For some reason apiserver doesn't use it CA cert for APISservice
connections, so it requires explicitly setting CA in the `caBundle`
field of APIService object.
After this TLS verification can be enforced.
Depends-On: I50c9df36f3f0f757adcce359beb150d53ef2dc16
Change-Id: I016796751f8ecfb4f0feb69cf4a71379e796177c
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
%define COMPONENT infra-charts
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 1.0.0
-%define RPM_MINOR_VERSION 25
+%define RPM_MINOR_VERSION 26
Name: %{RPM_NAME}
Version: %{RPM_MAJOR_VERSION}
%define COMPONENT instantiate
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 1.0.0
-%define RPM_MINOR_VERSION 15
+%define RPM_MINOR_VERSION 16
Name: %{RPM_NAME}
Version: %{RPM_MAJOR_VERSION}
metadata:
name: v1beta1.custom.metrics.k8s.io
spec:
+ caBundle: "{{ .Values.prometheus.ca_bundle }}"
service:
name: custom-metrics-apiserver
namespace: kube-system
group: custom.metrics.k8s.io
version: v1beta1
- insecureSkipTLSVerify: true
+ insecureSkipTLSVerify: false
groupPriorityMinimum: 100
versionPriority: 100
{{ end }}
container_version: {{ container_image_names | select('search', '/custom_metrics') | list | last | regex_replace('.*:([\\w\\-_\\.]+)$', '\\1') }}
server_cert: {{ metrics_cert_b64 }}
server_key: {{ metrics_cert_key_b64 }}
+ ca_bundle: {{ webhooks_ca }}
svcwatcher:
required: true
Code Review / ta / caas-install.git / commitdiff