-
Story
-
Resolution: Done-Errata
-
Major
-
None
-
None
Currently, the operator creates the Mutating/ValidatingWebhookConfigurations for the SMCP, SMMR, and SMM. It also handles CA bundle injection into those webhooks and CRDs. This has the following downsides:
- after installation, the operator has to run and then restart so that it picks up the secret holding the certificate
- this certificate is never rotated
- the webhook resources aren't cleaned up when the operator is uninstalled
- the resources aren't recreated automatically if someone deletes them by mistake (causing SMCP/SMMR/SMM validation to either not be performed or to fail)
- the code that creates these resources creates its own kube client, which causes a lot of unnecessary API discovery requests
- these API discovery requests increase the probability of the API server throttling the operator and causing it to lose its leader lease
All this can be solved by letting OLM manage the webhooks.
- is documented by
-
OSSM-6772 [DOC] Remove commands from Clean up Operator resources
-
- Closed
-
- is related to
-
OSSM-6397 OSSM 2.5.1 operator installation error "Manager exited non-zero","error":"leader election lost"
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
- links to
-
RHSA-2024:135884
Red Hat OpenShift Service Mesh Containers for 2.6.0
- mentioned on
