ndots for any pod in the system based on annotation.
The reason why I'm writing this is because helm charts and operators often don't include dnsconfig options in their specifications, but they generally allow the pass-through of annotations into pods, which will allow me to dynamically change the pod spec via MutatingWebhook to facilitate this fix.
The files in the repo assume you're installing the service to ndots-webhook, namespace ndots-webhook. If you don't want this, you'll need to edit the files in deploy/ to coincide with the changes. No helm charts here yet, but I may create some in the future.
- Clone this repo.
- Create a new webhook tls key pair.
service=<my-service-name> namespace=<my-namespace-name> secret=<what-to-name-secret> ./deploy/webhook-create-signed-cert.sh
e.g.
service=ndots-webhook namespace=ndots-webhook secret=ndots-webhook ./deploy/webhook-create-signed-cert.sh
- Copy the cert.pem payload out of that secret and put it into ./deploy/mutating_webhook.yaml under caBundle.
kubectl apply -kin the deploy/ folder
NOTE: I use pod security policies in my kubernetes cluster. The psp object might not apply. Just delete it if you don't need it.