DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

images/kube-webhook-certgen/rootfs: improvements (#7630)

Browse source 
* images/kube-webhook-certgen/rootfs/README.md: remove trailing whitespace

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs: improve code formatting

Automatically using gofumpt.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs: remove executable bits from files

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs/cmd: remove unreachable code

log.Fatal(|f) will alread call os.Exit(1), so this code is never
reached.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs/pkg/k8s: fix unit tests

Right now they fail as everything else migrated from using v1beta1 to
v1.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs: create clientset in cmd package

So one can easily mock the client, without touching unexported parts of
the code and to soften the dependency between CLI code (kubeconfig
path).

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs/cmd: simplify bool logic

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs/pkg/k8s: improve formatting

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs/pkg/k8s: improve variable names

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs/pkg/k8s: refactor a bit

Move patching logic to separate functions.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

* images/kube-webhook-certgen/rootfs/pkg/k8s: fix error log messages

In patchMutating() function, log messages were waying still patching
validating webhook.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
This commit is contained in:
Mateusz Gozdek 2021-09-16 22:59:26 +02:00 committed by GitHub
parent b3389a1b6f
commit 260910c0a0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 108 additions and 94 deletions
Download patch file Download diff file Expand all files Collapse all files

4
images/kube-webhook-certgen/rootfs/README.md Executable file → Normal file
View file

@ -7,14 +7,14 @@ creators.
## Overview
Generates a CA and leaf certificate with a long (100y) expiration, then patches [Kubernetes Admission Webhooks](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/)
by setting the `caBundle` field with the generated CA.
by setting the `caBundle` field with the generated CA.
Can optionally patch the hooks `failurePolicy` setting - useful in cases where a single Helm chart needs to provision resources
and hooks at the same time as patching.
The utility works in two parts, optimized to work better with the Helm provisioning process that leverages pre-install and post-install hooks to execute this as a Kubernetes job.
## Security Considerations
This tool may not be adequate in all security environments. If a more complete solution is required, you may want to
This tool may not be adequate in all security environments. If a more complete solution is required, you may want to
seek alternatives such as [jetstack/cert-manager](https://github.com/jetstack/cert-manager)
## Command line options