added possibility to specify webhook port #893
Conversation
added possibility to specify webhook port, because AQUA used earlieir non-standard webhook port - 8443
added possibility to specify webhook port, because AQUA used earlier non-standard webhook port - 8443 get port value from Values.yaml
added possibility to specify webhook port, because AQUA used earlier non-standard webhook port - 8443 set custom port for deployment from Values.yaml. Use named port
added possibility to specify webhook port, because AQUA used earlier non-standard webhook port - 8443 set named port from Deployment in Service
| @@ -81,7 +81,8 @@ spec: | |||
| {{- include "extraSecretEnvironmentVars" .Values | nindent 10 }} | |||
| ports: | |||
| {{- if not .Values.kubeEnforcerAdvance.enable }} | |||
| - containerPort: 8443 | |||
| - containerPort: {{ .Values.ports.tlsContainerPort }} | |||
| name: https | |||
| {{- else }} | |||
| - containerPort: 8449 | |||
There was a problem hiding this comment.
what about taking these defaults out to the values.yaml?
There was a problem hiding this comment.
I exactly suggested move these values to values.yaml =)
There was a problem hiding this comment.
are we talking about ports 8449 and 8442 in the else statement?
There was a problem hiding this comment.
maybe same change should be made also in else statement (if kubeEnforcerAdvance "enable" true).
current PR focus on "regular" KE mode.
and i don't know, why is used port 8449 insted of smth else in KE Advence mode
There was a problem hiding this comment.
Hello @ultramaxim
From the below output, we can see the "kubeenforceradvance.enable" section updated to "containerPort: {{ .Values.ports.tlsContainerPort }}".
So, We need to enable the kube enforcer advance section in the values.yaml highlighted below to set the port values to be changed as per requirement.
Please let us know if you agree with this.
Regards,
Srikanth Reddy
There was a problem hiding this comment.
hello, but the if statement (line 83) contains boolean operation NOT (if NOT .values.kubeEnforcerAdvance.enable)
thats why my settings will not in kubeEnforcerAdvance section in values.yaml
| @@ -81,7 +81,8 @@ spec: | |||
| {{- include "extraSecretEnvironmentVars" .Values | nindent 10 }} | |||
| ports: | |||
| {{- if not .Values.kubeEnforcerAdvance.enable }} | |||
| - containerPort: 8443 | |||
| - containerPort: {{ .Values.ports.tlsContainerPort }} | |||
| name: https | |||
| {{- else }} | |||
| - containerPort: 8449 | |||
There was a problem hiding this comment.
are we talking about ports 8449 and 8442 in the else statement?
Hello, i offer to add possibility specify webhook port, because AQUA used earlier non-standard webhook port - 8443
see for example https://github.com/kubernetes-sigs/controller-runtime/blob/main/pkg/webhook/server.go#L39
there is 9443 default port for webhook.