Kubernetes with the admissionregistration.k8s.io/v1beta1 API enabled. Verify that by the following command:
kubectl api-versions | grep admissionregistration.k8s.io/v1beta1
The result should be:
admissionregistration.k8s.io/v1beta1
In addition, the MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers should be added and listed in the correct order in the admission-control flag of kube-apiserver.
- Create a signed cert/key pair and store it in a Kubernetes
secretthat will be consumed by operator deployment
./create-signed-cert.sh --service grafana-admission-webhook --secret grafana-webhook-cert --namespace grafana
- Patch the
ValidatingWebhookConfigurationby setcaBundlewith correct value from Kubernetes cluster
cat validatingwebhook.yaml | \
./patch-ca-bundle.sh > \
validatingwebhook-ca-bundle.yaml
- Deploy resources
kubectl delete -f operator.yml
kubectl create -f operator.yml
kubectl create -f validatingwebhook-ca-bundle.yaml
kubectl create -f service.yaml