The only thing you need is to provide valid TLS certificates to the file tailer webhook.

There are three possible ways to do this:

Install with cert-manager 🔗︎

You can install cert-manager with the one-eye command-line tool. The cert-manager is a powerful tool, so we strongly recommend to use it. Complete the following steps.

  1. First, install cert-manager. If cert-manager is already installed on your cluster, you can skip this step and use the existing installation.

    one-eye-cli cert-manager install
    
  2. Install the webhook:

    one-eye-cli tailer-webhook install
    

    If cert-manager is not installed on your cluster, and you haven’t provided the secret and cabundle parameters, the install will fail.

Provide your own secrets 🔗︎

When you have your own certificates set up, you can pass them to the installer to configure file tailer webhook to use them. In this case there is no need to use cert-manager. The required arguments are the following:

one-eye-cli tailer-webhook install --webhook-secret <secret name> --webhook-cabundle <CA bundle>

To create the secret and the CA bundle, complete the following procedure.

  1. Let’s assume you have your own certs generated in /tmp

  2. Make your own secret with your certificates:

    kubectl apply -f - <<EOF
    apiVersion: v1
    kind: Secret
    metadata:
    name: "my-own-certs"
    namespace: ${namespace}
    data:
    tls.crt: $(cat /tmp/tls.crt | base64)
    tls.key: $(cat /tmp/tls.key | base64)
    type: kubernetes.io/tls
    EOF
    
  3. Install the webhook with your secret name and rootCA information provided:

    one-eye-cli tailer-webhook install --namespace ${namespace} --webhook-secret "my-own-certs" --webhook-cabundle "$(cat /tmp/rootCA.pem)"
    

Hints:

  • Certs must allow one-eye-tailer-webhook, one-eye-tailer-webhook.namespace, one-eye-tailer-webhook.namespace.svc.