42b6b374cf
https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/177-volume-snapshot/tighten-validation-webhook-crd.md 1. Ratcheting validation webhook server image 2. Controller labels invalid objects 3. Unit tests for webhook 4. Deployment README and example deployment method with certs 5. Update top-level README Racheting validation: 1. webhook is strict on create 2. webhook is strict on updates where the existing object passes strict validation 3. webhook is relaxed on updates where the existing object fails strict validation (allows finalizer removal, status update, deletion, etc) Additionally the validating wehook server will perform immutability checks on scenario 2 above.
17 lines
463 B
Bash
Executable File
17 lines
463 B
Bash
Executable File
#!/bin/bash
|
|
# File originally from https://github.com/banzaicloud/admission-webhook-example/blob/blog/deployment/webhook-patch-ca-bundle.sh
|
|
|
|
ROOT=$(cd $(dirname $0)/../../; pwd)
|
|
|
|
set -o errexit
|
|
set -o nounset
|
|
set -o pipefail
|
|
|
|
export CA_BUNDLE=$(kubectl config view --raw -o json | jq -r '.clusters[0].cluster."certificate-authority-data"' | tr -d '"')
|
|
|
|
if command -v envsubst >/dev/null 2>&1; then
|
|
envsubst
|
|
else
|
|
sed -e "s|\${CA_BUNDLE}|${CA_BUNDLE}|g"
|
|
fi
|