search

morvencao / kube-sidecar-injector

A Kubernetes mutating webhook server that implements sidecar injection
Apache License 2.0
628 stars 454 forks source link

kubectl create -f deployment/mutatingwebhook-ca-bundle.yaml error #8

Closed zjcbit closed 4 years ago

zjcbit commented 5 years ago 
kubectl create -f deployment/mutatingwebhook-ca-bundle.yaml
error: error validating "deployment/mutatingwebhook-ca-bundle.yaml": error validating data: ValidationError(MutatingWebhookConfiguration.webhooks[0].clientConfig.caBundle): invalid type for io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig.caBundle: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false.
----
cat deployment/mutatingwebhook-ca-bundle.yaml
 caBundle: [45 45 45 45 45....... 69 45 45 45 45 45 10]
zjcbit commented 5 years ago 
kubectl create -f deployment/mutatingwebhook-ca-bundle.yaml
error: error validating "deployment/mutatingwebhook-ca-bundle.yaml": error validating data: ValidationError(MutatingWebhookConfiguration.webhooks[0].clientConfig.caBundle): invalid type for io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig.caBundle: got "array", expected "string"; if you choose to ignore these errors, turn validation off with --validate=false.
morvencao commented 4 years ago

@zjcbit Sorry for late response. Please check if the caBundle is patched correctly in deployment/mutatingwebhook-ca-bundle.yaml.

The ca is retrieved from kubeconfig file, but sometimes kubeconfig may does't contain ca data, just contains token. In that case, please get ca from the secret for default serviceaccount from default namespace.

export CA_BUNDLE=$(kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.ca\.crt}")