mirror of https://github.com/k3s-io/k3s
ac495f169b
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Use SSH tunnel for webhook communication iff the webhook is deployed as a service **What this PR does / why we need it**: We are getting the following error when the apiserver connects the webhook on localhost (configured via URL). We should only use the SSL tunnel for the connections to nodes when the webhooks are running as services. ``` I0119 17:41:18.678436 1 ssh.go:400] [4cdf44753cc3705d: localhost:10258] Dialing... W0119 17:41:18.678483 1 ssh.go:424] SSH tunnel not found for address "localhost", picking random node I0119 17:41:18.679810 1 ssh.go:402] [4cdf44753cc3705d: localhost:10258] Dialed in 1.398691ms. W0119 17:41:18.679928 1 admission.go:256] Failed calling webhook, failing closed xxx: failed calling admission webhook "xxx": Post xxx: ssh: rejected: connect failed (Connection refused) I0119 17:41:18.680346 1 wrap.go:42] POST /api/v1/namespaces/kube-system/pods: (5.725588ms) 500 ``` **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes # https://github.com/kubernetes/kubernetes/issues/58779 **Special notes for your reviewer**: **Release note**: ```release-note kube-apiserver is changed to use SSH tunnels for webhook iff the webhook is not directly routable from apiserver's network environment. ``` /assign @lavalamp @caesarxuchao @cheftako |
||
|---|---|---|
| .. | ||
| clicheck | ||
| cloud-controller-manager | ||
| controller-manager/app/options | ||
| gendocs | ||
| genkubedocs | ||
| genman | ||
| genswaggertypedocs | ||
| genutils | ||
| genyaml | ||
| gke-certificates-controller | ||
| hyperkube | ||
| importverifier | ||
| kube-apiserver | ||
| kube-controller-manager | ||
| kube-proxy | ||
| kube-scheduler | ||
| kubeadm | ||
| kubectl | ||
| kubelet | ||
| kubemark | ||
| linkcheck | ||
| BUILD | ||
| OWNERS | ||