Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CONTP-356] feat(admission server): implement ValidatingAdmissionWebhook #28512

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

[CONTP-356] feat(admission server): implement ValidatingAdmissionWebhook #28512

wants to merge 12 commits into from
+1,501 −598

Conversation

wdhif
Copy link
Member

@wdhif wdhif commented Aug 16, 2024
edited
Loading

What does this PR do?

This PR implements ValidatingAdmissionWebhook in the Cluster Agent.

Motivation

Support for ValidatingAdmissionWebhook is needed for future Cluster Agent features.

Additional Notes

This PR also refactors heavily the Admission Controller to avoid code duplication between ValidatingAdmissionWebhook and MutatingAdmissionWebhook.

Describe how to test/QA your changes

QA was done by using a custom version of this PR that contains a basic Validation Webhook called alwaysadmit that works the same way as this default webhook. Note that I've sometime modified this webhook to actually also be an alwaysdeny webhook for testing purposes. It will not be a part of the Datadog Agent.

I also used this custom branch of the Operator that give the Cluster Agent the correct RBACs to be able to create, edit and delete the Validation Admission Webhooks. This will be merged and done for the Datadog Helm Charts too.

Without the correct RBACs for ValidatingWebhookConfigurations

➜ k exec -it deployments/datadog-cluster-agent -- agent status
[...]
====================
Admission Controller
====================

    Webhooks info
    -------------

      ValidatingWebhookConfigurations name: datadog-webhook
      Error: validatingwebhookconfigurations.admissionregistration.k8s.io "datadog-webhook" is forbidden: User "system:serviceaccount:default:datadog-cluster-agent" cannot get resource "validatingwebhookconfigurations" in API group "admissionregistration.k8s.io" at the cluster scope


      MutatingWebhookConfigurations name: datadog-webhook
      Created at: 2024-09-02 09:28:31 +0000 UTC
      ---------
        Name: datadog.webhook.agent.config
        CA bundle digest: 3d87ba8d81bd3bac
        Object selector: &LabelSelector{MatchLabels:map[string]string{},MatchExpressions:[]LabelSelectorRequirement{LabelSelectorRequirement{Key:admission.datadoghq.com/enabled,Operator:NotIn,Values:[false],},},}
        Rule 1: Operations: [CREATE] - APIGroups: [] - APIVersions: [v1] - Resources: [pods]
        Service: default/datadog-admission-controller - Port: 443 - Path: /injectconfig
      ---------
        Name: datadog.webhook.lib.injection
        CA bundle digest: 3d87ba8d81bd3bac
        Object selector: &LabelSelector{MatchLabels:map[string]string{},MatchExpressions:[]LabelSelectorRequirement{LabelSelectorRequirement{Key:admission.datadoghq.com/enabled,Operator:NotIn,Values:[false],},},}
        Rule 1: Operations: [CREATE] - APIGroups: [] - APIVersions: [v1] - Resources: [pods]
        Service: default/datadog-admission-controller - Port: 443 - Path: /injectlib
      ---------
        Name: datadog.webhook.standard.tags
        CA bundle digest: 3d87ba8d81bd3bac
        Object selector: &LabelSelector{MatchLabels:map[string]string{},MatchExpressions:[]LabelSelectorRequirement{LabelSelectorRequirement{Key:admission.datadoghq.com/enabled,Operator:NotIn,Values:[false],},},}
        Rule 1: Operations: [CREATE] - APIGroups: [] - APIVersions: [v1] - Resources: [pods]
        Service: default/datadog-admission-controller - Port: 443 - Path: /injecttags

The MutatingAdmissionWebhook still works as expected but the ValidatingAdmissionWebhook are disabled.

➜ k logs deployments/datadog-cluster-agent | grep "couldn't sync informer"
2024-09-02 09:28:31 UTC | CLUSTER | WARN | (pkg/util/kubernetes/apiserver/util.go:44 in func1) | couldn't sync informer admissionregistration.k8s.io/v1/validatingwebhookconfigurations in 5.001327878s (kube_cache_sync_timeout_seconds: 5s)
2024-09-02 09:28:31 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/controllers/webhook/controller_v1.go:86 in NewControllerV1) | Disabling validation webhook controller: couldn't sync informer admissionregistration.k8s.io/v1/validatingwebhookconfigurations in 5.001327878s
2024-09-02 09:28:36 UTC | CLUSTER | WARN | (pkg/util/kubernetes/apiserver/util.go:44 in func1) | couldn't sync informer admissionregistration.k8s.io/v1/validatingwebhookconfigurations in 5.001771294s (kube_cache_sync_timeout_seconds: 5s)
2024-09-02 09:28:36 UTC | CLUSTER | WARN | (subcommands/start/command.go:483 in start) | Admission controller started with errors: couldn't sync informer admissionregistration.k8s.io/v1/validatingwebhookconfigurations in 5.001771294s

With the correct RBACs for ValidatingWebhookConfigurations

With both ValidatingAdmissionWebhook and MutatingAdmissionWebhook disabled.

    Webhooks info
    -------------

      ValidatingWebhookConfigurations name: datadog-webhook
      Created at: 2024-08-27 09:03:49 +0000 UTC

      MutatingWebhookConfigurations name: datadog-webhook
      Created at: 2024-08-27 09:03:49 +0000 UTC

By default or with it enabled:

      ValidatingWebhookConfigurations name: datadog-webhook
      Created at: 2024-08-27 09:03:49 +0000 UTC
      ---------
        Name: datadog.webhook.always.admit
[...]
      MutatingWebhookConfigurations name: datadog-webhook
      Created at: 2024-08-27 09:03:49 +0000 UTC
      ---------
        Name: datadog.webhook.agent.config
[...]
      ---------
        Name: datadog.webhook.lib.injection
[...]
      ---------
        Name: datadog.webhook.standard.tags
[...]

➜ k describe validatingwebhookconfigurations.admissionregistration.k8s.io datadog-webhook | grep datadog.webhook.
  Name:            datadog.webhook.always.admit
➜ k describe mutatingwebhookconfigurations.admissionregistration.k8s.io datadog-webhook | grep datadog.webhook.
  Name:            datadog.webhook.agent.config
  Name:            datadog.webhook.standard.tags
  Name:            datadog.webhook.lib.injection

When alwaysadmit returns true and log a specific message:

➜ k apply -f workloads/nginx.yaml
deployment.apps/nginx created
➜ k get pod | grep nginx
nginx-794d7f6dd5-wx9q6                           1/1     Running   0          66s
➜ k logs deployments/datadog-cluster-agent | grep "Pod validation webhook"
2024-08-27 15:36:03 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always admitting pods

When modifying the Cluster Agent with an alwaysadmit webhook that returns false and log a specific message, and re-deploying the Agent:

➜ k describe replicasets/nginx-794d7f6dd5 | grep -A 3 Events
Events:
  Type     Reason        Age                 From                   Message
  ----     ------        ----                ----                   -------
  Warning  FailedCreate  12s (x14 over 53s)  replicaset-controller  Error creating: admission webhook "datadog.webhook.always.admit" denied the request without explanation
➜ k logs deployments/datadog-cluster-agent | grep "Pod validation webhook"
2024-08-27 15:45:05 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:05 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:05 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:05 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:05 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:05 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:05 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:06 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:06 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:08 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:10 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:15 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:26 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:45:46 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods
2024-08-27 15:46:27 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always refusing pods

When keeping the same behaviour but changing the endpoint of the alwaysadmit webhook to validate webhook updates.
Before

➜ k describe validatingwebhookconfigurations.admissionregistration.k8s.io datadog-webhook
Name:         datadog-webhook
[...]
API Version:  admissionregistration.k8s.io/v1
Kind:         ValidatingWebhookConfiguration
Metadata:
  Creation Timestamp:  2024-08-27T15:27:43Z
  Generation:          1
  Resource Version:    1763
  UID:                 fd7e11e6-7bb1-4391-8059-8ce4a71bac60
[...]
    Service:
      Name:        datadog-admission-controller
      Namespace:   system
      Path:        /always-admit
      Port:        443
  Failure Policy:  Ignore
  Match Policy:    Exact
  Name:            datadog.webhook.always.admit

After

➜  datadog-dev git:(main) ✗ k describe validatingwebhookconfigurations.admissionregistration.k8s.io datadog-webhook
Name:         datadog-webhook
[...]
API Version:  admissionregistration.k8s.io/v1
Kind:         ValidatingWebhookConfiguration
Metadata:
  Creation Timestamp:  2024-08-27T15:27:43Z
  Generation:          2
  Resource Version:    4519
  UID:                 fd7e11e6-7bb1-4391-8059-8ce4a71bac60
[...]
    Service:
      Name:        datadog-admission-controller
      Namespace:   system
      Path:        /always-deny
      Port:        443
  Failure Policy:  Ignore
  Match Policy:    Exact
  Name:            datadog.webhook.always.admit

Webhook still works as expected, in this case, by always denying.

➜ k logs deployments/datadog-cluster-agent | grep "Pod validation webhook"
2024-08-27 16:00:40 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:40 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:40 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:40 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:40 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:40 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:40 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:41 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:41 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:43 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods
2024-08-27 16:00:45 UTC | CLUSTER | WARN | (pkg/clusteragent/admission/validate/alwaysadmit/alwaysadmit.go:94 in 1) | Pod validation webhook always_admit is always denies pods

@wdhif wdhif added the team/container-platform The Container Platform Team label Aug 16, 2024
@wdhif wdhif modified the milestones: 7.57.0, 7.58.0 Aug 16, 2024
@wdhif wdhif force-pushed the CONTP-324/wassim.dhif/implement-validating-admission-webhook branch 2 times, most recently from 82bb957 to b88e005 Compare August 16, 2024 14:11
@pr-commenter
Copy link

pr-commenter bot commented Aug 16, 2024
edited
Loading

Regression Detector

Regression Detector Results

Run ID: cf236f87-6a57-43d4-945f-dd7b808ba63b Metrics dashboard Target profiles

Baseline: 456feb4
Comparison: c7d9777

Performance changes are noted in the perf column of each table:

  • ✅ = significantly better comparison variant performance
  • ❌ = significantly worse comparison variant performance
  • ➖ = no significant change in performance

No significant changes in experiment optimization goals

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.

Fine details of change detection per experiment

perf experiment goal Δ mean % Δ mean % CI trials links
pycheck_lots_of_tags % cpu utilization +2.12 [-0.40, +4.65] 1 Logs
uds_dogstatsd_to_api_cpu % cpu utilization +1.63 [+0.88, +2.39] 1 Logs
otel_to_otel_logs ingress throughput +1.12 [+0.31, +1.93] 1 Logs
tcp_dd_logs_filter_exclude ingress throughput +0.00 [-0.01, +0.01] 1 Logs
uds_dogstatsd_to_api ingress throughput -0.00 [-0.09, +0.08] 1 Logs
file_tree memory utilization -0.18 [-0.26, -0.09] 1 Logs
basic_py_check % cpu utilization -0.28 [-3.04, +2.48] 1 Logs
tcp_syslog_to_blackhole ingress throughput -0.47 [-0.53, -0.42] 1 Logs
idle memory utilization -0.70 [-0.74, -0.65] 1 Logs

Bounds Checks

perf experiment bounds_check_name replicates_passed
idle memory_usage 10/10

Explanation

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

  1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

  2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

  3. Its configuration does not mark it "erratic".

@wdhif wdhif force-pushed the CONTP-324/wassim.dhif/implement-validating-admission-webhook branch from b88e005 to 7572022 Compare August 19, 2024 11:28
@wdhif wdhif changed the title Implement ValidatingAdmissionWebhook [CONTP-356] Implement ValidatingAdmissionWebhook Aug 19, 2024
@wdhif wdhif changed the title [CONTP-356] Implement ValidatingAdmissionWebhook [CONTP-356] feat(admission server): implement ValidatingAdmissionWebhook Aug 19, 2024
@wdhif wdhif force-pushed the CONTP-324/wassim.dhif/implement-validating-admission-webhook branch 13 times, most recently from 29a988a to c8ef9f9 Compare August 20, 2024 12:17
@pr-commenter
Copy link

pr-commenter bot commented Aug 20, 2024
edited
Loading

Test changes on VM

Use this command from test-infra-definitions to manually test this PR changes on a VM:

inv create-vm --pipeline-id=45110908 --os-family=ubuntu

Note: This applies to commit c7d9777

@wdhif wdhif force-pushed the CONTP-324/wassim.dhif/implement-validating-admission-webhook branch 5 times, most recently from 97d0dec to 2972b9b Compare August 21, 2024 16:17
davidor
davidor reviewed Sep 4, 2024
View reviewed changes
pkg/clusteragent/admission/controllers/webhook/config.go Outdated Show resolved Hide resolved
pkg/clusteragent/admission/controllers/webhook/controller_base.go Outdated Show resolved Hide resolved
cmd/cluster-agent/subcommands/start/command.go Show resolved Hide resolved
pkg/clusteragent/admission/controllers/webhook/controller_v1.go Outdated

return err
mutatingWebhook, err := c.mutatingWebhooksLister.Get(c.config.getWebhookName())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This err overrides the one for the validating webhooks lister. So, if there was an error for those, we won't return it. Is this intentional?

@wdhif wdhif force-pushed the CONTP-324/wassim.dhif/implement-validating-admission-webhook branch 2 times, most recently from baf7a28 to 15d0cdb Compare September 4, 2024 16:29
@wdhif wdhif force-pushed the CONTP-324/wassim.dhif/implement-validating-admission-webhook branch 5 times, most recently from dd660ed to 3aa0e8c Compare September 5, 2024 09:20
@wdhif wdhif requested a review from davidor September 5, 2024 10:34
mfpierre
mfpierre reviewed Sep 5, 2024
View reviewed changes
pkg/util/kubernetes/apiserver/util.go
@@ -42,7 +52,7 @@ func SyncInformers(informers map[InformerName]cache.SharedInformer, extraWait ti
end := time.Now()
cacheSyncTimeouts.Inc()
log.Warnf("couldn't sync informer %s in %v (kube_cache_sync_timeout_seconds: %v)", name, end.Sub(start), timeoutConfig)
return fmt.Errorf("couldn't sync informer %s in %v", name, end.Sub(start))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any reason to drop the time in the error, because it's in the log above?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it's to allow us to handle the error more easily here:
https://github.com/DataDog/datadog-agent/pull/28512/files#diff-7a585acdf88c85cf7bf7b21828503aa376757b0927f5cd6394f8b44bbd65bebeR474-R481

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When catching the error, it should be possible to catch any SyncInformersError (and only those types of error) what ever the time field is.
Look at this example: https://play.golang.com/p/Zuro7uQFNBH
We’re able to catch ErrorB without having to assume anything about the value of its fields.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but I actually want to only catch SyncInformersError that are specific to the ValidatingWebhooksInformer while at the same time not having to define another error type like SyncValidatingInformersError, as this would also complexify the code of the SyncInformers method.

@wdhif wdhif force-pushed the CONTP-324/wassim.dhif/implement-validating-admission-webhook branch from 2997203 to d3ab880 Compare September 5, 2024 12:17
@wdhif wdhif modified the milestones: 7.58.0, 7.59.0 Sep 6, 2024
@wdhif wdhif force-pushed the CONTP-324/wassim.dhif/implement-validating-admission-webhook branch 2 times, most recently from bb8edb5 to 2a2575e Compare September 25, 2024 13:04
wdhif and others added 12 commits September 25, 2024 15:04
@wdhif
chore(admission server): make controller mutating specific
1308982 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif
feat(admission server): implement validating webhooks
4bdff4c 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif
fix(admission server): allow for missing RBACs
184f15b 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif
fix(webhooks): remove uneeded webhookType field
4dedb6c 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif @L3n41c
fix(admission server): remove unneeded webhookType switch.
785df40 
Co-authored-by: Lénaïc Huard <L3n41c@users.noreply.github.com>
@wdhif
fix(admission server): improve validation informer error check
b2e7f14 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif
fix(admission server): add comment regarding empty validating webhook…
c85ced3 
… slice

Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif
fix(admission server): improve config methods naming
356e074 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif
fix(admission server): improve reconcile() error handling
6cf2a4f 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif
fix: fix main rebase
d8ef39b 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif
fix(admission server): improve missing validation RBACs mechanism
54cae7e 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif
fix: rebase on main
c7d9777 
Signed-off-by: Wassim DHIF <wassim.dhif@datadoghq.com>
@wdhif wdhif force-pushed the CONTP-324/wassim.dhif/implement-validating-admission-webhook branch from 2a2575e to c7d9777 Compare September 25, 2024 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mfpierre mfpierre mfpierre approved these changes

@Kyle-Verhoog Kyle-Verhoog Kyle-Verhoog approved these changes

@ogaca-dd ogaca-dd ogaca-dd approved these changes

@L3n41c L3n41c Awaiting requested review from L3n41c

@davidor davidor Awaiting requested review from davidor

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
changelog/no-changelog qa/done Skip QA week as QA was done before merge and regressions are covered by tests team/container-platform The Container Platform Team
Projects
None yet
Milestone
7.59.0
Development

Successfully merging this pull request may close these issues.
6 participants
@wdhif @davidor @L3n41c @mfpierre @Kyle-Verhoog @ogaca-dd