Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Relic Webhook Removes restartPolicy from initContainers in CronJob Pods, Preventing Execution #527

Open
Prasad-Telasula opened this issue Mar 9, 2025 · 1 comment
Open

New Relic Webhook Removes restartPolicy from initContainers in CronJob Pods, Preventing Execution #527

Prasad-Telasula opened this issue Mar 9, 2025 · 1 comment
Labels
bug Categorizes issue or PR as related to a bug.

Comments

@Prasad-Telasula
Copy link

Prasad-Telasula commented Mar 9, 2025
edited
Loading

Similar Issue
https://github.com/newrelic/newrelic-infra-operator/issues/218

We are experiencing an issue where the New Relic Infrastructure Operator’s mutating webhook is unexpectedly removing the restartPolicy field from initContainers in pods created by CronJobs.

Although we have disabled sidecar injection, the webhook still modifies the pod spec, causing pods to fail to start properly when executed by CronJobs. This behavior is disruptive as it affects workloads running in AWS EKS Fargate.

Steps to Reproduce

- Deploy a CronJob that contains an initContainer with a restartPolicy set at the Pod level.
- When the CronJob executes, it creates a Job, which then creates a Pod.
- The New Relic webhook removes restartPolicy from initContainers when the Pod is created.
- The Pod fails to start properly, even though no sidecar is injected.
- The issue persists even after applying infra-operator.newrelic.com/disable-injection: "true" to the CronJob.

Example

---
apiVersion: batch/v1
kind: CronJob
metadata:
  name: successful-cron-sidecar
  labels:
    infra-operator.newrelic.com/disable-injection: "true"
spec:
  suspend: false
  schedule: "*/45 * * * *"
  concurrencyPolicy: Replace
  jobTemplate:
    spec:
      ttlSecondsAfterFinished: 120
      template:
        metadata:
          labels: 
            infra-operator.newrelic.com/disable-injection: "true"
        spec:
          restartPolicy: OnFailure
          containers:
          - name: primary
            image: public.ecr.aws/aws-observability/aws-for-fluent-bit:2.19.0
            command:
            - /bin/sh
            - -c
            args:
            - echo "Pretend this is real logic" && sleep 30
          initContainers:
          - name: fluent-bit
            imagePullPolicy: Always
            restartPolicy: Always
            image: public.ecr.aws/aws-observability/aws-for-fluent-bit:2.19.0

Logs
"patch.webhook.admission.k8s.io/round_0_index_5": "{\"configuration\":\"newrelic-bundle-newrelic-infra-operator\",\"webhook\":\"newrelic-infra-operator.newrelic.com\",\"patch\":[{\"op\":\"remove\",\"path\":\"/spec/initContainers/0/restartPolicy\"}],\"patchType\":\"JSONPatch\"}"
@Prasad-Telasula Prasad-Telasula added the bug Categorizes issue or PR as related to a bug. label Mar 9, 2025
@workato-integration
Copy link

https://new-relic.atlassian.net/browse/NR-377227

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Prasad-Telasula