Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow configuration of an external webhook and its associated certs in the Porch API server #554

Closed
liamfallon opened this issue Feb 29, 2024 · 3 comments
Assignees
Labels
Milestone

Comments

@liamfallon
Copy link
Member

The Porch API server can use a validating webook to check whether delete requests should be allowed or not. If the CERT_STORAGE_DIR environment variable is not set, Porch does not validate deletions. If the CERT_STORAGE_DIR environment variable is set, Porch generates a validating webhook and its associated certs.

Using a webhook ensures that resources are only deleted when the user has authority to do so.

However, the Porch API server cannot today be configured to use an externally configured webhook. In addition, the current self generated webhook has a number of drawbacks:

  • Access to the deletion commands cannot be controlled by configuration
  • The generated certificates time out after a year
  • The service name on which the webhook acts and the configuratino name cannot be controlled by configuration
  • The namespace on which Porch is installed is hardcoded to "porch-system" {fixed in PR-26}

This issue proposes adding support for externally configured webhooks to the Porch API server.

@liamfallon
Copy link
Member Author

/assign @Catalin-Stratulat-Ericsson

@liamfallon
Copy link
Member Author

Triaged

@efiacor
Copy link
Contributor

efiacor commented Jun 7, 2024

nephio-project/porch#53

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
Status: Done
Development

No branches or pull requests

4 participants