actions/actions-runner-controller
1
0
Fork 0
mirror of https://github.com/actions/actions-runner-controller.git synced 2025-12-10 19:50:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix admissionWebHooks.caBundle template formatting (#2049)

Browse Source 
* Use quote on caBundle values for the webhook deployment

* Drop unrecognized --log-format arg on the manager container

* Update custom cert docs with the default san/secret names

* Revert "Drop unrecognized --log-format arg on the manager container"

This reverts commit d76dd67317.
This commit is contained in:
Alex Grand
2022-11-26 17:46:33 -07:00
committed by GitHub
parent 95c324b550
commit 877c93c5c3
2 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
charts/actions-runner-controller/templates/webhook_configs.yaml
View File

@@ -53,7 +53,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@@ -83,7 +83,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@@ -113,7 +113,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@@ -156,7 +156,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@@ -186,7 +186,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}
@@ -216,7 +216,7 @@ webhooks:
{{- end }}
clientConfig:
{{- if .Values.admissionWebHooks.caBundle }}
caBundle: {{ .Values.admissionWebHooks.caBundle }}
caBundle: {{ quote .Values.admissionWebHooks.caBundle }}
{{- else if not .Values.certManagerEnabled }}
caBundle: {{ $ca.Cert | b64enc | quote }}
{{- end }}

6
docs/detailed-docs.md
View File

@@ -1699,8 +1699,8 @@ There are two methods of deploying without cert-manager, you can generate your o
Assuming you are installing in the default namespace, ensure your certificate has SANs:
* `webhook-service.actions-runner-system.svc`
* `webhook-service.actions-runner-system.svc.cluster.local`
* `actions-runner-controller-webhook.actions-runner-system.svc`
* `actions-runner-controller-webhook.actions-runner-system.svc.cluster.local`
It is possible to use a self-signed certificate by following a guide like
[this one](https://mariadb.com/docs/security/encryption/in-transit/create-self-signed-certificates-keys-openssl/)
@@ -1709,7 +1709,7 @@ using `openssl`.
Install your certificate as a TLS secret:
```shell
$ kubectl create secret tls webhook-server-cert \
$ kubectl create secret tls actions-runner-controller-serving-cert \
-n actions-runner-system \
--cert=path/to/cert/file \
--key=path/to/key/file