this is about.

How you described it on discord, sounded like a verb or something was missing from the plans!

@PrivatePuffin PrivatePuffin merged commit e20a445 into truecharts:master Oct 30, 2024
27 checks passed
@PrivatePuffin
Copy link
Member

@gismo2004 also next time please dont forget to actually bump the chart version.
Now you will have to wait a while till a new chart is released, as I've other things to do right now rather than fix this.

@gismo2004
Copy link
Contributor Author

@PrivatePuffin

To first comment: I give my best next time, sorry for not being more clear about it.
To second comment: I honestly need a bit more information about “where” to bump the version next time, please. My understanding was, that we are referencing to an external chart which is not to be bumped by me, I assume. So my understanding was, that this will be shipped with next clustertool version?

@gismo2004 gismo2004 deleted the kyverno_admissionController branch October 31, 2024 07:23
@PrivatePuffin
Copy link
Member

@PrivatePuffin

To first comment: I give my best next time, sorry for not being more clear about it. To second comment: I honestly need a bit more information about “where” to bump the version next time, please. My understanding was, that we are referencing to an external chart which is not to be bumped by me, I assume. So my understanding was, that this will be shipped with next clustertool version?

Fuck It was late, you're totally right this is not our chart, I've been confused.

@truecharts-admin
Copy link
Collaborator

This PR is locked to prevent necro-posting on closed PRs. Please create a issue or contact staff on discord if you want to further discuss this

@truecharts truecharts locked as resolved and limited conversation to collaborators Nov 8, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants