1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-15 17:51:20 +00:00

Merge branch 'master' into 65_CLI_unmarshall_resource

This commit is contained in:
shuting 2019-05-30 11:30:04 -07:00
commit 2eadf0af6d
4 changed files with 3 additions and 2 deletions

View file

@ -38,7 +38,7 @@ cli-dirs:
image: image:
docker build -t $(REPO):$(IMAGE_TAG) . docker build -t $(REPO):$(IMAGE_TAG) .
# docker tag $(REPO):$(IMAGE_TAG) $(REPO):latest docker tag $(REPO):$(IMAGE_TAG) $(REPO):latest
push: push:
docker push $(REPO):$(IMAGE_TAG) docker push $(REPO):$(IMAGE_TAG)

View file

@ -44,7 +44,7 @@ Kyverno installs an admission webhook that requires a CA-signed certificate and
## Use self-signed certificates ## Use self-signed certificates
To create a root CA, generate signed certificate and key using openssl: To create a root CA, generate signed certificate and key using openssl:
1. `openssl genrsa -out rootCA.key 4096` 1. `openssl genrsa -out rootCA.key 4096`
2. `openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -subj "/C=US/ST=test/L=test /O=test /OU=PIB/CN=*.kyverno.svc/emailAddress=test@test.com` 2. `openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -subj "/C=US/ST=test/L=test /O=test /OU=PIB/CN=*.kyverno.svc/emailAddress=test@test.com"`
3. `openssl genrsa -out webhook.key 4096` 3. `openssl genrsa -out webhook.key 4096`
4. `openssl req -new -key webhook.key -out webhook.csr -subj "/C=US/ST=test /L=test /O=test /OU=PIB/CN=kyverno-svc.kyverno.svc/emailAddress=test@test.com"` 4. `openssl req -new -key webhook.key -out webhook.csr -subj "/C=US/ST=test /L=test /O=test /OU=PIB/CN=kyverno-svc.kyverno.svc/emailAddress=test@test.com"`
5. `openssl x509 -req -in webhook.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out webhook.crt -days 1024 -sha256` 5. `openssl x509 -req -in webhook.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out webhook.crt -days 1024 -sha256`
@ -59,6 +59,7 @@ To create the required secrets:
2. `kubectl -n kyverno create secret tls kyverno-svc.kyverno.svc.kyverno-tls-pair --cert=webhook.crt --key=webhook.key ` 2. `kubectl -n kyverno create secret tls kyverno-svc.kyverno.svc.kyverno-tls-pair --cert=webhook.crt --key=webhook.key `
3. `kubectl annotate secret kyverno-svc.kyverno.svc.kyverno-tls-pair -n kyverno self-signed-cert=true` 3. `kubectl annotate secret kyverno-svc.kyverno.svc.kyverno-tls-pair -n kyverno self-signed-cert=true`
4. `kubectl -n kyverno create secret generic kyverno-svc.kyverno.svc.kyverno-tls-ca --from-file=rootCA.crt` 4. `kubectl -n kyverno create secret generic kyverno-svc.kyverno.svc.kyverno-tls-ca --from-file=rootCA.crt`
*The annotation on the TLS pair secret is used by Kyverno to identify the use of self-signed certificates and checks for the required root CA secret* *The annotation on the TLS pair secret is used by Kyverno to identify the use of self-signed certificates and checks for the required root CA secret*
Secret | Data | Content Secret | Data | Content