From 3f19f95fca8b7f5d89637aba06e177d23c5a02ba Mon Sep 17 00:00:00 2001 From: Przemyslaw Lal Date: Wed, 22 Aug 2018 15:14:27 +0100 Subject: [PATCH] Add documentation for validating admission webhook Signed-off-by: Przemyslaw Lal --- doc/webhook/webhook.md | 105 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) create mode 100644 doc/webhook/webhook.md diff --git a/doc/webhook/webhook.md b/doc/webhook/webhook.md new file mode 100644 index 000000000..8c89ad9bc --- /dev/null +++ b/doc/webhook/webhook.md @@ -0,0 +1,105 @@ +# Validating admission webhook + +## Building Docker image + +From the root directory of Multus execute: +``` +cd webhook +./build +``` + +## Deploying webhook application + +Change working directory. From the root directory of Multus execute: +``` +cd deployment/webhook +``` + +Create key and certificate pair and patch configuration-template.yaml file with base64-encoded certificate file. Run: +``` +./certs.sh +``` +*Note: Script generates private key and certificate signing request, which is then pushed to the Kubernetes API server. Next, script approves that CSR and API server issues the certificate. Certificate is obtained from the API server and used to create a secret. Script also patches `configuration-template.yaml` file with base64-encoded certificate and creates `configuration.yaml` file containing Validating Webhook Configuration specification, which is deployed in the next steps. +Certificates API needs to be enabled in order to generate certificate signed by cluster CA. More information available [here](https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/).* + +Create service: +``` +kubectl create -f service.yaml +``` + +Run pod: +``` +kubectl create -f pod.yaml +``` + +Create Validating Webhook Configuration: +``` +kubectl create -f configuration.yaml +``` + +## Verifying installation + +Try to create invalid Network Attachment Definition resource: +``` +cat <