Datree offers cluster integration that allows you to validate your resources against your configured policy upon pushing them into a cluster, by using an admission webhook.
This is a draft for creating the TLS certificate via the webhook-server code and saving it in a PersistentVolume shared between the webhook-server's pods.
How does it work?
The webhook-server deployment has a PersistentVolume attached to it (deployment.yaml)
upon webhook-server startup, if no certificates are found in the file system, a TLS certificate and CA are created via the code and saved to the PersistentVolume via the file system.
The certificates are read from the volume, and the webhook-server starts listening for requests.
The webhook-server attaches the CA to the ValidatingWebhookConfiguration and enables it to start forwarding requests to the webhook-server
This is a draft for creating the TLS certificate via the webhook-server code and saving it in a PersistentVolume shared between the webhook-server's pods.
How does it work?
webhook-serverdeployment has a PersistentVolume attached to it (deployment.yaml)webhook-serverstartup, if no certificates are found in the file system, a TLS certificate and CA are created via the code and saved to the PersistentVolume via the file system.webhook-serverstarts listening for requests.webhook-serverattaches the CA to theValidatingWebhookConfigurationand enables it to start forwarding requests to thewebhook-server