chart should generate caBundle
shaikatz opened this issue · comments
Hi, currently the chart is impossible to install on a production cluster
The chart should generate self-signed certificate and provide it as a secret for the container, also the caBundle should present on the MutatatingWebhookConfiguration.
@shaikatz The chart should work as you described. It issues the certificate and creates a secret. I'm running the webhook in our production cluster.
I'm curious why this isn't working in your case. The cert info is applied via Helm Hooks. What installation method are you using? Are you using ArgoCD by any chance?
Oh cool approach, didn't notice that.
I do use ArgoCD, is there any compatibility issue with that?
@shaikatz I personally had a number of issues with ArgoCD prior 1.7ish I believe. I wasn't able to use webhooks in a number of charts like nginx, prometheus-operator etc. I basically re-use what they have done for webhooks. We're running ArgoCD 1.7.4 atm and these problems seem to be resolved:
https://github.com/argoproj/argo-cd/releases/tag/v1.7.0
I will have a look if I can provide a kustomize version with the cert creation process.
Would it be possible for you to update your ArgoCD version? I'm in the ArgoCD slack channel in case you want to ping me.
I'm using Argo version 1.7.6 so it should be fine.
Actually, after a few resyncs, it works, but the hooks are defiantly not working smoothly - there is also no way to let the container know that the secret was changed and it should restart.
I have noticed the helm hook is not working as well as I would like, e.g. a couple of resyncs until it actually works. I will have look if I can optimize it.
https://github.com/prometheus-community/helm-charts/pull/481/files - that solution looks cool, by using cert manager.