Open JordanP opened 2 weeks ago
I think the key part to reproduce this is caBundle
of webhook.clientConfig.service
needs to be an empty string.
(the CNPG operator has some logic to fill in that caBundle if it detects it's empty and will generate a self-signed certificate)
Description
I try to create a CustomResource, for which there's a
validating_webhook_configuration
. When Ikubectl apply
I getSteps to Reproduce
CoreOS, Typhoon 1.31. I am trying to deploy a CNPG cluster. The installation of the CRDs and Operator works fine, but when I try to create the following resource:
I get this
Expected behavior
I should be able to create that resource.
Environment
+ provider registry.terraform.io/hashicorp/google v6.2.0 + provider registry.terraform.io/hashicorp/kubernetes v2.32.0
Possible Solution It seems the cert volumes (/etc/ssl/certs seems to be a symlink to /etc/pki) are mounted in the kube-api-server:
so it should work, but I am not sure it actually works.