Is your feature request related to a problem? Describe the feature request.
We're facing admission failures when the notary server for image signatures is overloaded or responding slowly. That is particularly seen, when a resource has multiple container images and each of them should be validated by making a call to the notary. As there is no mechanism for an automatic retry for most of the K8s API requests, we'd like to have the ability to configure the webhook configuration timeout explicitly in order to accommodate for the slow processing of the notary server or any network slowness or hiccups.
Describe the solution that you'd like
We'd like to have a property in the Helm values under the already existingwebhooks section, which could be simply called timeoutSeconds. Then in the webhooks template file teh property would be used for both webhooks. In order to ensure backwards compatibility, the property could be put optionally, if the section webhooks.timeoutSeconds is present. That could be done by a simple if statement provided from Helm.
Describe alternatives you've considered
Not much can be done to configure the timeouts, except explicitly patching the resource after applying to the cluster or doing some modification on the fly with tools like kustomize. Neither of those approaches are feasible under our current automation machinery and moreover seem hacky and unmaintainable.
Is your feature request related to a problem? Describe the feature request.
We're facing admission failures when the notary server for image signatures is overloaded or responding slowly. That is particularly seen, when a resource has multiple container images and each of them should be validated by making a call to the notary. As there is no mechanism for an automatic retry for most of the K8s API requests, we'd like to have the ability to configure the webhook configuration timeout explicitly in order to accommodate for the slow processing of the notary server or any network slowness or hiccups.
Describe the solution that you'd like
We'd like to have a property in the Helm values under the already existing
webhookssection, which could be simply calledtimeoutSeconds. Then in the webhooks template file teh property would be used for both webhooks. In order to ensure backwards compatibility, the property could be put optionally, if the sectionwebhooks.timeoutSecondsis present. That could be done by a simpleifstatement provided from Helm.Describe alternatives you've considered
Not much can be done to configure the timeouts, except explicitly patching the resource after applying to the cluster or doing some modification on the fly with tools like
kustomize. Neither of those approaches are feasible under our current automation machinery and moreover seem hacky and unmaintainable.