Skip to content
This repository has been archived by the owner on Aug 25, 2021. It is now read-only.

connectInject enabled | caBundle can not be empty #213

Closed
ljmsc opened this issue Aug 8, 2019 · 2 comments · Fixed by #260
Closed

connectInject enabled | caBundle can not be empty #213

ljmsc opened this issue Aug 8, 2019 · 2 comments · Fixed by #260
Assignees
@lkysow
Labels
area/connect Related to Connect, e.g. injection bug Something isn't working size/small Small amount of work (<1 day) waiting-on-response Waiting on the issue creator for a response before taking further action

Comments

@ljmsc
Copy link
Contributor

ljmsc commented Aug 8, 2019

when I want to use connectInject I have to set the caBundle parameter even if the secretName is null but the documentation says otherwise.

connectInject:
  enabled: true
  default: false
  certs:
    # secretName is the name of the secret that has the TLS certificate and
    # private key to serve the injector webhook. If this is null, then the
    # injector will default to its automatic management mode that will assign
    # a service account to the injector to generate its own certificates.
    secretName: null

    # caBundle is a base64-encoded PEM-encoded certificate bundle for the
    # CA that signed the TLS certificate that the webhook serves. This must
    # be set if secretName is non-null.
    caBundle: ""

The error response is the following:

Error: error validating "": error validating data: ValidationError(MutatingWebhookConfiguration.webhooks[0].clientConfig): missing required field "caBundle" in io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig
@evanluc
Copy link

evanluc commented Aug 12, 2019

Also hitting this issue

@lkysow lkysow added the bug Something isn't working label Aug 14, 2019
@lkysow lkysow added area/connect Related to Connect, e.g. injection size/small Small amount of work (<1 day) labels Sep 17, 2019
@lkysow lkysow self-assigned this Oct 17, 2019
@lkysow
Copy link
Member

lkysow commented Oct 17, 2019

Hi @ljmsc and @evanluc what are your outputs of helm version and kubectl version? I can't repro this myself (on versions v2.14.2 and 1.13.1 respectively).

@lkysow lkysow added the waiting-on-response Waiting on the issue creator for a response before taking further action label Oct 17, 2019
lkysow added a commit that referenced this issue Oct 17, 2019
@lkysow
Ensure caBundle is set to string
1b64403 
Without this change, we output:
      caBundle:
when .Values.connectInject.certs.caBundle is empty instead of
      caBundle: ""

I can't reproduce the issue (#213) however I'm guessing this may be the
cause if Kubernetes is treating this as null instead of the empty
string.
@lkysow lkysow mentioned this issue Oct 17, 2019
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@lkysow lkysow

Labels
area/connect Related to Connect, e.g. injection bug Something isn't working size/small Small amount of work (<1 day) waiting-on-response Waiting on the issue creator for a response before taking further action
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure caBundle is set to string hashicorp/consul-helm
3 participants
@lkysow @evanluc @ljmsc