I noticed the elastic-webhook-server-cert isn't in my namespace. Do I need to manually create this? Are there instructions for doing this in a single namespace?
I noticed the webhook template is in the all-in-one directory and not in the namespace directory. Does that imply you can't do webhook validations if installed in the namespace?
Also I see the operator template in namespace doesn't open a port for the validating server but all-in-one does so I guess it seems you can't validate your submissions when installing in a namespace. Is this correct?
Hey @data_smith, sorry about that we're currently thinking about making it easier for everyone to customize ECK manifest for deployments in a single namespace. It's work in progress, see this issue.
You will likely have to customize the namespace manifest to create the elastic-webhook-server-cert secret in the right namespace. You also indeed need to override the operator StatefulSet manifest to open the webhook port (9443), similar to how done in the all-in-one manifest.
For anyone curious. I copied what was in the all-in-one statefulset over to the namespace statefulset (create empty cert, mount it, open port, etc). Then I got an error about access to validatingwebhookconfiguration. I got the api group and resource from that error and created a cluster role that gives access to that and then i created a clusterrolebinding to bind that cluster role with the eck service account. I did this on a private network and can't easily move it over to the internet but maybe the description will help you.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.