kubebuilder 在本地调试 web-hooks
[英]kubebuilder debug web-hooks locally
问题描述
We have a kubebuilder controller which is working as expected, now we need to create a webhooks,
我们有一个按预期工作的 kubebuilder controller,现在我们需要创建一个 webhooks,
I follow the tutorial https://book.kubebuilder.io/reference/markers/webhook.html and now I want to run & debug it locally, however not sure what to do regard the certificate, is there a simple way to create it, any example will be very helpful.我按照教程https://book.kubebuilder.io/reference/markers/webhook.html现在我想在本地运行和调试它,但是不确定如何处理证书,是否有一种简单的方法来创建它,任何示例都会非常有帮助。
BTW i've installed cert-manager and apply the following sample yaml but not sure what to do next...顺便说一句,我已经安装了cert-manager并应用了以下示例 yaml,但不确定下一步该怎么做......
I need the simplest solution that I be able to run and debug the webhook s locally as Im doing already with the controller (Before using webhooks),我需要能够在本地运行和调试webhook的最简单的解决方案,就像我已经使用 controller(在使用 webhook 之前)所做的那样,
https://book.kubebuilder.io/cronjob-tutorial/running.html https://book.kubebuilder.io/cronjob-tutorial/running.html
Cert-manager证书管理器
I've created the following inside my cluster我在集群中创建了以下内容
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: example-com
namespace: test
spec:
# Secret names are always required.
secretName: example-com-tls
# secretTemplate is optional. If set, these annotations and labels will be
# copied to the Secret named example-com-tls. These labels and annotations will
# be re-reconciled if the Certificate's secretTemplate changes. secretTemplate
# is also enforced, so relevant label and annotation changes on the Secret by a
# third party will be overwriten by cert-manager to match the secretTemplate.
secretTemplate:
annotations:
my-secret-annotation-1: "foo"
my-secret-annotation-2: "bar"
labels:
my-secret-label: foo
duration: 2160h # 90d
renewBefore: 360h # 15d
subject:
organizations:
- jetstack
# The use of the common name field has been deprecated since 2000 and is
# discouraged from being used.
commonName: example.com
isCA: false
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
usages:
- server auth
- client auth
# At least one of a DNS Name, URI, or IP address is required.
dnsNames:
- example.com
- www.example.com
uris:
- spiffe://cluster.local/ns/sandbox/sa/example
ipAddresses:
- 192.168.0.5
# Issuer references are always required.
issuerRef:
name: ca-issuer
# We can reference ClusterIssuers by changing the kind here.
# The default value is Issuer (i.e. a locally namespaced Issuer)
kind: Issuer
# This is optional since cert-manager will default to this value however
# if you are using an external issuer, change this to that issuer group.
group: cert-manager.io
Still not sure how to sync it with the kubebuilder to work locally仍然不确定如何将它与 kubebuilder 同步以在本地工作
as when I run the operator in debug mode I got the following error:当我在调试模式下运行运算符时,出现以下错误:
setup problem running manager {"error": "open /var/folders/vh/_418c55133sgjrwr7n0d7bl40000gn/T/k8s-webhook-server/serving-certs/tls.crt: no such file or directory"}
What I need is the simplest way to run webhooks locally我需要的是在本地运行 webhooks 的最简单方法
1 个解决方案
解决方案1
0 2022-12-02 05:04:12
Let me walk you through the process from the start.让我从头开始引导您完成整个过程。
create webhook like it's said in the cronJob tutorial -
kubebuilder create webhook --group batch --version v1 --kind CronJob --defaulting --programmatic-validation.像 cronJob 教程中所说的那样创建 webhook - kubebuilder create webhook --group batch --version v1 --kind CronJob --defaulting --programmatic-validation。 This will create webhooks for implementing defaulting logics and validating logics.这将创建用于实现默认逻辑和验证逻辑的 webhook。Implement the logics as instructed - Implementing defaulting/validating webhooks
按照指示实施逻辑 - 实施默认/验证 webhook
- Install cert-manager.安装证书管理器。 I find the easiest way to install is via this commmand -
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml我发现最简单的安装方法是通过此命令 - kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.10.1/cert-manager.yaml - Edit the
config/default/kustomization.yamlfile by uncommenting everything that have [WEBHOOK] or [CERTMANAGER] in their comments.编辑config/default/kustomization.yaml文件,取消注释中包含 [WEBHOOK] 或 [CERTMANAGER] 的所有内容。 Do the same forconfig/crd/kustomization.yamlfile also.对config/crd/kustomization.yaml文件也执行相同的操作。 - Build Your Image locally using -
make docker-build IMG=<some-registry>/<project-name>:tag.使用make docker-build IMG=<some-registry>/<project-name>:tag在本地构建您的镜像。 Now you dont need todocker-pushyour image to remote repository.现在你不需要通过docker-push你的镜像推送到远程仓库。 If you are using kind cluster, You can directly load your local image to your specified kind cluster:kind load docker-image <your-image-name>:tag --name <your-kind-cluster-name>如果你使用的是 kind 集群,你可以直接加载本地镜像到你指定的 kind 集群: kind load docker-image <your-image-name>:tag --name <your-kind-cluster-name> - Now you can deploy it to your cluster by -
make deploy IMG=<some-registry>/<project-name>:tag.现在您可以通过make deploy IMG=<some-registry>/<project-name>:tag将它部署到您的集群。
You can also run cluster locally using make run command.您还可以使用make run命令在本地运行集群。 But, that's a little tricky if you have enabled webooks.但是,如果您启用了网络书,那就有点棘手了。 I would suggest you running your cluster using KIND cluster in this way.我建议您以这种方式使用 KIND 集群运行集群。 Here, you don't need to worry about injecting certificates.在这里,您无需担心注入证书。 cert-manager will do that for you. cert-manager 会为你做到这一点。 You can check out the /config/certmanager folder to figure out how this is functioning.您可以查看/config/certmanager文件夹以弄清楚它是如何工作的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.