Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: 1.15.5
Cloud being used: baremetal
Installation method: DC/OS
Host OS: Linux
CNI and version:
CRI and version:
Hi,
I have an AdmissionController which is running successfully and prevents some pods from getting instantiated, checking on the prescribed conditions by:
admissionReview := v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: false,
Result: &metav1.Status{
Message: "Unauthorized Pod. Denying request.",
},
},
}
But the Pod gets stuck in Terminated Status and never goes away. I also have a process that monitors for stuck pods and cleans up. It tries to delete these Terminated Pods using deleteNamespacedPod. The Api call works fine, but the Pod lingers on without getting deleted. Is the AdmissionController denial a finalizer that is holding back the Pod from getting deleted ? When I took down the Admission Controller, the clean up process was successfully able to delete the Pod.
Any insights or things I am missing in the AdmissionController ?
I appreciate any help/insights in this issue.
Thanks a lot,
-Sreeni