Static manifest with-rbac-webhook.yaml busted
#1034
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
|
Also, this static manifest doesn't create the namespace. I had to create it manually. Looks like it is created as part of the non webhook static manifests. |
|
Hey Joe,
Thanks for the issue! This is definitely something not quite documented
clearly enough. The webhook manifests should be taken as *additive* as
opposed to a replacement for the normal ones.
We really should clear this up though and expand our README to instruct
people what to do, step by step.
Additionally, I think you *may* (at least in kubernetes pre 1.12 or maybe
even 1.13) hit issues with validation of the 'spec.caBundle' field on the
ValidatingWebhookConfiguration with the webhook - I think we already have
an issue tracking this, but I'm on mobile right now so not able to check!
It can be resolved with '--validate=false' on the kubectl create command
(disabling client side validation!)
Hope that helps, we'll get this triaged and improved ASAP though as the
webhook is a new piece and I am super keen to gather feedback on it!
…On Thu, 1 Nov 2018 at 22:54, Joe Beda ***@***.***> wrote:
Also, this static manifest doesn't create the namespace. I had to create
it manually. Looks like it *is* created as part of the non webhook static
manifests.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1034 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAMbP1gscO0sXVH1LhB_6pOxAAdG6dfrks5uq3u9gaJpZM4YJ8zh>
.
|
|
Ah! That makes more sense then. It is cool for sure and I'll have to try it out some time soon. Very meta to have cert-manager create a cert so that it can talk to k8s. |
|
Yep - the way it's setup right now is a little shakey. We use a CronJob/Job resource that copies the certificate into the ValidatingWebhookConfiguration and APIService resources... I'm hoping we can come up with a better way to handle this soon, but wanted to unblock the validation work and get it out in some form to gather feedback 😄 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug:
The non-helm version that installs the webhook fails as it doesn't define the CRDs. They don't appear to be included in the manifest.
Expected behaviour:
I would expect the yaml to be applied cleanly.
Steps to reproduce the bug:
You'll get some errors like this:
Anything else we need to know?:
Environment details::
k8s v1.11.2
/kind bug
The text was updated successfully, but these errors were encountered: