Skip to content

Commit 1540f66

Browse files
committed
enable validation webhook
1 parent 329e03f commit 1540f66

File tree

3 files changed

+17
-11
lines changed

3 files changed

+17
-11
lines changed

cluster/config-defaults.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,8 @@ routegroups_validation: "enabled"
342342
# disabled|enabled ingress validation via skipper webhook
343343
ingresses_validation: "enabled"
344344

345+
enable_advanced_validation: "false"
346+
345347
# tokeninfo
346348
{{if eq .Cluster.Environment "production"}}
347349
# production|bridge|disabled

cluster/manifests/02-skipper-validation-webhook/deployment.yaml

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
{{- if eq .Cluster.Provider "zalando-eks"}}
1+
# {{- if eq .Cluster.Provider "zalando-eks"}}
22
apiVersion: apps/v1
33
kind: Deployment
44
metadata:
@@ -34,10 +34,12 @@ spec:
3434
- name: skipper-admission-webhook
3535
image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.142
3636
args:
37-
- webhook
38-
- --address=:9085
39-
- --tls-cert-file=/etc/tls-certs/skipper-validation-webhook.pem
40-
- --tls-key-file=/etc/tls-certs/skipper-validation-webhook-key.pem
37+
- skipper
38+
- --validation-webhook-enabled=true
39+
- --validation-webhook-address=:9085
40+
- --validation-webhook-cert-file=/etc/tls-certs/skipper-validation-webhook.pem
41+
- --validation-webhook-key-file=/etc/tls-certs/skipper-validation-webhook-key.pem
42+
- "--enable-advanced-validation={{ .Cluster.ConfigItems.enable_advanced_validation }}"
4143
lifecycle:
4244
preStop:
4345
sleep:
@@ -63,4 +65,4 @@ spec:
6365
- name: tls-certs
6466
secret:
6567
secretName: skipper-validation-webhook-tls-certs
66-
{{- end }}
68+
# {{- end }}

cluster/node-pools/master-default/userdata.yaml

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -260,12 +260,14 @@ write_files:
260260
name: admission-controller-kubeconfig
261261
readOnly: true
262262
- name: skipper-admission-webhook
263-
image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.127
263+
image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.142
264264
args:
265-
- webhook
266-
- --address=:9085
267-
- --tls-cert-file=/etc/kubernetes/ssl/admission-controller.pem
268-
- --tls-key-file=/etc/kubernetes/ssl/admission-controller-key.pem
265+
- skipper
266+
- --validation-webhook-enabled=true
267+
- --validation-webhook-address=:9085
268+
- --validation-webhook-cert-file=/etc/kubernetes/ssl/admission-controller.pem
269+
- --validation-webhook-key-file=/etc/kubernetes/ssl/admission-controller-key.pem
270+
- "--enable-advanced-validation={{ .Cluster.ConfigItems.enable_advanced_validation }}"
269271
lifecycle:
270272
preStop:
271273
sleep:

0 commit comments

Comments
 (0)