Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support users setting their own CA for webhook receiver <-> kube api-server communication #20

Open
stuartnelson3 opened this issue May 23, 2022 · 1 comment
Open

support users setting their own CA for webhook receiver <-> kube api-server communication #20

stuartnelson3 opened this issue May 23, 2022 · 1 comment

Comments

@stuartnelson3
Copy link
Contributor

Currently, the helm chart is generating a self-signed cert for securing communication on install:

https://github.com/elastic/apm-mutating-webhook/blob/main/apm-agent-auto-attach/templates/webhook.yaml#L16-L20

Users may want to bring their own certs for communication; look into supporting this.
@axw
Copy link
Member

axw commented May 30, 2022

Repeating a comment I made on Slack for posterity: I would push back on this unless there's a strong reason to BYO certs. What's implemented is nicely automated by Helm, and is secure.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@axw @stuartnelson3