12/12/2022, 4:02 PM
Hello everyone! 👋 I had a couple of questions about rancher's integration with cloud providers: On DigitalOcean Kubernetes, we have observed that we have quite a few users using rancher. 🙂 They install the rancher related webhooks in the cattle-system namespace and some of these webhooks have rules for basically all objects in the kube-system namespace. We have observed for some time now that this causes the cluster to break during upgrades especially because the rancher webhook prevents managed components that DigitalOcean installs in the kube-system namespace from coming up. I was wondering if this issue is something that is common to other cloud providers too? The mitigation so far has been to edit the webhook to set FailurePolicy of
, finish the upgrade. At the end of it, the webhook configuration is reset back to the original failurePolicy of Fail. We usually advise the users to exclude the managed components in the kube-system ns from the webhook configuration, but I suspect that they probably use helm or something provided from rancher and just apply. I was wondering if there any mitigation strategies you would recommend? Thank you! 🙂