admission to get tls certificate from kubeconfig, if tls config not defined in command line #152
Conversation
…efined in command line
|
@sivanzcw Have you tried whether the admission service can work with the default kubeconfig certificate? |
|
@TommyLike Certificate of default kubeconfig like admin.conf does not contain the credit for 'volcano-admission-service.default.svc' service of admission webhook. If default admin.conf kubeconfig is used, the admission can access the apiserver normally, but the apiserver callback webhook service will be authentication failed, because the service address was not trusted. The TLS certificate in the kubeconfig file that is attached to the admission needs to be a certificate that has been trusted for the service of admission webhook. If certificate in volcano-admission-secret is configured to kubeconfig, the admission can work normally. |
|
/lgtm |
volcano-sh-bot
added
approved
admission to get tls certificate from kubeconfig, if tls config not defined in command line
Admission to obtain the cluster tls authentication certificate, firstly try to get from the tls config defined by command line, if not, try to obtain from the cluster's kubeconfig.