Skip to content

reconcile main branch and add failure policy#39

Merged
dariuszSki merged 7 commits intorefactor-for-routerfrom
32-default-pod-admission---fail-closed-in-v1
Feb 22, 2025
Merged

reconcile main branch and add failure policy#39
dariuszSki merged 7 commits intorefactor-for-routerfrom
32-default-pod-admission---fail-closed-in-v1

Conversation

@qrkourier
Copy link
Member

@qrkourier qrkourier commented Feb 20, 2025

Add ZITI_AGENT_WEBHOOK_FAILURE_POLICY to override default fail policy if webhook ops fail for some reason

@qrkourier qrkourier changed the title 32 default pod admission fail closed in v1 reconcile main branch, etc. Feb 20, 2025
- key: kubernetes.io/metadata.name
operator: NotIn
values:
- kube-system
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

exclude kube-system namespace from selectors

zh.Config.ResolverIp = service.Spec.ClusterIP
} else {
klog.Info("Looked up DNS SVC ClusterIP and is not found")
zh.Config.ResolverIp = defaultClusterDnsServiceIP
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

assign default if lookup fails

"-i",
fmt.Sprintf("%v.json", identityName),
},
Args: []string{"tproxy"},
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need to specify identity name since it's always managed and invisible, so "ziti_id" default is fine for now.

@qrkourier qrkourier requested a review from dariuszSki February 20, 2025 22:58
@qrkourier qrkourier changed the title reconcile main branch, etc. reconcile main branch and add failure policy Feb 20, 2025
@dariuszSki dariuszSki merged commit 0ebed3d into refactor-for-router Feb 22, 2025
8 checks passed
@dariuszSki dariuszSki deleted the 32-default-pod-admission---fail-closed-in-v1 branch February 22, 2025 00:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants