mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
default admission hook failure safely
This commit is contained in:
parent
f07b359e5b
commit
4e79357f9f
@ -191,7 +191,7 @@ func (a *GenericAdmissionWebhook) Admit(attr admission.Attributes) error {
|
||||
return
|
||||
}
|
||||
|
||||
ignoreClientCallFailures := hook.FailurePolicy == nil || *hook.FailurePolicy == v1alpha1.Ignore
|
||||
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1alpha1.Ignore
|
||||
if callErr, ok := err.(*ErrCallingWebhook); ok {
|
||||
if ignoreClientCallFailures {
|
||||
glog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)
|
||||
|
@ -216,7 +216,7 @@ func TestAdmit(t *testing.T) {
|
||||
},
|
||||
expectAllow: true,
|
||||
},
|
||||
"match & fail (but allow because fail open on nil)": {
|
||||
"match & fail (but disallow because fail closed on nil)": {
|
||||
hookSource: fakeHookSource{
|
||||
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
|
||||
Name: "internalErr A",
|
||||
@ -232,7 +232,7 @@ func TestAdmit(t *testing.T) {
|
||||
Rules: matchEverythingRules,
|
||||
}},
|
||||
},
|
||||
expectAllow: true,
|
||||
expectAllow: false,
|
||||
},
|
||||
"match & fail (but fail because fail closed)": {
|
||||
hookSource: fakeHookSource{
|
||||
|
Loading…
Reference in New Issue
Block a user