Today I came across a new little problem: Configuring a MutatingWebhookConfiguration for Nginx ingress controller.
The example looks like this:
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: ingress-nginx-admission
webhooks:
- name: admission.ingress.k8s.io
clientConfig:
service:
name: ingress-nginx-admission
namespace: ingress-nginx
path: /networking/v1/ingresses
caBundle: <CA_BUNDLE> # This should be filled with the base64-encoded certificate of the CA used by your cluster.
rules:
- operations: ["CREATE", "UPDATE"]
apiGroups: ["networking.k8s.io"]
apiVersions: ["v1"]
resources: ["ingresses"]
admissionReviewVersions: ["v1"]
sideEffects: None
See that caBundle thing? The value needed here has to be extracted from your cluster. Here is the command:
$kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.certificate-authority-data}'This outputs something like this, only much longer.
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJWm0vR2V3ZzNzMlF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBeE1qVXhOak14TXpGYUZ3MHpOVEF4TWpNeE5qTTJNekZhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURMWEIwcDZ1VTE4Y3N2Umw1NzFKdSt5Fill that in your yaml and you are set.
Happy coding!
Author Profile
Latest entries
blog11.02.2026ConfDroid Puppet Modules – confdroid_resources- blog11.02.2026ConfDroid Puppet Modules – Puppet
- blog07.02.2026Puppet with Foreman – Host Registration
blog02.02.2026Publishing Pipeline – LinkedIn Support
Categories:
