kubectl run -n example-node-helm --rm -it api-test --image=ubuntu -- /bin/bash
wget --debug --header="Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" --ca-certificate=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt -O - https://kubernetes.default.svc/api/v1/namespaces/example-node-helm/pods
- https://github.com/newrelic/k8s-webhook-cert-manager
- https://github.com/kelseyhightower/certificate-init-container/blob/master/deployments/tls-app.yaml
- https://github.com/helm/charts/blob/master/stable/cockroachdb/templates/job.init.yaml
https://github.com/newrelic/k8s-webhook/blob/master/cert/generate_certificate.sh shows how to:
- extract the cert after the CSR was approved
- pem encode the cert and store it in a secret
- get the cluster ca bundle and patch that into the webhook, which is a required attribute of a admission webhook config
Need to look at: https://github.com/helm/charts/blob/master/stable/stash/templates/mutating-webhook-configuration.yaml