Datree offers cluster integration that allows you to validate your resources against your configured policy upon pushing them into a cluster, by using an admission webhook.
This is a draft for creating the TLS certificate via the webhook-server code and saving it in a PersistentVolume shared between the webhook-server's pods.
How does it work?
The webhook-server deployment has a PersistentVolume attached to it (deployment.yaml)
upon webhook-server startup, if no certificates are found in the file system, a TLS certificate and CA are created via the code and saved to the PersistentVolume via the file system.
The certificates are read from the volume, and the webhook-server starts listening for requests.
The webhook-server attaches the CA to the ValidatingWebhookConfiguration and enables it to start forwarding requests to the webhook-server
This is a draft for creating the TLS certificate via the webhook-server code and saving it in a PersistentVolume shared between the webhook-server's pods.
How does it work?
webhook-server
deployment has a PersistentVolume attached to it (deployment.yaml
)webhook-server
startup, if no certificates are found in the file system, a TLS certificate and CA are created via the code and saved to the PersistentVolume via the file system.webhook-server
starts listening for requests.webhook-server
attaches the CA to theValidatingWebhookConfiguration
and enables it to start forwarding requests to thewebhook-server