Skip to content
This repository was archived by the owner on Oct 28, 2024. It is now read-only.

🐛 use self-signed certificate for the virtualcluster webhook server #145

Merged
merged 1 commit into from
Jun 24, 2021
Merged

🐛 use self-signed certificate for the virtualcluster webhook server #145

merged 1 commit into from
Jun 24, 2021

Conversation

charleszheng44
Copy link
Contributor

What this PR does / why we need it:

Use a self-signed certificate for the virtual cluster webhook. See issue #125 for more details.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
fixes #125

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 24, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: charleszheng44

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jun 24, 2021
@charleszheng44
Copy link
Contributor Author

@vincent-pli The VC should be able to run on Kind after this PR is merged.

@christopherhein
@Fei-Guo

@christopherhein
Copy link
Contributor

@charleszheng44 do you think VC should be managing these resources for the user? or should we be prescribing that the operator use cert-manager or manage their cluster certificates themselves?

I know cert-manager itself did a lot of cludgy work just to enable this type of seamless setup process for auto-deploying their own certs and it was fairly painful to write and maintain. It feels like we could make this easier with just supplying configs to use cert manager auto-injection and then we could rip out all this setup code and expect that if they aren't using cert-manager that they have an existing flow for certs and thus can just use that path.

@christopherhein
Copy link
Contributor

Code looks fine otherwise more just commenting on the overall approach.

@charleszheng44
Copy link
Contributor Author

@christopherhein I prefer using cert-manager to manage all certifications. But do you think it would be an overkill to deploy cert-manager to just manage the certification for the webhook server. Or we can use the cert-manager to manage all certifications for VC control plane components. However, I think we will use the CAPN to replace the VC native mode, and maybe we should import the cert-manager by then? We can use the cert-manager to manage certifications for all components (i.e., CAPN control plane components and VC webhook servers).

@christopherhein
Copy link
Contributor

@charleszheng44 mmk, that seems like a reasonable approach instead.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 24, 2021
@k8s-ci-robot k8s-ci-robot merged commit d7e67fd into kubernetes-retired:main Jun 24, 2021
@vincent-pli vincent-pli mentioned this pull request Jul 7, 2021
Merged
@jinsongo jinsongo mentioned this pull request Jul 8, 2021
Closed
@crazywill crazywill mentioned this pull request Sep 13, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@christopherhein christopherhein Awaiting requested review from christopherhein

@Fei-Guo Fei-Guo Awaiting requested review from Fei-Guo

Assignees

@christopherhein christopherhein

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

🐛 Webhook caBundle issues for Virtual Cluster
3 participants
@charleszheng44 @k8s-ci-robot @christopherhein