Additional fix to installer CSR signername and webhook

It seems that including the signerName in RBAC is optional in 1.17 (and before?), but required as of 1.18. Including signerName in the CSR itself, is optional in 1.18 but NOT supported in 1.17 or earlier. Hence, removing signerName from the CSR creation again. This may need to be revisited later.
nokia · May 18, 2020 · 1c705f9 · 1c705f9
1 parent 707cc96
commit 1c705f9
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/integration/manifests/webhook/webhook-create-signed-cert.sh b/integration/manifests/webhook/webhook-create-signed-cert.sh
@@ -86,7 +86,6 @@ spec:
   groups:
   - system:authenticated
   request: $(cat ${tmpdir}/server.csr | base64 | tr -d '\n')
-  signerName: kubernetes.io/legacy-unknown
   usages:
   - digital signature
   - key encipherment

diff --git a/scm/build/Dockerfile b/scm/build/Dockerfile
@@ -32,7 +32,7 @@ RUN scm/build/build.sh \
 # (Intermediate) Stage: Alping base image. Includes common user account and environment
 #                       for netwatcher, svcwatcher, webhook
 #
-FROM alpine:latest AS base-alpine
+FROM alpine:3.11 AS base-alpine
 ARG USERNAME
 ARG UID
 ARG GID
@@ -80,7 +80,7 @@ ENTRYPOINT ["/usr/local/bin/webhook"]
 # Note that unlike the other containers, this needs to run as root as
 # it places CNI plugins into the host's filesystem.
 #
-FROM alpine:latest AS danm-cni-plugins
+FROM alpine:3.11 AS danm-cni-plugins
 
 VOLUME ["/host/cni"]