You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Kube-fledged installation currently relies on Kubernetes CertificateSigningRequest to generate the server certificate for the webhook server. This creates problems:-
The stable v1 version of CertificateSigningRequest doesn't supports signer kubernetes/legacy-unknown
The supported in-built signers are not usable to generate a server certificate. There's support only for client certificates
On clusters that have only v1 enabled, it is impossible to generate server certificate.
Bash script is used to generate certificate, so installing via GitOps (e.g. ArgoCD) is not fully supported.
The solution is to generate self-signed certificate for the webhook server and add the CA bundle to the validatingwebhookconfiguration, using init container or as init method within the webhook server.
The text was updated successfully, but these errors were encountered:
Kube-fledged installation currently relies on Kubernetes CertificateSigningRequest to generate the server certificate for the webhook server. This creates problems:-
The solution is to generate self-signed certificate for the webhook server and add the CA bundle to the validatingwebhookconfiguration, using init container or as init method within the webhook server.
The text was updated successfully, but these errors were encountered: