Cannot create AddressPool objects due to mutating webhook?
jondkelley opened this issue · 11 comments
Describe the bug
When applying an example addresspool pool, it just shows the webhook is a 404
kubectl apply -f addresspool.yaml
Error from server (InternalError): error when creating "0101_addresspool.yaml": Internal error occurred: failed calling webhook "maddresspool.kb.io": the server could not find the requested resource
Environments
- Coil Version: 2.0.9
- OS: K8s v1.20.7 on Debian 10 (Via kubespray v2.16.0)
To Reproduce
Steps to reproduce the behavior:
- Generate with kustomize build . > coil.yaml
- kubectl apply -f coil,.yaml
- Create the addresspool.yaml as seen in some documentation
apiVersion: coil.cybozu.com/v2
kind: AddressPool
metadata:
name: default
spec:
blockSizeBits: 0
subnets:
- ipv4: 192.168.0.0/22
- See error Error from server (InternalError): error when creating "0101_addresspool.yaml": Internal error occurred: failed calling webhook "maddresspool.kb.io": the server could not find the requested resource
Expected behavior
A new addresspool
resource should be created so I can use the addressblock
resource (I think) within my egress
resource so the pod can run with an external address from the pool. (Otherwise my egress SNAT pod gets a CNI error about "network: failed to allocate address")
Additional context
my coil.yaml
images:
- name: coil
newTag: 2.0.9
newName: ghcr.io/cybozu-go/coil
resources:
- config/default
# If you are using CKE (github.com/cybozu-go/cke) and wwant to use
# its webhook installation feature, comment the above line and
# uncomment the below line.
#- config/cke
# If you want to enable coil-router, uncomment the following line.
# Note that coil-router can work only for clusters where all the
# nodes are in a flat L2 network.
- config/pod/coil-router.yaml
# If your cluster has enabled PodSecurityPolicy, uncomment the
# following line.
#- config/default/pod_security_policy.yaml
patchesStrategicMerge:
# Uncomment the following if you want to run Coil with Calico network policy.
- config/pod/compat_calico.yaml
# Edit netconf.json to customize CNI configurations
configMapGenerator:
- name: coil-config
namespace: system
files:
- cni_netconf=./netconf.json
# Adds namespace to all resources.
namespace: kube-system
# Labels to add to all resources and selectors.
commonLabels:
app.kubernetes.io/name: coil
kubectl logs coil-router-c7rd2 -n kube-system
I0817 20:59:46.300659 1 request.go:668] Waited for 1.0455664s due to client-side throttling, not priority and fairness, request: GET:https://10.233.0.1:443/apis/discovery.k8s.io/v1beta1?timeout=32s
{"level":"info","ts":1629233987.2252128,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":9388"}
{"level":"info","ts":1629233987.2283497,"logger":"setup","msg":"starting manager"}
{"level":"info","ts":1629233987.232593,"logger":"controller-runtime.manager.controller.addressblock","msg":"Starting EventSource","reconciler group":"coil.cybozu.com","reconciler kind":"AddressBlock","source":"kind source: /, Kind="}
{"level":"info","ts":1629233987.2332098,"logger":"controller-runtime.manager.controller.addressblock","msg":"Starting Controller","reconciler group":"coil.cybozu.com","reconciler kind":"AddressBlock"}
{"level":"info","ts":1629233987.2358675,"logger":"controller-runtime.manager","msg":"starting metrics server","path":"/metrics"}
{"level":"info","ts":1629233989.3575451,"logger":"controller-runtime.manager.controller.addressblock","msg":"Starting workers","reconciler group":"coil.cybozu.com","reconciler kind":"AddressBlock","worker count":1}
kubectl logs coil-controller-5f84d47464-4gk9l -n kube-system
I0817 20:59:46.280108 1 request.go:668] Waited for 1.044655991s due to client-side throttling, not priority and fairness, request: GET:https://10.233.0.1:443/apis/extensions/v1beta1?timeout=32s
{"level":"info","ts":1629233987.2199273,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":9386"}
{"level":"info","ts":1629233987.2632246,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, admission.Defaulter interface is not implemented","GVK":"coil.cybozu.com/v2, Kind=AddressPool"}
{"level":"info","ts":1629233987.2635157,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"coil.cybozu.com/v2, Kind=AddressPool","path":"/validate-coil-cybozu-com-v2-addresspool"}
{"level":"info","ts":1629233987.2641158,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-coil-cybozu-com-v2-addresspool"}
{"level":"info","ts":1629233987.2646642,"logger":"controller-runtime.builder","msg":"Registering a mutating webhook","GVK":"coil.cybozu.com/v2, Kind=Egress","path":"/mutate-coil-cybozu-com-v2-egress"}
{"level":"info","ts":1629233987.265002,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/mutate-coil-cybozu-com-v2-egress"}
{"level":"info","ts":1629233987.2653246,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"coil.cybozu.com/v2, Kind=Egress","path":"/validate-coil-cybozu-com-v2-egress"}
{"level":"info","ts":1629233987.2657044,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-coil-cybozu-com-v2-egress"}
{"level":"info","ts":1629233987.266029,"logger":"setup","msg":"starting manager"}
{"level":"info","ts":1629233987.267568,"logger":"controller-runtime.manager","msg":"starting metrics server","path":"/metrics"}
I0817 20:59:47.267754 1 leaderelection.go:243] attempting to acquire leader lease kube-system/coil-leader...
{"level":"info","ts":1629233987.2693503,"logger":"controller-runtime.webhook.webhooks","msg":"starting webhook server"}
{"level":"info","ts":1629233987.271229,"logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"}
{"level":"info","ts":1629233987.2719083,"logger":"controller-runtime.webhook","msg":"serving webhook server","host":"","port":9443}
{"level":"info","ts":1629233987.2722394,"logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"}
root@node1:/home/k8s# kubectl logs coil-controller-5f84d47464-thdpn -n kube-system
I0817 20:59:46.292722 1 request.go:668] Waited for 1.042046902s due to client-side throttling, not priority and fairness, request: GET:https://10.233.0.1:443/apis/node.k8s.io/v1beta1?timeout=32s
{"level":"info","ts":1629233987.222262,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":9386"}
{"level":"info","ts":1629233987.2576647,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, admission.Defaulter interface is not implemented","GVK":"coil.cybozu.com/v2, Kind=AddressPool"}
{"level":"info","ts":1629233987.2579515,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"coil.cybozu.com/v2, Kind=AddressPool","path":"/validate-coil-cybozu-com-v2-addresspool"}
{"level":"info","ts":1629233987.2587316,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/validate-coil-cybozu-com-v2-addresspool"}
{"level":"info","ts":1629233987.259258,"logger":"controller-runtime.builder","msg":"Registering a mutating webhook","GVK":"coil.cybozu.com/v2, Kind=Egress","path":"/mutate-coil-cybozu-com-v2-egress"}
{"level":"info","ts":1629233987.2594967,"logger":"controller-runtime.webhook","msg":"registering webhook","path":"/mutate-coil-cybozu-com-v2-egress"}
{"level":"info","ts":1629233987.259736,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"coil.cybozu.com/v2, Kind=Egress","path":"/validate-coil-cybozu-com-v2-egress"}
the server could not find the requested resource
This seems that AddressPool CRD is not applied yet.
my coil.yaml
It is just a plain copy of v2/kustomization.yaml
.
Would you check your kustomize
version?
We are using version 4.1.3.
My apologies, here's the kustomize rendered coil.yaml, I only provided my config for kustomize.
https://gist.github.com/jondkelley/635cf4815e0ef134abb6359ad0670ae6
The CRD for addresspools.coil.cybozu.com
is in the cluster currently, but still has the strange webhook CRD error.
$ sudo kubectl get crd | grep cybozu
addressblocks.coil.cybozu.com 2021-08-17T20:59:40Z
addresspools.coil.cybozu.com 2021-08-17T20:59:40Z
blockrequests.coil.cybozu.com 2021-08-17T20:59:40Z
egresses.coil.cybozu.com 2021-08-17T20:59:40Z
I'm on kustomize/v4.2.0 as well on my side.
There are some anomalies in the rendered coil.yaml
like this: https://gist.github.com/jondkelley/635cf4815e0ef134abb6359ad0670ae6#file-coil-yaml-L367-L371
Could you check the MutatingWebhookConfiguration and Service?
$ kubectl -n kube-system get svc coilv2-webhook-service -o wide
$ kubectl -n kube-system get svc coilv2-webhook-service -o yaml
$ kubectl get mutatingwebhookconfigurations coilv2-mutating-webhook-configuration -o yaml
Thanks for looking, let me know if I can provide additional detail around the current state.
kubectl -n kube-system get svc coilv2-webhook-service -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
coilv2-webhook-service ClusterIP 10.233.52.121 <none> 443/TCP 8h app.kubernetes.io/component=coil-controller,app.kubernetes.io/name=coil
kubectl -n kube-system get svc coilv2-webhook-service -o yaml
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"coil"},"name":"coilv2-webhook-service","namespace":"kube-system"},"spec":{"ports":[{"port":443,"protocol":"TCP","targetPort":9443}],"selector":{"app.kubernetes.io/component":"coil-controller","app.kubernetes.io/name":"coil"}}}
creationTimestamp: "2021-08-17T20:59:41Z"
labels:
app.kubernetes.io/name: coil
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:labels:
.: {}
f:app.kubernetes.io/name: {}
f:spec:
f:ports:
.: {}
k:{"port":443,"protocol":"TCP"}:
.: {}
f:port: {}
f:protocol: {}
f:targetPort: {}
f:selector:
.: {}
f:app.kubernetes.io/component: {}
f:app.kubernetes.io/name: {}
f:sessionAffinity: {}
f:type: {}
manager: kubectl-client-side-apply
operation: Update
time: "2021-08-17T20:59:41Z"
name: coilv2-webhook-service
namespace: kube-system
resourceVersion: "61620"
uid: b6afdf9c-778d-4fa4-a26f-8ad135478ede
spec:
clusterIP: 10.233.52.121
clusterIPs:
- 10.233.52.121
ports:
- port: 443
protocol: TCP
targetPort: 9443
selector:
app.kubernetes.io/component: coil-controller
app.kubernetes.io/name: coil
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
kubectl get mutatingwebhookconfigurations coilv2-mutating-webhook-configuration -o yaml
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"admissionregistration.k8s.io/v1","kind":"MutatingWebhookConfiguration","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"coil"},"name":"coilv2-mutating-webhook-configuration"},"webhooks":[{"admissionReviewVersions":["v1","v1beta1"],"clientConfig":{"caBundle":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZaVENDQTAyZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVI4d0hRWURWUVFERXhaamIybHMKZGpJdGQyVmlhRzl2YXkxelpYSjJhV05sTUNBWERUSXhNRGd4TmpFNU1qVXpNRm9ZRHpJeE1qRXdOekl6TVRreQpOVE13V2pBaE1SOHdIUVlEVlFRREV4WmpiMmxzZGpJdGQyVmlhRzl2YXkxelpYSjJhV05sTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBeUxzY2g5OFNrMEtyRjlhM0szZ2V3U3VMMEhydy9SQ0MKVzJybisxUXNodk9CaUxGeEM0QW1kYzhxbmpwYUZoZDZVNTJwWDNXdDVZa0plNVZFZThaTnJ4c0Z4d0hRTk5vdgpMV1I5KzNXZlpnZjNPR0JMVFp4TFNrTXpxYmQrRHlUM3BOK0hmTmEvOVFBcUhPVHlJTXNoc3VaTWYzelFnWjRqClJhcE1WakhCUFdsY3B0d0hHMVVEOWpxNzI0M0xDdjgvZ091NGU2dk9KeHE3ZlNSNU1yMnhiMlNDWGdmSVArbEcKaUQrWHhDQU9oNWZHSzIyQVdCQWljczA2eElRRXFQTmRhYk12MXhSY3E4UUExQ3dSbWZxTklLakkzNkxDNTVLSgpzWVN2aExuYkNvMDdON20vNnI4TXkxdXByT2V4dEhqSVJCV1JIOHNLcVBnbzRWRFl0dTRmcm9obVB6cGQzQjN3CjhXVUk1RjRjcnlGYjFLOWE4VXUvOEIvbTFTOGVnZER2UEVubW9ZTHNHSVpzM3Ryclg5Y0NSOHFaQ0lvOWxoU2cKSFdxVHIzMFhzNnFHaFpKZlhVQnZaYzZ1bTUvaFNsM2JVYXRFR0VIcmhmWE5LOHpxS0RQYzBXOVVvd01QSEFhYgowNXdGRjBiTytUUVBsVzAySGVHNnFlYVI1bTA5ZXczWGhBaXJRbzFHRUkxNSsxQnZaRHFLT0tnc2EwcTZYN3JTCkpjS3pPVmlORWJUYk81UGczVHhITGw4Q3hRSTFMRW8vUWY5REJFY3FuOFg0MGpPNy9JQjJxSlVzb3FYdjBpOUgKYjhnYUlLTDlxOXY1b1N0eDQySUJyRFhTWWdheTFxVk9HVWREcGh0UUc3Zm9mR01VcXBOTFdEUHo1Y2JFVVdJSQplbE94QVZRRHpIa0NBd0VBQWFPQnBUQ0JvakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJCkt3WUJCUVVIQXdFd0RBWURWUjBUQVFIL0JBSXdBREJ0QmdOVkhSRUVaakJrZ2laamIybHNkakl0ZDJWaWFHOXYKYXkxelpYSjJhV05sTG10MVltVXRjM2x6ZEdWdExuTjJZNElpWTI5cGJIWXlMWGRsWW1odmIyc3RjMlZ5ZG1sagpaUzVyZFdKbExYTjVjM1JsYllJV1kyOXBiSFl5TFhkbFltaHZiMnN0YzJWeWRtbGpaVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQWdFQXJzWnZFNG1vcE4rRndRbUpwdGltNGcycTZyOTR0YVhIODVnOFBHNGJaVjk0NUNWMVhwb3cKcmZ4aVZYQ3p4bXBkRHBXTVdUYXRsRjNwZ3BnR1k0dHEydnRLWjhkT3lxNGhmbTJsU0RPb1M4ajB6dzRzUE1uUgo3c0hEQmYwVXp6cFpxUnREYWlKSXJEdzgvQXR1TEd0SUpRQzJ3M2lZcFdqV2kycEdXc25tT3lGdnVvWnYwQkwyCnc1VGwxWit4Q3cvMUtwUVg1Y1BkeVFCK0NrOWd5M2cvT1M4a040ZGcza3NkMHpoZnJ4eFdYNWtvbGZTQ1pONWsKZ1VhanNxckZkT2d3Y2FZZHFDbFYzWFY0T2xmZ25TcHF5eTBIWW8xZnh3a25QWGgrUXZlRUUxK2U5NEJTbjNzdgppdHN3NzZXcUpnUEFnZkhtYTVUb3pvanJJT1hVcW5tSUpKVXJnWXExcFphV1BGWERaOVN2VGo1VEZ3R1FrTUY5CjBCTmVQNjlhTXpXbmFEdHM2aUt6RWpyWlVtcVhCTmZwTGJaQjJORS9HWlB1Q3NBVk52clZKZE5ZcXZzYWt6a04Kei9NT3ozTVFYbWM0ZDRiSEg1Z0hTZXY2bjJwSTlDWUd1bjRBUnJ1WDFrV1lNSzAxRE9wYU9xVjZ5b0VKUGF1UgpITGFYaTRBYXpZL1BSMFJ2N3l4cjBvejVvU1N1L24rVDJydlJEL1NpQXZDdmhCZDhmTmhVRFBRRWJ5eXZMRVRDCk1nMGZZS2I5a0lRSkNHR0Qwb0pDV2h4QUwvYml4T1RvM1dPY0tQd0FtcVJMU2Rnek5aTXdpdHZjSzYySitZSHUKc3Q5VkVYcDQ1S3I2MlZjc1NMRG4wZUg2aU5hTEd3dU5zb25WM1VjVEFOVVlwZnB2cnRvY1ptVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=","service":{"name":"coilv2-webhook-service","namespace":"kube-system","path":"/mutate-coil-cybozu-com-v2-addresspool"}},"failurePolicy":"Fail","name":"maddresspool.kb.io","rules":[{"apiGroups":["coil.cybozu.com"],"apiVersions":["v2"],"operations":["CREATE"],"resources":["addresspools"]}],"sideEffects":"None"},{"admissionReviewVersions":["v1","v1beta1"],"clientConfig":{"caBundle":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZaVENDQTAyZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVI4d0hRWURWUVFERXhaamIybHMKZGpJdGQyVmlhRzl2YXkxelpYSjJhV05sTUNBWERUSXhNRGd4TmpFNU1qVXpNRm9ZRHpJeE1qRXdOekl6TVRreQpOVE13V2pBaE1SOHdIUVlEVlFRREV4WmpiMmxzZGpJdGQyVmlhRzl2YXkxelpYSjJhV05sTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBeUxzY2g5OFNrMEtyRjlhM0szZ2V3U3VMMEhydy9SQ0MKVzJybisxUXNodk9CaUxGeEM0QW1kYzhxbmpwYUZoZDZVNTJwWDNXdDVZa0plNVZFZThaTnJ4c0Z4d0hRTk5vdgpMV1I5KzNXZlpnZjNPR0JMVFp4TFNrTXpxYmQrRHlUM3BOK0hmTmEvOVFBcUhPVHlJTXNoc3VaTWYzelFnWjRqClJhcE1WakhCUFdsY3B0d0hHMVVEOWpxNzI0M0xDdjgvZ091NGU2dk9KeHE3ZlNSNU1yMnhiMlNDWGdmSVArbEcKaUQrWHhDQU9oNWZHSzIyQVdCQWljczA2eElRRXFQTmRhYk12MXhSY3E4UUExQ3dSbWZxTklLakkzNkxDNTVLSgpzWVN2aExuYkNvMDdON20vNnI4TXkxdXByT2V4dEhqSVJCV1JIOHNLcVBnbzRWRFl0dTRmcm9obVB6cGQzQjN3CjhXVUk1RjRjcnlGYjFLOWE4VXUvOEIvbTFTOGVnZER2UEVubW9ZTHNHSVpzM3Ryclg5Y0NSOHFaQ0lvOWxoU2cKSFdxVHIzMFhzNnFHaFpKZlhVQnZaYzZ1bTUvaFNsM2JVYXRFR0VIcmhmWE5LOHpxS0RQYzBXOVVvd01QSEFhYgowNXdGRjBiTytUUVBsVzAySGVHNnFlYVI1bTA5ZXczWGhBaXJRbzFHRUkxNSsxQnZaRHFLT0tnc2EwcTZYN3JTCkpjS3pPVmlORWJUYk81UGczVHhITGw4Q3hRSTFMRW8vUWY5REJFY3FuOFg0MGpPNy9JQjJxSlVzb3FYdjBpOUgKYjhnYUlLTDlxOXY1b1N0eDQySUJyRFhTWWdheTFxVk9HVWREcGh0UUc3Zm9mR01VcXBOTFdEUHo1Y2JFVVdJSQplbE94QVZRRHpIa0NBd0VBQWFPQnBUQ0JvakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJCkt3WUJCUVVIQXdFd0RBWURWUjBUQVFIL0JBSXdBREJ0QmdOVkhSRUVaakJrZ2laamIybHNkakl0ZDJWaWFHOXYKYXkxelpYSjJhV05sTG10MVltVXRjM2x6ZEdWdExuTjJZNElpWTI5cGJIWXlMWGRsWW1odmIyc3RjMlZ5ZG1sagpaUzVyZFdKbExYTjVjM1JsYllJV1kyOXBiSFl5TFhkbFltaHZiMnN0YzJWeWRtbGpaVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQWdFQXJzWnZFNG1vcE4rRndRbUpwdGltNGcycTZyOTR0YVhIODVnOFBHNGJaVjk0NUNWMVhwb3cKcmZ4aVZYQ3p4bXBkRHBXTVdUYXRsRjNwZ3BnR1k0dHEydnRLWjhkT3lxNGhmbTJsU0RPb1M4ajB6dzRzUE1uUgo3c0hEQmYwVXp6cFpxUnREYWlKSXJEdzgvQXR1TEd0SUpRQzJ3M2lZcFdqV2kycEdXc25tT3lGdnVvWnYwQkwyCnc1VGwxWit4Q3cvMUtwUVg1Y1BkeVFCK0NrOWd5M2cvT1M4a040ZGcza3NkMHpoZnJ4eFdYNWtvbGZTQ1pONWsKZ1VhanNxckZkT2d3Y2FZZHFDbFYzWFY0T2xmZ25TcHF5eTBIWW8xZnh3a25QWGgrUXZlRUUxK2U5NEJTbjNzdgppdHN3NzZXcUpnUEFnZkhtYTVUb3pvanJJT1hVcW5tSUpKVXJnWXExcFphV1BGWERaOVN2VGo1VEZ3R1FrTUY5CjBCTmVQNjlhTXpXbmFEdHM2aUt6RWpyWlVtcVhCTmZwTGJaQjJORS9HWlB1Q3NBVk52clZKZE5ZcXZzYWt6a04Kei9NT3ozTVFYbWM0ZDRiSEg1Z0hTZXY2bjJwSTlDWUd1bjRBUnJ1WDFrV1lNSzAxRE9wYU9xVjZ5b0VKUGF1UgpITGFYaTRBYXpZL1BSMFJ2N3l4cjBvejVvU1N1L24rVDJydlJEL1NpQXZDdmhCZDhmTmhVRFBRRWJ5eXZMRVRDCk1nMGZZS2I5a0lRSkNHR0Qwb0pDV2h4QUwvYml4T1RvM1dPY0tQd0FtcVJMU2Rnek5aTXdpdHZjSzYySitZSHUKc3Q5VkVYcDQ1S3I2MlZjc1NMRG4wZUg2aU5hTEd3dU5zb25WM1VjVEFOVVlwZnB2cnRvY1ptVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=","service":{"name":"coilv2-webhook-service","namespace":"kube-system","path":"/mutate-coil-cybozu-com-v2-egress"}},"failurePolicy":"Fail","name":"megress.kb.io","rules":[{"apiGroups":["coil.cybozu.com"],"apiVersions":["v2"],"operations":["CREATE"],"resources":["egresses"]}],"sideEffects":"None"}]}
creationTimestamp: "2021-08-17T20:59:42Z"
generation: 1
labels:
app.kubernetes.io/name: coil
managedFields:
- apiVersion: admissionregistration.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:labels:
.: {}
f:app.kubernetes.io/name: {}
f:webhooks:
.: {}
k:{"name":"maddresspool.kb.io"}:
.: {}
f:admissionReviewVersions: {}
f:clientConfig:
.: {}
f:caBundle: {}
f:service:
.: {}
f:name: {}
f:namespace: {}
f:path: {}
f:port: {}
f:failurePolicy: {}
f:matchPolicy: {}
f:name: {}
f:namespaceSelector: {}
f:objectSelector: {}
f:reinvocationPolicy: {}
f:rules: {}
f:sideEffects: {}
f:timeoutSeconds: {}
k:{"name":"megress.kb.io"}:
.: {}
f:admissionReviewVersions: {}
f:clientConfig:
.: {}
f:caBundle: {}
f:service:
.: {}
f:name: {}
f:namespace: {}
f:path: {}
f:port: {}
f:failurePolicy: {}
f:matchPolicy: {}
f:name: {}
f:namespaceSelector: {}
f:objectSelector: {}
f:reinvocationPolicy: {}
f:rules: {}
f:sideEffects: {}
f:timeoutSeconds: {}
manager: kubectl-client-side-apply
operation: Update
time: "2021-08-17T20:59:42Z"
name: coilv2-mutating-webhook-configuration
resourceVersion: "61643"
uid: 2419f26c-0890-4ea4-9416-5ba0ec0643db
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZaVENDQTAyZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVI4d0hRWURWUVFERXhaamIybHMKZGpJdGQyVmlhRzl2YXkxelpYSjJhV05sTUNBWERUSXhNRGd4TmpFNU1qVXpNRm9ZRHpJeE1qRXdOekl6TVRreQpOVE13V2pBaE1SOHdIUVlEVlFRREV4WmpiMmxzZGpJdGQyVmlhRzl2YXkxelpYSjJhV05sTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBeUxzY2g5OFNrMEtyRjlhM0szZ2V3U3VMMEhydy9SQ0MKVzJybisxUXNodk9CaUxGeEM0QW1kYzhxbmpwYUZoZDZVNTJwWDNXdDVZa0plNVZFZThaTnJ4c0Z4d0hRTk5vdgpMV1I5KzNXZlpnZjNPR0JMVFp4TFNrTXpxYmQrRHlUM3BOK0hmTmEvOVFBcUhPVHlJTXNoc3VaTWYzelFnWjRqClJhcE1WakhCUFdsY3B0d0hHMVVEOWpxNzI0M0xDdjgvZ091NGU2dk9KeHE3ZlNSNU1yMnhiMlNDWGdmSVArbEcKaUQrWHhDQU9oNWZHSzIyQVdCQWljczA2eElRRXFQTmRhYk12MXhSY3E4UUExQ3dSbWZxTklLakkzNkxDNTVLSgpzWVN2aExuYkNvMDdON20vNnI4TXkxdXByT2V4dEhqSVJCV1JIOHNLcVBnbzRWRFl0dTRmcm9obVB6cGQzQjN3CjhXVUk1RjRjcnlGYjFLOWE4VXUvOEIvbTFTOGVnZER2UEVubW9ZTHNHSVpzM3Ryclg5Y0NSOHFaQ0lvOWxoU2cKSFdxVHIzMFhzNnFHaFpKZlhVQnZaYzZ1bTUvaFNsM2JVYXRFR0VIcmhmWE5LOHpxS0RQYzBXOVVvd01QSEFhYgowNXdGRjBiTytUUVBsVzAySGVHNnFlYVI1bTA5ZXczWGhBaXJRbzFHRUkxNSsxQnZaRHFLT0tnc2EwcTZYN3JTCkpjS3pPVmlORWJUYk81UGczVHhITGw4Q3hRSTFMRW8vUWY5REJFY3FuOFg0MGpPNy9JQjJxSlVzb3FYdjBpOUgKYjhnYUlLTDlxOXY1b1N0eDQySUJyRFhTWWdheTFxVk9HVWREcGh0UUc3Zm9mR01VcXBOTFdEUHo1Y2JFVVdJSQplbE94QVZRRHpIa0NBd0VBQWFPQnBUQ0JvakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJCkt3WUJCUVVIQXdFd0RBWURWUjBUQVFIL0JBSXdBREJ0QmdOVkhSRUVaakJrZ2laamIybHNkakl0ZDJWaWFHOXYKYXkxelpYSjJhV05sTG10MVltVXRjM2x6ZEdWdExuTjJZNElpWTI5cGJIWXlMWGRsWW1odmIyc3RjMlZ5ZG1sagpaUzVyZFdKbExYTjVjM1JsYllJV1kyOXBiSFl5TFhkbFltaHZiMnN0YzJWeWRtbGpaVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQWdFQXJzWnZFNG1vcE4rRndRbUpwdGltNGcycTZyOTR0YVhIODVnOFBHNGJaVjk0NUNWMVhwb3cKcmZ4aVZYQ3p4bXBkRHBXTVdUYXRsRjNwZ3BnR1k0dHEydnRLWjhkT3lxNGhmbTJsU0RPb1M4ajB6dzRzUE1uUgo3c0hEQmYwVXp6cFpxUnREYWlKSXJEdzgvQXR1TEd0SUpRQzJ3M2lZcFdqV2kycEdXc25tT3lGdnVvWnYwQkwyCnc1VGwxWit4Q3cvMUtwUVg1Y1BkeVFCK0NrOWd5M2cvT1M4a040ZGcza3NkMHpoZnJ4eFdYNWtvbGZTQ1pONWsKZ1VhanNxckZkT2d3Y2FZZHFDbFYzWFY0T2xmZ25TcHF5eTBIWW8xZnh3a25QWGgrUXZlRUUxK2U5NEJTbjNzdgppdHN3NzZXcUpnUEFnZkhtYTVUb3pvanJJT1hVcW5tSUpKVXJnWXExcFphV1BGWERaOVN2VGo1VEZ3R1FrTUY5CjBCTmVQNjlhTXpXbmFEdHM2aUt6RWpyWlVtcVhCTmZwTGJaQjJORS9HWlB1Q3NBVk52clZKZE5ZcXZzYWt6a04Kei9NT3ozTVFYbWM0ZDRiSEg1Z0hTZXY2bjJwSTlDWUd1bjRBUnJ1WDFrV1lNSzAxRE9wYU9xVjZ5b0VKUGF1UgpITGFYaTRBYXpZL1BSMFJ2N3l4cjBvejVvU1N1L24rVDJydlJEL1NpQXZDdmhCZDhmTmhVRFBRRWJ5eXZMRVRDCk1nMGZZS2I5a0lRSkNHR0Qwb0pDV2h4QUwvYml4T1RvM1dPY0tQd0FtcVJMU2Rnek5aTXdpdHZjSzYySitZSHUKc3Q5VkVYcDQ1S3I2MlZjc1NMRG4wZUg2aU5hTEd3dU5zb25WM1VjVEFOVVlwZnB2cnRvY1ptVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
service:
name: coilv2-webhook-service
namespace: kube-system
path: /mutate-coil-cybozu-com-v2-addresspool
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: maddresspool.kb.io
namespaceSelector: {}
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- coil.cybozu.com
apiVersions:
- v2
operations:
- CREATE
resources:
- addresspools
scope: '*'
sideEffects: None
timeoutSeconds: 10
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZaVENDQTAyZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVI4d0hRWURWUVFERXhaamIybHMKZGpJdGQyVmlhRzl2YXkxelpYSjJhV05sTUNBWERUSXhNRGd4TmpFNU1qVXpNRm9ZRHpJeE1qRXdOekl6TVRreQpOVE13V2pBaE1SOHdIUVlEVlFRREV4WmpiMmxzZGpJdGQyVmlhRzl2YXkxelpYSjJhV05sTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBeUxzY2g5OFNrMEtyRjlhM0szZ2V3U3VMMEhydy9SQ0MKVzJybisxUXNodk9CaUxGeEM0QW1kYzhxbmpwYUZoZDZVNTJwWDNXdDVZa0plNVZFZThaTnJ4c0Z4d0hRTk5vdgpMV1I5KzNXZlpnZjNPR0JMVFp4TFNrTXpxYmQrRHlUM3BOK0hmTmEvOVFBcUhPVHlJTXNoc3VaTWYzelFnWjRqClJhcE1WakhCUFdsY3B0d0hHMVVEOWpxNzI0M0xDdjgvZ091NGU2dk9KeHE3ZlNSNU1yMnhiMlNDWGdmSVArbEcKaUQrWHhDQU9oNWZHSzIyQVdCQWljczA2eElRRXFQTmRhYk12MXhSY3E4UUExQ3dSbWZxTklLakkzNkxDNTVLSgpzWVN2aExuYkNvMDdON20vNnI4TXkxdXByT2V4dEhqSVJCV1JIOHNLcVBnbzRWRFl0dTRmcm9obVB6cGQzQjN3CjhXVUk1RjRjcnlGYjFLOWE4VXUvOEIvbTFTOGVnZER2UEVubW9ZTHNHSVpzM3Ryclg5Y0NSOHFaQ0lvOWxoU2cKSFdxVHIzMFhzNnFHaFpKZlhVQnZaYzZ1bTUvaFNsM2JVYXRFR0VIcmhmWE5LOHpxS0RQYzBXOVVvd01QSEFhYgowNXdGRjBiTytUUVBsVzAySGVHNnFlYVI1bTA5ZXczWGhBaXJRbzFHRUkxNSsxQnZaRHFLT0tnc2EwcTZYN3JTCkpjS3pPVmlORWJUYk81UGczVHhITGw4Q3hRSTFMRW8vUWY5REJFY3FuOFg0MGpPNy9JQjJxSlVzb3FYdjBpOUgKYjhnYUlLTDlxOXY1b1N0eDQySUJyRFhTWWdheTFxVk9HVWREcGh0UUc3Zm9mR01VcXBOTFdEUHo1Y2JFVVdJSQplbE94QVZRRHpIa0NBd0VBQWFPQnBUQ0JvakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJCkt3WUJCUVVIQXdFd0RBWURWUjBUQVFIL0JBSXdBREJ0QmdOVkhSRUVaakJrZ2laamIybHNkakl0ZDJWaWFHOXYKYXkxelpYSjJhV05sTG10MVltVXRjM2x6ZEdWdExuTjJZNElpWTI5cGJIWXlMWGRsWW1odmIyc3RjMlZ5ZG1sagpaUzVyZFdKbExYTjVjM1JsYllJV1kyOXBiSFl5TFhkbFltaHZiMnN0YzJWeWRtbGpaVEFOQmdrcWhraUc5dzBCCkFRc0ZBQU9DQWdFQXJzWnZFNG1vcE4rRndRbUpwdGltNGcycTZyOTR0YVhIODVnOFBHNGJaVjk0NUNWMVhwb3cKcmZ4aVZYQ3p4bXBkRHBXTVdUYXRsRjNwZ3BnR1k0dHEydnRLWjhkT3lxNGhmbTJsU0RPb1M4ajB6dzRzUE1uUgo3c0hEQmYwVXp6cFpxUnREYWlKSXJEdzgvQXR1TEd0SUpRQzJ3M2lZcFdqV2kycEdXc25tT3lGdnVvWnYwQkwyCnc1VGwxWit4Q3cvMUtwUVg1Y1BkeVFCK0NrOWd5M2cvT1M4a040ZGcza3NkMHpoZnJ4eFdYNWtvbGZTQ1pONWsKZ1VhanNxckZkT2d3Y2FZZHFDbFYzWFY0T2xmZ25TcHF5eTBIWW8xZnh3a25QWGgrUXZlRUUxK2U5NEJTbjNzdgppdHN3NzZXcUpnUEFnZkhtYTVUb3pvanJJT1hVcW5tSUpKVXJnWXExcFphV1BGWERaOVN2VGo1VEZ3R1FrTUY5CjBCTmVQNjlhTXpXbmFEdHM2aUt6RWpyWlVtcVhCTmZwTGJaQjJORS9HWlB1Q3NBVk52clZKZE5ZcXZzYWt6a04Kei9NT3ozTVFYbWM0ZDRiSEg1Z0hTZXY2bjJwSTlDWUd1bjRBUnJ1WDFrV1lNSzAxRE9wYU9xVjZ5b0VKUGF1UgpITGFYaTRBYXpZL1BSMFJ2N3l4cjBvejVvU1N1L24rVDJydlJEL1NpQXZDdmhCZDhmTmhVRFBRRWJ5eXZMRVRDCk1nMGZZS2I5a0lRSkNHR0Qwb0pDV2h4QUwvYml4T1RvM1dPY0tQd0FtcVJMU2Rnek5aTXdpdHZjSzYySitZSHUKc3Q5VkVYcDQ1S3I2MlZjc1NMRG4wZUg2aU5hTEd3dU5zb25WM1VjVEFOVVlwZnB2cnRvY1ptVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
service:
name: coilv2-webhook-service
namespace: kube-system
path: /mutate-coil-cybozu-com-v2-egress
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: megress.kb.io
namespaceSelector: {}
objectSelector: {}
reinvocationPolicy: Never
rules:
- apiGroups:
- coil.cybozu.com
apiVersions:
- v2
operations:
- CREATE
resources:
- egresses
scope: '*'
sideEffects: None
timeoutSeconds: 10
It looks perfectly normal. I have no ideas.
I could be on the wrong path, but I might have more info.
I ran
kubectl port-forward coil-controller-5f84d47464-4gk9l 9443:9443 -n kube-system
and tried to test the endpoint
coil/v2/config/webhook/manifests.v1.yaml
Line 16 in a68ea5c
Doesn't seem to have a resource for address pool (see below), so this maybe why I get failed calling webhook "maddresspool.kb.io": the server could not find the requested resource
curl https://localhost:9443/mutate-coil-cybozu-com-v2-addresspool -k
Handling connection for 9443
404 page not found
Otherwise, things like the egress CRD webhook works but I presume it's because the webhook endpoint works in the coil-controller
curl https://localhost:9443/mutate-coil-cybozu-com-v2-egress -k
Handling connection for 9443
{"response":{"uid":"","allowed":false,"status":{"metadata":{},"message":"contentType=, expected application/json","code":400}}}
@jondkelley
Hi.
The mutating webhook of AddressPool is a recently implemented feature. It is not included in the released version of Coil.
The container image you are using is 2.0.9 of ghcr.io/cybozu-go/coil. To use this image, please checkout v2.0.9 tag of the Coil repository and run kustomize build . > coil.yaml
on that tag.
@morimoto-cybozu
Thanks. Would you please consider releasing a new version including this?
Install worked on tag 2.0.9, thanks for checking!