Admission Webhook not working

[ghost]

I tried following the instructions to test admission webhooks, but with step testing-the-admission-webhook, nginx pod was created without the expected error [The "" is invalid: : No matched signatures for container image: nginx:1.13].

I further looked at the logs of image-signature-webhook pod and found the exception 2019/01/24 16:17:26 http: TLS handshake error from 192.168.65.3:44394: remote error: tls: bad certificate.

I am trying on minikube instance.

kubectl version

Client Version: version.Info{Major:"1", Minor:"11", GitVersion:"v1.11.2", GitCommit:"bb9ffb1654d4a729bb4cec18ff088eacc153c239", GitTreeState:"clean", BuildDate:"2018-08-07T23:17:28Z", GoVersion:"go1.10.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.11", GitCommit:"637c7e288581ee40ab4ca210618a89a555b6e7e9", GitTreeState:"clean", BuildDate:"2018-11-26T14:25:46Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

- Arvind

[ayltai]

You need to generate a new cert by using ./gen-certs.sh in pki folder.

[argowang]

In addition to that, you need to base64 encode the pki/ca.pem file generated above and replace the caBundle field in kubernetes/validating-webhook-configuration.yaml. I also recommend you change the failurePolicy to Fail for easier debugging.