Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

admission to get tls certificate from kubeconfig, if tls config not defined in command line #152

Merged
merged 2 commits into from
May 11, 2019

Conversation

sivanzcw
Copy link
Contributor

Admission to obtain the cluster tls authentication certificate, firstly try to get from the tls config defined by command line, if not, try to obtain from the cluster's kubeconfig.

@TommyLike
Copy link
Contributor

@sivanzcw Have you tried whether the admission service can work with the default kubeconfig certificate?

@sivanzcw
Copy link
Contributor Author

@TommyLike Certificate of default kubeconfig like admin.conf does not contain the credit for 'volcano-admission-service.default.svc' service of admission webhook. If default admin.conf kubeconfig is used, the admission can access the apiserver normally, but the apiserver callback webhook service will be authentication failed, because the service address was not trusted. The TLS certificate in the kubeconfig file that is attached to the admission needs to be a certificate that has been trusted for the service of admission webhook. If certificate in volcano-admission-secret is configured to kubeconfig, the admission can work normally.

@k82cn
Copy link
Member

k82cn commented May 11, 2019

/lgtm
/approve

@volcano-sh-bot volcano-sh-bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. labels May 11, 2019
@volcano-sh-bot volcano-sh-bot merged commit feabf5a into volcano-sh:master May 11, 2019
kevin-wangzefeng pushed a commit to kevin-wangzefeng/volcano that referenced this pull request Jun 28, 2019
admission to get tls certificate from kubeconfig, if tls config not defined in command line
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants