Kubernetes Quickie: Extract the Ca-Bundle

Today I came across a new little problem: Configuring a MutatingWebhookConfiguration for Nginx ingress controller.

The example looks like this:

apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: ingress-nginx-admission
webhooks:
  - name: admission.ingress.k8s.io
    clientConfig:
      service:
        name: ingress-nginx-admission
        namespace: ingress-nginx
        path: /networking/v1/ingresses
      caBundle: <CA_BUNDLE> # This should be filled with the base64-encoded certificate of the CA used by your cluster.
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["networking.k8s.io"]
        apiVersions: ["v1"]
        resources: ["ingresses"]
    admissionReviewVersions: ["v1"]
    sideEffects: None

See that caBundle thing? The value needed here has to be extracted from your cluster. Here is the command:

$kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.certificate-authority-data}'

This outputs something like this, only much longer.

LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJWm0vR2V3ZzNzMlF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TlRBeE1qVXhOak14TXpGYUZ3MHpOVEF4TWpNeE5qTTJNekZhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURMWEIwcDZ1VTE4Y3N2Umw1NzFKdSt5

Fill that in your yaml and you are set.

Happy coding!

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Related Posts

Leave a Reply Cancel reply