ghndrx/k8s-game-2048
1
0
Fork 0
mirror of https://github.com/ghndrx/k8s-game-2048.git synced 2026-02-10 14:54:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Configure webhook handler to use in-cluster service account

Browse Source 
- Remove kubeconfig file mounting to use in-cluster service account
- Remove Docker socket mount (not needed for Knative deployments)
- Fix Kubernetes API connectivity issues
- Webhook deployment now working successfully with proper RBAC
This commit is contained in:
Greg
2025-07-01 12:11:50 -07:00
parent 6f57651f92
commit 524f44b023
2 changed files with 7 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
manifests/webhook/webhook-handler.yaml
View File

@@ -108,12 +108,7 @@ spec:
cp /shared/kubectl /usr/local/bin/ 2>/dev/null || echo "kubectl already available" cp /shared/kubectl /usr/local/bin/ 2>/dev/null || echo "kubectl already available"
chmod +x /usr/local/bin/kubectl 2>/dev/null || true chmod +x /usr/local/bin/kubectl 2>/dev/null || true
# Set up kubeconfig # Test connectivity (using in-cluster service account)
mkdir -p /root/.kube
cp /etc/kubeconfig/config /root/.kube/config
chmod 600 /root/.kube/config
# Test connectivity
echo "🔍 Testing Kubernetes connectivity..." echo "🔍 Testing Kubernetes connectivity..."
kubectl version --client || echo "⚠️ kubectl client test failed" kubectl version --client || echo "⚠️ kubectl client test failed"
kubectl cluster-info || echo "⚠️ cluster connectivity test failed, but continuing..." kubectl cluster-info || echo "⚠️ cluster connectivity test failed, but continuing..."
@@ -128,10 +123,6 @@ spec:
subPath: webhook-handler.py subPath: webhook-handler.py
- name: manifests - name: manifests
mountPath: /app/manifests mountPath: /app/manifests
- name: docker-socket
mountPath: /var/run/docker.sock
- name: kubeconfig
mountPath: /etc/kubeconfig
- name: shared-tools - name: shared-tools
mountPath: /shared mountPath: /shared
livenessProbe: livenessProbe:
@@ -166,14 +157,6 @@ spec:
hostPath: hostPath:
path: /home/administrator/k8s-game-2048/manifests path: /home/administrator/k8s-game-2048/manifests
type: Directory type: Directory
- name: docker-socket
hostPath:
path: /var/run/docker.sock
type: Socket
- name: kubeconfig
secret:
secretName: webhook-kubeconfig
defaultMode: 0600
- name: shared-tools - name: shared-tools
emptyDir: {} emptyDir: {}
--- ---

7
scripts/webhook-handler.py
View File

@@ -38,8 +38,13 @@ def verify_signature(payload, signature):
def run_command(cmd, **kwargs): def run_command(cmd, **kwargs):
"""Run shell command with logging""" """Run shell command with logging"""
logger.info(f"Running command: {' '.join(cmd)}") logger.info(f"Running command: {' '.join(cmd)}")
# Set up environment for kubectl to use in-cluster config
env = os.environ.copy()
env['KUBECONFIG'] = '' # Force kubectl to use in-cluster config
try: try:
result = subprocess.run(cmd, check=True, capture_output=True, text=True, **kwargs) result = subprocess.run(cmd, check=True, capture_output=True, text=True, env=env, **kwargs)
logger.info(f"Command output: {result.stdout}") logger.info(f"Command output: {result.stdout}")
return result return result
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e: