It is bothering me how admission control webhooks work alongside #kubernetes controller reconciliation. If the admission controller doesn’t agree on what desired state looks like, I don’t think it can settle, right? (e.g. if desired state clashes with a policy check)
I think the normal next step is that a human intervenes because they’re seeing alerts generated at admission control.
Another option would be mutating webhook changing the request, but what if that still doesn’t match the controller’s desired state?
Are there any examples of getting feedback to the controller to get it to change its expectations?
I think this problem of disagreement between controller and admission webhook should be called “irreconcilable differences”
• • •
Missing some Tweet in this thread? You can try to
force a refresh