-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.15.z, 4.17.z, 4.16.z, 4.18.z
Description of problem:
{code:java}
Suspect a with validatingWebhook on OpenShift Cluster with Hosted control plane (HyperShift).
Based on error, it looks that konnectivity service ( https://hypershift-docs.netlify.app/reference/konnectivity/) is not proxying request from API pod into service for validatingWebhook ( from control plane to dataplane ).
To test validationwebhook, i'm using kyverno.
Steps to re-produce problem
1. deploy kyverno
- Kyverno is deployed with values kyverno-helm-values.yaml ( see attachments ).
Kyverno is deployed without any problem.
2. create user group (group-create.yaml)
3. create kyverno clusterpolicy ( app-project-create.yaml )
- this policy creates project group-test in Openshift cluster, when group with name GROUP-TEST exists
4. create another test group ( group-create-test.yaml )
oc apply -f group-create-test.yaml --loglevel 10
- it is no possible to create another group due to error where api server cannot reach https://kyverno-svc.kyverno.svc:443/validate/fail?timeout=10s
- note DNS error .
Version-Release number of selected component (if applicable):{code:none}
4.18.2
How reproducible:
Everytime
Steps to Reproduce:
1. As mentioned above
2.
3.
Actual results:
unable to add additional test group
Expected results:
Should be able to add additional test group
Additional info:
Able to replicate the issue locally.
- blocks
-
-
- POST
-
- is cloned by
-
-
- POST
-
- links to
