Kazan v0.7.0 Kazan.Apis.Admissionregistration.V1beta1.WebhookClientConfig View Source
WebhookClientConfig contains the information to make a TLS connection with the webhook
OpenAPI Definition: io.k8s.api.admissionregistration.v1beta1.WebhookClientConfig
Properties
ca_bundle
::String
caBundle
is a PEM encoded CA bundle which will be used to validate the webhook’s server certificate. Required.
service
::Kazan.Apis.Admissionregistration.V1beta1.ServiceReference
service
is a reference to the service for this webhook. Eitherservice
orurl
must be specified.
If the webhook is running within the cluster, then you should use service
.
If there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error.
url
::String
url
gives the location of the webhook, in standard URL form ([scheme://]host:port/path
). Exactly one ofurl
orservice
must be specified.
The host
should not refer to a service running in the cluster; use the service
field instead. The host might be resolved via external DNS in some apiservers (e.g., kube-apiserver
cannot resolve in-cluster DNS as that would be a layering violation). host
may also be an IP address.
Please note that using localhost
or 127.0.0.1
as a host
is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.
The scheme must be “https”; the URL must begin with “https://“.
A path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.
Attempting to use a user or basic auth e.g. “user:password@” is not allowed. Fragments (“#…”) and query parameters (“?…”) are not allowed, either.