add webhook - fixes #10 #13
Conversation
|
Do you have any CI? |
Yeah, that's a good call. We also use CircleCI so that's an option. I'll look into it. |
|
I'll be getting to this soon. The holidays in the US have delayed my availability but should be getting it fully reviewed and able to merge soon. Thanks for your patience @davidkarlsen |
|
I wonder if the ca-bundle is really needed https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#webhook-configuration, "URL" Here is an example of a mutating webhook configured to call a URL (and expects the TLS certificate to be verified using system trust roots, so does not specify a caBundle): |
davidkarlsen
force-pushed
the
feature/handle-webhook
branch
from
86dcb55 to
5cafb15
Compare
|
I’ll Get a fresh squashed PR which passes dco once the other one is merged... |
Signed-off-by: David J. M. Karlsen <[email protected]>
davidkarlsen
force-pushed
the
feature/handle-webhook
branch
from
5cafb15 to
fc9cced
Compare
Signed-off-by: David J. M. Karlsen <[email protected]>
|
OK - clean patch applied. |
|
@zhill did you have a chance to look at this? Does it work OOTB w/o any caBundle? |
|
@zhill ? |
I've done some very initial testing that it does install OOTB w/o caBundle, but need further testing to ensure it works as expected. I'll try to get to that later tonight so we can get this resolved soon. Thanks @davidkarlsen ! |
|
I'm going to go ahead and merge this. I'm seeing some issues with the apiservice selection but I think that is not part of this change since it is setup in the init-ca script run during the install init-ca job. |
|
Ah - init-ca - we set out to fix that in #9. But is that really needed? |
|
OK, found a good description here: https://github.com/elithrar/admission-control#generating-tls-certificates |
|
And also https://www.scottguymer.co.uk/post/kubernetes-mutating-webhook-configuration/, lets fix this in #9 |
Signed-off-by: David J. M. Karlsen [email protected]
This change is