Generate Certs for Mutation/Validatiion Webhooks #169
Labels
area/security
Issues pertaining to security
good first issue
These are great first issues. If you are looking for a place to start, start here!
kind/design
Proposal discussing new features / fixes and how they should be implemented
kind/feature
New features for Agones
Milestone
Comments
markmandel
added
kind/feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Now that we have #101 (Helm) we can use it to generate the cert for the validation and mutation webhook at installation time.
Design
Looks like it should be relatively straight forward, as there is a
genSignedCertfunction built into helm. See examples below.We will need to change the controller so that it pulls the cert that it uses from a generated Secret.
This should be relatively straightforward as it already reads the certs a file , we'll just need to not add them in the Dockerfile and make sure to mount the Secret in the controller deployment
Research
https://github.com/lachie83/internallb-webhook-admission-controller/blob/master/charts/internallb-webhook-admission-controller/templates/admissionregistration.yaml
https://github.com/kubernetes/helm/blob/master/docs/charts_tips_and_tricks.md
http://masterminds.github.io/sprig/crypto.html
The text was updated successfully, but these errors were encountered: