sriov-network-operator icon indicating copy to clipboard operation
sriov-network-operator copied to clipboard

Published 20 hours ago verified publisher icon k8snetworkplumbingwg

Request: Option to use self signed webhooks when using "make deploy-setup-k8s"

Open oshoval opened this issue 3 years ago • 0 comments

We are using make deploy-setup-k8s Until now we used sriov-operator 4.4 and created a self signed CaBundles, and then patched the 3 webhooks to have the CaBundles: validatingwebhookconfiguration sriov-operator-webhook-config mutatingwebhookconfiguration sriov-operator-webhook-config mutatingwebhookconfiguration network-resources-injector-config All went fine.

When we tried to use sriov-operator version 4.8, we saw that the CaBundle is removed after a minute or two. The reason is that it has now a owner which reconcile it https://github.com/openshift/sriov-network-operator/blob/49045c36efb9136813f049b9977fe2b93c0a46c0/controllers/sriovoperatorconfig_controller.go#L146

Even if we tried to inject the CaBundle to the configmap in the code above, the configmap as well was reconciled.

It will be great to have please a method that will allow us to use self signed certs on k8s installation, without the need to disable the webhook.

Thanks

/cc @zshi-redhat

oshoval avatar Dec 14 '20 14:12 oshoval