How do I deploy a Pod initializer without deadlocking?

2
votes

I created an InitializerConfiguration that adds my initializer for pods.

The documentation says to use a Deployment (https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#configure-initializers-on-the-fly). However, doing so results in my initializer Pod being stuck in "pending" because it's waiting for itself to initialize it. I tried overriding the pending initializers to an empty list in the pod spec of the Deployment, but that seems to be ignored.

What's the correct way to deploy a Pod initializer without deadlocking?

I found a couple bug reports that seem related, but no solutions that worked for me: * https://github.com/kubernetes/kubernetes/issues/51485 (based on this one I added the "initialize" verb for pods to the ClusterRole system:controller:replicaset-controller, but that didn't help either)

1
kubernetes

1 Answers

1
votes

However, doing so results in my initializer Pod being stuck in "pending" because it's waiting for itself to initialize it

But the docs say:

You should first deploy the initializer controller and make sure that it is working properly before creating the initializerConfiguration. Otherwise, any newly created resources will be stuck in an uninitialized state.

So it sounds to me like you will want to kubectl delete initializerConfiguration --all (or, of course, the specific name of the initializerConfiguration), allow your initializer Pod to start successfully, then kubectl create -f my-initializer-config.yaml or whatever.