From 877c93c5c3cc8f805d839df58f9fd96112377f99 Mon Sep 17 00:00:00 2001 From: Alex Grand Date: Sat, 26 Nov 2022 17:46:33 -0700 Subject: [PATCH] Fix `admissionWebHooks.caBundle` template formatting (#2049) * Use quote on caBundle values for the webhook deployment * Drop unrecognized --log-format arg on the manager container * Update custom cert docs with the default san/secret names * Revert "Drop unrecognized --log-format arg on the manager container" This reverts commit d76dd67317713fd70438e25399ca7c9cf8b1ac95. --- .../templates/webhook_configs.yaml | 12 ++++++------ docs/detailed-docs.md | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/actions-runner-controller/templates/webhook_configs.yaml b/charts/actions-runner-controller/templates/webhook_configs.yaml index 2b984b3c..7a71735d 100644 --- a/charts/actions-runner-controller/templates/webhook_configs.yaml +++ b/charts/actions-runner-controller/templates/webhook_configs.yaml @@ -53,7 +53,7 @@ webhooks: {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} - caBundle: {{ .Values.admissionWebHooks.caBundle }} + caBundle: {{ quote .Values.admissionWebHooks.caBundle }} {{- else if not .Values.certManagerEnabled }} caBundle: {{ $ca.Cert | b64enc | quote }} {{- end }} @@ -83,7 +83,7 @@ webhooks: {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} - caBundle: {{ .Values.admissionWebHooks.caBundle }} + caBundle: {{ quote .Values.admissionWebHooks.caBundle }} {{- else if not .Values.certManagerEnabled }} caBundle: {{ $ca.Cert | b64enc | quote }} {{- end }} @@ -113,7 +113,7 @@ webhooks: {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} - caBundle: {{ .Values.admissionWebHooks.caBundle }} + caBundle: {{ quote .Values.admissionWebHooks.caBundle }} {{- else if not .Values.certManagerEnabled }} caBundle: {{ $ca.Cert | b64enc | quote }} {{- end }} @@ -156,7 +156,7 @@ webhooks: {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} - caBundle: {{ .Values.admissionWebHooks.caBundle }} + caBundle: {{ quote .Values.admissionWebHooks.caBundle }} {{- else if not .Values.certManagerEnabled }} caBundle: {{ $ca.Cert | b64enc | quote }} {{- end }} @@ -186,7 +186,7 @@ webhooks: {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} - caBundle: {{ .Values.admissionWebHooks.caBundle }} + caBundle: {{ quote .Values.admissionWebHooks.caBundle }} {{- else if not .Values.certManagerEnabled }} caBundle: {{ $ca.Cert | b64enc | quote }} {{- end }} @@ -216,7 +216,7 @@ webhooks: {{- end }} clientConfig: {{- if .Values.admissionWebHooks.caBundle }} - caBundle: {{ .Values.admissionWebHooks.caBundle }} + caBundle: {{ quote .Values.admissionWebHooks.caBundle }} {{- else if not .Values.certManagerEnabled }} caBundle: {{ $ca.Cert | b64enc | quote }} {{- end }} diff --git a/docs/detailed-docs.md b/docs/detailed-docs.md index 0942a3f7..3560b4dc 100644 --- a/docs/detailed-docs.md +++ b/docs/detailed-docs.md @@ -1699,8 +1699,8 @@ There are two methods of deploying without cert-manager, you can generate your o Assuming you are installing in the default namespace, ensure your certificate has SANs: -* `webhook-service.actions-runner-system.svc` -* `webhook-service.actions-runner-system.svc.cluster.local` +* `actions-runner-controller-webhook.actions-runner-system.svc` +* `actions-runner-controller-webhook.actions-runner-system.svc.cluster.local` It is possible to use a self-signed certificate by following a guide like [this one](https://mariadb.com/docs/security/encryption/in-transit/create-self-signed-certificates-keys-openssl/) @@ -1709,7 +1709,7 @@ using `openssl`. Install your certificate as a TLS secret: ```shell -$ kubectl create secret tls webhook-server-cert \ +$ kubectl create secret tls actions-runner-controller-serving-cert \ -n actions-runner-system \ --cert=path/to/cert/file \ --key=path/to/key/file