Describe the bug
With Eventing 1.21 , having multiple trust bundles and a sinkbinding binding jobs from a jobsink, the eventing-webhook loses readiness/liveness when jobsink events start producing many pods.
The same scenario works fine with Eventing 1.17.
Expected behavior
Having a sinkbinding with many pods and multiple trust bundles should not cause the eventing-webhook to lose Readiness.
To Reproduce
The easiest way of reproducing is using SinkBinding with a JobSink , as that generates bound pods per each event).
See here for an example: (I'd not trust random person images from quay, but if you do, feel free to deploy it :)
https://gist.github.com/maschmid/794f015af1b1766909f480439b84b3b0
and then invoke a sender
curl 'https://sender-<your-cluster-url>/send?type=structured&count=1009'
Knative release version
1.21
same scenario works fine with 1.17
Additional context
The problem seems to be introduced by f88d983 . Invoking PropagateTrustBundles in sinkbinding Do means it is being invoked per each sinkbinding-bound resource, not just during sinkbinding reconciliation. As the PropagateTrustBundles synchonously gets and updates ConfigMaps, it may also significantly delay the webhook's admission review of the resources. I believe the PropagateTrustBundles should not belong in the Do at all (it should only by invoked during the SinkBinding reconciliation, not in the Do for each bound resource.
Describe the bug
With Eventing 1.21 , having multiple trust bundles and a sinkbinding binding jobs from a jobsink, the eventing-webhook loses readiness/liveness when jobsink events start producing many pods.
The same scenario works fine with Eventing 1.17.
Expected behavior
Having a sinkbinding with many pods and multiple trust bundles should not cause the eventing-webhook to lose Readiness.
To Reproduce
The easiest way of reproducing is using SinkBinding with a JobSink , as that generates bound pods per each event).
See here for an example: (I'd not trust random person images from quay, but if you do, feel free to deploy it :)
https://gist.github.com/maschmid/794f015af1b1766909f480439b84b3b0
and then invoke a sender
curl 'https://sender-<your-cluster-url>/send?type=structured&count=1009'Knative release version
1.21
same scenario works fine with 1.17
Additional context
The problem seems to be introduced by f88d983 . Invoking
PropagateTrustBundlesin sinkbindingDomeans it is being invoked per each sinkbinding-bound resource, not just during sinkbinding reconciliation. As thePropagateTrustBundlessynchonously gets and updates ConfigMaps, it may also significantly delay the webhook's admission review of the resources. I believe thePropagateTrustBundlesshould not belong in theDoat all (it should only by invoked during the SinkBinding reconciliation, not in theDofor each bound resource.