-
Notifications
You must be signed in to change notification settings - Fork 327
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(kuma-cp) validate ca on k8s #485
Conversation
4c91a54
to
e377c0f
Compare
@@ -210,3 +210,27 @@ webhooks: | |||
- dataplanes | |||
- meshes | |||
- proxytemplates | |||
--- | |||
apiVersion: admissionregistration.k8s.io/v1beta1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's avoid a separate validating web hook for this.
It's an internal implementation detail that we use different components that contribute to overall validation.
We could use a "composite" handler to encapsulate this.
pkg/plugins/runtime/k8s/plugin.go
Outdated
return err | ||
} | ||
func addValidators(mgr kube_ctrl.Manager, rt core_runtime.Runtime) error { | ||
handler := k8s_webhooks.NewValidatingWebhook(k8s_resources.DefaultConverter(), core_registry.Global(), k8s_registry.Global()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's wrap this handler into a "composite" handler (aggregate over a list of handlers).
"composite" handler goes over a list and calls Handle
until the first denied response.
The list of handlers will consist of this one and the new Mesh-specific one.
ff4822a
to
4d68095
Compare
e377c0f
to
182f186
Compare
Summary
Wire mesh validator on K8S