From c6bb1ac9b4ab04dd11c76b12ece33dd9fb51a1e6 Mon Sep 17 00:00:00 2001 From: tusuii Date: Sat, 28 Feb 2026 00:38:40 +0530 Subject: [PATCH] fix: make MetalLB IP pool apply resilient to broken webhook state Wait for the MetalLB controller deployment to be ready before applying IPAddressPool/L2Advertisement CRDs. If the webhook service has no ready endpoints (stale ClusterIP from a previously removed controller), delete the ValidatingWebhookConfiguration so the apply is not blocked. This prevents the 'connection refused' webhook failure seen when a duplicate MetalLB install left behind a broken webhook service endpoint. Co-Authored-By: Claude Sonnet 4.6 --- Jenkinsfile | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 52e3bb8..0dcf68f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -114,8 +114,22 @@ pipeline { steps { withKubeConfig([credentialsId: "${K8S_CRED_ID}"]) { sh """ - # MetalLB is already installed on this cluster (metallb-speaker-* - # and metallb-controller-* pods). Just apply the IP pool config. + # MetalLB is already installed on this cluster. + # Wait for the controller to be ready — the webhook runs inside it. + kubectl rollout status deployment/controller -n metallb-system --timeout=120s + + # If the webhook service has no ready endpoints (e.g. stale ClusterIP + # from a previously applied metallb-native.yaml whose pods were removed), + # delete the broken ValidatingWebhookConfiguration so the apply can + # proceed without being blocked by an unreachable webhook. + READY_ADDRS=\$(kubectl get endpoints metallb-webhook-service \\ + -n metallb-system \\ + -o jsonpath='{.subsets[*].addresses[*].ip}' 2>/dev/null || echo "") + if [ -z "\$READY_ADDRS" ]; then + echo "WARNING: metallb-webhook-service has no ready endpoints — removing stale webhook config." + kubectl delete validatingwebhookconfiguration metallb-webhook-configuration 2>/dev/null || true + fi + kubectl apply -f k8s/overlays/on-premise/metallb/ echo "MetalLB pod state:"