#37 : Add wait script to check for functional validating web hook
General MR
Summary
The ESO validating webhook usually (some days, constantly) comes up in an unhealthy state. Sometimes this is because the cert-controller has not yet delivered the appropriate certificates to the webhook pod and configured them in the validating webhook object. Sometimes if we wait long enough this condition settles itself. Sometimes it does not. This wait script prevents the scenario where the ESO helm release says it is finished, the pods report healthy, but the webhook is actually broken, so new resources cannot be added.
Relevant logs/screenshots
Release "external-secrets" does not exist. Installing it now.
Error: failed post-install: 1 error occurred:
* timed out waiting for the condition
$ kubectl logs -n external-secrets external-secrets-wait-job-k2xvv
---
Running wait.sh...
---
+ cat
+ kubectl apply -f clustersecretstore.yaml
Error from server (InternalError): error when creating "clustersecretstore.yaml": Internal error occurred: failed calling webhook "validate.secretstore.external-secrets.io": failed to call webhook: Post "https://external-secrets-webhook.external-secrets.svc:443/validate-external-secrets-io-v1beta1-secretstore?timeout=5s": proxy error from 127.0.0.1:6443 while dialing 10.42.1.4:10250, code 502: 502 Bad Gateway
+ [[ 1 -eq 0 ]]
+ exit 1
Linked Issue
Upgrade Notices
N/A
Edited by Andrew Kesterson