Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow webhook cert directory to be overridden #2476

Merged
merged 2 commits into from
Jan 29, 2020
Merged

Allow webhook cert directory to be overridden #2476

merged 2 commits into from
Jan 29, 2020

Conversation

sebgl
Copy link
Contributor

@sebgl sebgl commented Jan 28, 2020

Set a new --webhook-cert-dir flag that allows overriding the path to
the webhook certificates, most likely mounted from a Secret.

It's intended to be used this way:

args: ["manager", "--operator-roles", "all",
"--webhook-cert-dir=/tmp/whatever"]

(or by overriding the equivalent environment variable)

And the corresponding secret mount:

volumeMounts:
  - mountPath: /tmp/whatever
    name: cert
    readOnly: true

Fixes #2463.

@sebgl
Allow webhook cert directory path to be overridden
689361a 
Set a new `--webhook-cert-dir` flag that allows overriding the path to
the webhook certificates, most likely mounted from a Secret.

It's intended to be used this way:

```
args: ["manager", "--operator-roles", "all",
"--webhook-cert-dir=/tmp/whatever"]
```

(or by overriding the equivalent environment variable)

And the corresponding secret mount:

```
volumeMounts:
  - mountPath: /tmp/whatever
    name: cert
    readOnly: true
```
@sebgl sebgl added >enhancement Enhancement of existing functionality v1.1.0 labels Jan 28, 2020
@sebgl sebgl changed the title Allow webhook cert directory path to be overridden Allow webhook cert directory to be overridden Jan 28, 2020
@sebgl sebgl mentioned this pull request Jan 28, 2020
Closed
thbkrkr
thbkrkr reviewed Jan 28, 2020
View reviewed changes
anyasabo
anyasabo reviewed Jan 28, 2020
View reviewed changes
docs/operator-config.asciidoc
@@ -26,7 +26,8 @@ ECK can be configured using either command line flags or environment variables.
|operator-namespace |"" |Namespace the operator runs in. Required.
|operator-roles |all |Roles this operator should assume. Valid values are `namespace`, `global`, `webhook` or `all`. Accepts multiple comma separated values.
|webhook-pods-label |"" |Label used to select pods running the webhook server.
|webhook-secret |"" | Kubernetes secret containing the webhook certificates.
|webhook-secret |"" | K8s secret mounted into the path designated by webhook-cert-dir to be used for webhook certificates.
|webhook-cert-dir |"{TempDir}/k8s-webhook-server/serving-certs" |Path to the directory that contains the webhook server key and certificate.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was curious if the leading space differences in the last item (| K8s secret mounted vs |Path to the directory) changes how it renders. It looks like it does not so I don't think we need to be nitpicky here

@sebgl sebgl merged commit c3c0755 into elastic:master Jan 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thbkrkr thbkrkr thbkrkr approved these changes

@anyasabo anyasabo anyasabo approved these changes

Assignees
No one assigned
Labels
>enhancement Enhancement of existing functionality v1.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add the --cert-dir flag to change the directory for Webhook certificate.
3 participants
@sebgl @thbkrkr @anyasabo