Certificate Webhook Injection

ScaleOps admission webhook communicates with the Kubernetes API server over HTTPS. The webhook requires a valid certificate which can be configured by numerous methods, as described below.

Self-signed Certificate (Default)

ScaleOps webhook automatically generates, by default, self-signed certificate without any additional configuration, or use of cert manager.

Existing Certificate

admissions:
  tls:
    webhookCertificate:
      enabled: true
      name: <CERTIFICATE_NAME>
    secret: <CERTIFICATE_SECRET_NAME>

Generated Certificate

admissions:
  tls:
    webhookCertificate:
      create: true
    issuer:
      name: <ISSUER_NAME>
      kind: Issuer        # or ClusterIssuer

Generated Certificate and Issuer

admissions:
  tls:
    webhookCertificate:
      create: true
    issuer:
      create: true