public_git
/
actions-runner-controller
mirror of https://github.com/actions-runner-controller/actions-runner-controller.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix `admissionWebHooks.caBundle` template formatting (#2049) 

* Use quote on caBundle values for the webhook deployment

* Drop unrecognized --log-format arg on the manager container

* Update custom cert docs with the default san/secret names

* Revert "Drop unrecognized --log-format arg on the manager container"

This reverts commit d76dd67317.
This commit is contained in:
Alex Grand 2022-11-26 17:46:33 -07:00 committed by GitHub
parent 95c324b550
commit 877c93c5c3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
charts/actions-runner-controller/templates/webhook_configs.yaml
View File

@ -53,7 +53,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@ -83,7 +83,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@ -113,7 +113,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@ -156,7 +156,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@ -186,7 +186,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@ -216,7 +216,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}

6
docs/detailed-docs.md
View File

@ -1699,8 +1699,8 @@ There are two methods of deploying without cert-manager, you can generate your o
Assuming you are installing in the default namespace, ensure your certificate has SANs:
* `webhook-service.actions-runner-system.svc`
* `webhook-service.actions-runner-system.svc.cluster.local`
* `actions-runner-controller-webhook.actions-runner-system.svc`
* `actions-runner-controller-webhook.actions-runner-system.svc.cluster.local`
It is possible to use a self-signed certificate by following a guide like
[this one](https://mariadb.com/docs/security/encryption/in-transit/create-self-signed-certificates-keys-openssl/)
@ -1709,7 +1709,7 @@ using `openssl`.
Install your certificate as a TLS secret:
```shell
$ kubectl create secret tls webhook-server-cert \
$ kubectl create secret tls actions-runner-controller-serving-cert \
-n actions-runner-system \
--cert=path/to/cert/file \
--key=path/to/key/file