我们已经有了一个正常工作的kubebuilder控制器,现在我们需要创建一个webhooks,
我遵循教程https://book.kubebuilder.io/reference/markers/webhook.html现在我想运行&在本地调试它,但是不知道该怎么做,有没有一个简单的方法来创建它,任何例子都会很有帮助。
顺便说一句,我已经安装了cert-manager并应用了以下示例yaml,但不确定下一步该做什么…
我需要最简单的解决方案我能够在本地运行和调试webhook就像我已经在控制器上做的那样(在使用webhooks之前),
https://book.kubebuilder.io/cronjob-tutorial/running.html
Cert-manager
我在集群
中创建了以下内容apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-com
namespace: test
spec:
# Secret names are always required.
secretName: example-com-tls
# secretTemplate is optional. If set, these annotations and labels will be
# copied to the Secret named example-com-tls. These labels and annotations will
# be re-reconciled if the Certificate's secretTemplate changes. secretTemplate
# is also enforced, so relevant label and annotation changes on the Secret by a
# third party will be overwriten by cert-manager to match the secretTemplate.
secretTemplate:
annotations:
my-secret-annotation-1: "foo"
my-secret-annotation-2: "bar"
labels:
my-secret-label: foo
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- jetstack
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: example.com
isCA: false
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
usages:
- server auth
- client auth
# At least one of a DNS Name, URI, or IP address is required.
dnsNames:
- example.com
- www.example.com
uris:
- spiffe://cluster.local/ns/sandbox/sa/example
ipAddresses:
- 192.168.0.5
# Issuer references are always required.
issuerRef:
name: ca-issuer
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
仍然不确定如何与kubebuilder同步以在本地工作
当我在调试模式下运行操作符时,我得到了以下错误:
setup problem running manager {"error": "open /var/folders/vh/_418c55133sgjrwr7n0d7bl40000gn/T/k8s-webhook-server/serving-certs/tls.crt: no such file or directory"}
我需要的是最简单的方法在本地运行webhooks
让我从头开始教你。
-
创建webhook,就像在cronJob教程-
kubebuilder create webhook --group batch --version v1 --kind CronJob --defaulting --programmatic-validation中所说的那样。这将创建webhook来实现默认逻辑和验证逻辑。 -
按照指示实现逻辑-实现默认/验证webhook
- 安装cert-manager。我发现最简单的安装方法是通过这个命令-
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml - 编辑
config/default/kustomization.yaml文件取消评论所有有[WEBHOOK]或[CERTMANAGER]在他们的评论。对config/crd/kustomization.yaml文件也执行相同操作。 - 使用-
make docker-build IMG=<some-registry>/<project-name>:tag在本地构建您的图像。现在您不需要将您的映像docker-push到远程存储库。如果你使用的是kind集群,你可以直接将本地图像加载到指定的kind集群中:kind load docker-image <your-image-name>:tag --name <your-kind-cluster-name> - 现在你可以通过-
make deploy IMG=<some-registry>/<project-name>:tag将它部署到你的集群。
也可以使用make run命令在本地运行cluster。但是,如果你启用了webooks,这就有点棘手了。我建议您以这种方式使用KIND集群运行您的集群。在这里,您不需要担心注入证书。Cert-manager将为您做这些。您可以查看/config/certmanager文件夹来了解它是如何工作的。