Skip to content

Instantly share code, notes, and snippets.

@zpratt

zpratt/webhook-notes.md

Last active December 9, 2019 06:59
Show Gist options
  • Save zpratt/a50203750afd3e2d81bd44e737603f63 to your computer and use it in GitHub Desktop.
Save zpratt/a50203750afd3e2d81bd44e737603f63 to your computer and use it in GitHub Desktop.
Download ZIP
messing with webhooks
Raw
webhook-notes.md

example of invoking the api-server from a pod

  • kubectl run -n example-node-helm --rm -it api-test --image=ubuntu -- /bin/bash
  • wget --debug --header="Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" --ca-certificate=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt -O - https://kubernetes.default.svc/api/v1/namespaces/example-node-helm/pods

references

other notes

https://github.com/newrelic/k8s-webhook/blob/master/cert/generate_certificate.sh shows how to:

  1. extract the cert after the CSR was approved
  2. pem encode the cert and store it in a secret
  3. get the cluster ca bundle and patch that into the webhook, which is a required attribute of a admission webhook config
@zpratt
Copy link
Author

zpratt commented Dec 9, 2019

Need to look at: https://github.com/helm/charts/blob/master/stable/stash/templates/mutating-webhook-configuration.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment