Disable cert-manager's webook that validates its CRDs (!1139) · Merge requests · GitLab.org / charts / GitLab Chart

Erik Sundell requested to merge consideRatio/gitlab:avoid-webhook into master Jan 27, 2020

This let us avoids issues like in #1809 (closed) where the k8s apiserver failed to reach the registered webhook, as it would need whenever a cert-manager CRD resource would be entered. A malfunctional registered ApiService is also making helm 2.16.1 and older versions malfunction, and that would be avoided by never letting cert-manager register this k8s api-server webhook.

So, what are the consequences of disabling the webhook? Anyone adding or updating a cert-manager resource of their CRD kind would no longer quickly know if their resource was configured in a sensible manner.

Read more about the cert-manager webhooks here: https://docs.cert-manager.io/en/release-0.10/getting-started/webhook.html

Closes #1809 (closed).

Edited Jan 28, 2020 by Erik Sundell

Disable cert-manager's webook that validates its CRDs

Merge request reports