Light

phosae / denyenv-validating-admission-webhook Goto Github PK

View Code? Open in Web Editor NEW

4.0 4.0 9.0 1.51 MB

Dockerfile 4.04% Makefile 16.29% Go 47.95% Shell 31.71%

denyenv-validating-admission-webhook's Introduction

Hi there 👋

I currently make ☁ Cloud Native for a live.

✍🏻 write tech blog at zeng.dev
🐬 build more understandable Kubernetes extensions guide at x-kubernetes
🧐 learn Rust serveral times, seem to be making progress with rust-hands-on
✨ organize technical materials for avid learner. Check out How-To-Kubernetes, How-To-Rust, How-To-Golang
👻 am interested in distributed systems and have read the book Designing Data-Intensive Applications serveral times...
☕ have worked with Java in the past. Here are my study notes

denyenv-validating-admission-webhook's People

Contributors

Stargazers

Watchers

Forkers

renshuyang7 niuzhi royster-lee wqlparallel sarina-creat lichujun xsixing fly-open-k8s swg0110

denyenv-validating-admission-webhook's Issues

Deploy the webhook outside the cluster, Error: failed to call webhook:Post "https://192.168.230.129:8000/validate?timeout=3s": http: server gave HTTP response to HTTPS client

Hi, I followed your guide and deployed the webhook outside the cluster, but the error happens when the webhook is called
I used ubuntu 20.04, and the cluster is created by kind, Kubernetes version:1.23.4, and I did not change anything except the IP address
Could you please help me out TAT
Thank you sooooo much!

Error from server (InternalError): Internal error occurred: failed calling webhook "denyenv.zeng.dev": failed to call webhook: Post "https://192.168.230.129:8000/validate?timeout=3s": http: server gave HTTP response to HTTPS client

I use cert-manager for TLS certificate management
(Actually, I tried to use Kubernetes CertificateSigningRequest as well, but the same error happens QAQ)

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml

and I verified the installation

root@ren-virtual-machine:/home/ren/goworkplace/src/webhook# kubectl get pods --namespace cert-manager
NAME                                       READY   STATUS    RESTARTS   AGE
cert-manager-64d9bc8b74-fmqll              1/1     Running   0          73s
cert-manager-cainjector-6db6b64d5f-z6k52   1/1     Running   0          73s
cert-manager-webhook-6c9dd55dc8-vz4n5      1/1     Running   0          73s

after that, I followed your guide to create the selfsigned-issuer, the secret and the webhook configuration

root@ren-virtual-machine:/home/ren/goworkplace/src/webhook# kubectl apply -f k-cert-manager.yaml 
issuer.cert-manager.io/denyenv-selfsigned-issuer created
certificate.cert-manager.io/denyenv-tls-secret created

root@ren-virtual-machine:/home/ren/goworkplace/src/webhook# kubectl get ValidatingWebhookConfiguration denyenv -o yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  annotations:
    cert-manager.io/inject-ca-from: default/denyenv-tls-secret
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"admissionregistration.k8s.io/v1","kind":"ValidatingWebhookConfiguration","metadata":{"annotations":{"cert-manager.io/inject-ca-from":"default/denyenv-tls-secret"},"name":"denyenv"},"webhooks":[{"admissionReviewVersions":["v1"],"clientConfig":{"caBundle":"","url":"https://192.168.230.129:8000/validate"},"failurePolicy":"Fail","matchPolicy":"Exact","name":"denyenv.zeng.dev","objectSelector":{"matchExpressions":[{"key":"app","operator":"NotIn","values":["denyenv"]}]},"rules":[{"apiGroups":[""],"apiVersions":["v1"],"operations":["CREATE"],"resources":["pods"],"scope":"*"}],"sideEffects":"None","timeoutSeconds":3}]}
  creationTimestamp: "2022-05-13T10:14:03Z"
  generation: 2
  name: denyenv
  resourceVersion: "1486"
  uid: 930c086a-c4b7-402b-80c2-a602ff69574b
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURXVENDQWtHZ0F3SUJBZ0lRZlViK0Rwc1R5bWd3YWhPVDEvKzdhekFOQmdrcWhraUc5dzBCQVFzRkFEQXQKTVJFd0R3WURWUVFLRXdoNlpXNW5MbVJsZGpFWU1CWUdBMVVFQXhNUFpHVnVlV1Z1ZGk1a1pXWmhkV3gwTUI0WApEVEl5TURVeE16RXdNVE15TjFvWERUSXpNRFV4TXpFd01UTXlOMW93TFRFUk1BOEdBMVVFQ2hNSWVtVnVaeTVrClpYWXhHREFXQmdOVkJBTVREMlJsYm5sbGJuWXVaR1ZtWVhWc2REQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dFUEFEQ0NBUW9DZ2dFQkFLTWkvRmlSQVlmWTA3ZFRxUUVlbEVRc1ErOEVWRjZuMVpoL1N5RkR5RytHcnVmZQp3OStvb0xkbEg3V3BnSWRZZ3JvYjVKVkVSbHRCQ1ZNeHRDc2VFandLOCtlSWNJOEx6bXY0UFJpRDFzVnQyeHp0ClBYTUk1YkMzNlZaaGtXRlp2eUJRWGZBYnVQWExyazRLTTk1TFFBVWdzYnROQ0QwWnNoSGY5VzRnRG9pOTgrc1EKc2svZE15ZEFYd3NWbmlWNGR6dmVnTXd4Qy8wUzNKcm1SU2RsY0xhTTRmOTEvQU5UazZ0aUcrQmNwNmtNSUJYWgpkZ1RzTmovWVk2b3BQSXVzdm42TXU4TlBkZnhPM2VYMmU0dHZ4Z2VSS0hiMzRuQjlucU1SR2pPTko1ZUV3VXZZCmhNY0k0cmFwbkxTc0F5UDBJbDdyNks1cVB3ZmtIUTZSVzBUK1F0RUNBd0VBQWFOMU1ITXdEZ1lEVlIwUEFRSC8KQkFRREFnV2dNQk1HQTFVZEpRUU1NQW9HQ0NzR0FRVUZCd01CTUF3R0ExVWRFd0VCL3dRQ01BQXdQZ1lEVlIwUgpCRGN3TllJSFpHVnVlV1Z1ZG9JUFpHVnVlV1Z1ZGk1a1pXWmhkV3gwZ2hOa1pXNTVaVzUyTG1SbFptRjFiSFF1CmMzWmpod1RBcU9hQk1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQkh2TkxzMXkrVDVva20xbnR3V2oySUJ4bHYKRG43QnhnUUx2bGc4NG1kaXFNNEl1VENkd2E5M2l6M2dFVWlzNTU1MWZXZjhxUGExMEdnSlVFOWQzSWNXM3NacwpwbEMvRXJCM2NUWnNZMUFFQVByWWNsRVlhRFZ5NTB6Y2htV0xqNEdqcG0yVUpBS0VxdFcvOVM2TGF4c0VkTVpKCkRrTmZLN3liR2ZoUGNlOWU5SDdvZnZwZTZvdDBaSUpIcFNsT0tYTDgzTzJYY2dqZkhrLzhENWVyaXZHWnlmaDYKUGVTZUhVQWhJbUhrbVNXY2VCWVEzTE9jOFR3RUtSdjhjYXRNTXd1SHZvdklGV1E3emFPS1dEVTJLeDVIaVk3agpjWmRCb0xYUEdEK1ZTK3BtNjBsQXNTMDNhOTVOaUpXMmN5eGxMRnZNZS84ZzA5Mk5CWVJrb1ozd2gvYjQKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    url: https://192.168.230.129:8000/validate
  failurePolicy: Fail
  matchPolicy: Exact
  name: denyenv.zeng.dev
  namespaceSelector: {}
  objectSelector:
    matchExpressions:
    - key: app
      operator: NotIn
      values:
      - denyenv
  rules:
  - apiGroups:
    - ""
    apiVersions:
    - v1
    operations:
    - CREATE
    resources:
    - pods
    scope: '*'
  sideEffects: None
  timeoutSeconds: 3

after that, I get the cert and key, then run the webhook on vscode, then test

root@ren-virtual-machine:/home/ren/goworkplace/src/webhook# kubectl get secret denyenv-tls-secret -o jsonpath={.data.'tls\.crt'} | base64 -d > tls.crt
root@ren-virtual-machine:/home/ren/goworkplace/src/webhook# kubectl get secret denyenv-tls-secret -o jsonpath={.data.'tls\.key'} | base64 -d > tls.

root@ren-virtual-machine:/home/ren/goworkplace/src/webhook# kubectl run nginx --image nginx --env='FOO=BAR'
Error from server (InternalError): Internal error occurred: failed calling webhook "denyenv.zeng.dev": failed to call webhook: Post "https://192.168.230.129:8000/validate?timeout=3s": http: server gave HTTP response to HTTPS client

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.