Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change the webhooks port to 9443 #1249

Merged
merged 2 commits into from
Aug 6, 2020
Merged

Change the webhooks port to 9443 #1249

merged 2 commits into from
Aug 6, 2020

Conversation

babbageclunk
Copy link
Member

@babbageclunk babbageclunk commented Aug 5, 2020
edited

Closes #1177

What this PR does / why we need it:
It changes the webhook port on which the operator gets validation requests from 443 to 9443. This means that it doesn't need root privileges, which in turn means the pod can run in more restrictive environments like SCC on OpenShift.

Special notes for your reviewer:
Split out the nasty helm chart churn into a separate PR #1250.

How does this PR make you feel:
Delighted!

If applicable:

  • this PR contains documentation
  • this PR contains tests

theunrepentantgeek
theunrepentantgeek previously approved these changes Aug 5, 2020
View reviewed changes
...ions.k8s.io_v1beta1_customresourcedefinition_azurepublicipaddresses.azure.microsoft.com.yaml Outdated
ipTags:
additionalProperties:
type: string
type: object
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New properties on purpose?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ipTags was added in #1246 - it's a map[string]string so I think this is right.

matthchr
matthchr previously approved these changes Aug 5, 2020
View reviewed changes
Copy link
Member

@matthchr matthchr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@babbageclunk babbageclunk mentioned this pull request Aug 5, 2020
Merged
2 tasks
@babbageclunk
Update webhook configuration to listen on 9443 rather than 443
e0134d6 
This enables running the operator in clusters that don't allow pods to
bind ports below 1024 (like OpenShift with SCC on).
@babbageclunk
Updated helm charts with new port
f6a9762
@babbageclunk babbageclunk merged commit 2be692d into Azure:master Aug 6, 2020
@babbageclunk babbageclunk deleted the port-9443 branch August 6, 2020 03:00
@theunrepentantgeek theunrepentantgeek mentioned this pull request Aug 9, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davefellows davefellows davefellows approved these changes

@frodopwns frodopwns Awaiting requested review from frodopwns

@jananivMS jananivMS Awaiting requested review from jananivMS

@Porges Porges Awaiting requested review from Porges

@WilliamMortlMicrosoft WilliamMortlMicrosoft Awaiting requested review from WilliamMortlMicrosoft

@theunrepentantgeek theunrepentantgeek Awaiting requested review from theunrepentantgeek

@matthchr matthchr Awaiting requested review from matthchr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bug: Operator fails to start (port 433) when PodSecurity or SCC is enabled on the cluster
4 participants
@babbageclunk @theunrepentantgeek @davefellows @matthchr