search

kelseyhightower / denyenv-validating-admission-webhook

An Kubernetes validating admission webhook that rejects pods that use environment variables.
Apache License 2.0
156 stars 25 forks source link

Invoking Cloud Functions from GKE #7

Open pankajmt opened 4 years ago

pankajmt commented 4 years ago

Hello,

Do you know how would this work now given Cloud Functions are authenticated? I see "Your client does not have permission to get URL /denyenv?timeout=30s from this server." in the kubernetes get events log. Going by https://cloud.google.com/functions/docs/securing/authenticating#function-to-function, I need to pass in an Authorization Header and not sure how would I do that in a ValidatingWebhookConfiguration.

Spotted one typo on the README. The manifest field is webhooks: and not webHooks: May be it changed between versions.

Many thanks, Pankaj

pankajmt commented 4 years ago

Do not think GKE would expose this - https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#authenticate-apiservers.