[kong] Admission controller - Bring your own certificates (#381) #385
Conversation
Add the support of providing your own certificate to the admission controller.
Updated README.md
Add end of line.
Co-authored-by: Shane Utt <shane@shaneutt.com>
There was a problem hiding this comment.
Overriding the default generated variable values in the template works around the issues I'd laid out in #252 (comment) (it's always at the default location, so the controller doesn't need to worry about pulling them out of a ConfigMap and loading them into the environment instead), so 🥳
Please change admissionWebhook.certificate.ca.bundle to admissionWebhook.certificate.caBundle. That shouldn't be a nested object unless we need to include other CA bundle parameters, and I don't think we ever will.
Along with that, I believe you need something like this:
clientConfig:
{{- if not .Values.ingressController.admissionWebhook.certificate.provided }}
caBundle: {{ b64enc $caCert }}
{{- else }}
{{- if .Values.ingressController.admissionWebhook.certificate.caBundle }}
caBundle: {{ b64enc .Values.ingressController.admissionWebhook.certificate.caBundle }}
{{- end }}
{{- end }}
Otherwise, it will always try to set a caBundle field (even if the value is nil) when you set a provided certificate, which you don't want if you issued your certificate from the cluster CA. Do you agree?
|
@rainest, yes I agree to your feedback, I will change accordingly. Thanks ! |
Updates from PR review
Update from PR review
Update form PR review
Add the support of providing your own certificate to the admission controller.
What this PR does / why we need it:
Which issue this PR fixes
Special notes for your reviewer:
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
nextbranch and targetsnext, notmain[kong])