Skip to content

webhook: use cert-manager for self-signed cert#28

Merged
jtriley merged 1 commit intomainfrom
assign-class-label-tls
Nov 19, 2025
Merged

webhook: use cert-manager for self-signed cert#28
jtriley merged 1 commit intomainfrom
assign-class-label-tls

Conversation

@jtriley
Copy link
Contributor

@jtriley jtriley commented Nov 14, 2025
edited
Loading

This patch uses the cert-manager operator to automatically generate the self-signed CA, cert, and key and mount it within the webhook deployment. It also uses cert-manager to inject the CA cert into the mutatatingwebhookconfiguration.

In theory this should allow us to fully automate the webhook deployment via argocd. Currently testing this on ocp-test.

larsks
larsks reviewed Nov 14, 2025
View reviewed changes
@jtriley jtriley marked this pull request as ready for review November 16, 2025 18:23
@jtriley
Copy link
Contributor Author

jtriley commented Nov 16, 2025

This is active on ocp-test and, as far as I can tell, it's still functioning as intended. I added myself to the cs210 group and launched a notebook and the notebook pod got assigned the class label.

IsaiahStapleton
IsaiahStapleton approved these changes Nov 18, 2025
View reviewed changes
Copy link
Collaborator

@IsaiahStapleton IsaiahStapleton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, tested and working

@jtriley jtriley force-pushed the assign-class-label-tls branch 2 times, most recently from f90e1df to 8637510 Compare November 19, 2025 17:09
@jtriley
Copy link
Contributor Author

jtriley commented Nov 19, 2025

@IsaiahStapleton I just updated the README to remove the instructions about generating certificates given that this will fix that issue. Mind taking another look? Thanks!

@jtriley
webhook: use cert-manager for self-signed cert
03f0cda 
This patch uses the cert-manager operator to automatically generate the
self-signed CA, cert, and key and mount it within the webhook
deployment. It also uses cert-manager to inject the CA cert into the
mutatatingwebhookconfiguration.
@jtriley jtriley force-pushed the assign-class-label-tls branch from 8637510 to 03f0cda Compare November 19, 2025 17:11
@jtriley jtriley requested a review from larsks November 19, 2025 17:17
@IsaiahStapleton
Copy link
Collaborator

IsaiahStapleton commented Nov 19, 2025

@jtriley Update to the README looks good to me.

@jtriley jtriley merged commit 90b7397 into main Nov 19, 2025
2 checks passed
@jtriley jtriley deleted the assign-class-label-tls branch November 19, 2025 18:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@IsaiahStapleton IsaiahStapleton IsaiahStapleton approved these changes

@computate computate Awaiting requested review from computate

@DanNiESh DanNiESh Awaiting requested review from DanNiESh

@larsks larsks Awaiting requested review from larsks

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jtriley @IsaiahStapleton @larsks