You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: documentation/assemblies/deploying/assembly-drain-cleaner.adoc
+15-12Lines changed: 15 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,20 +22,10 @@ This informs the Cluster Operator to perform a rolling update of an evicted pod.
22
22
23
23
NOTE: If you are not using the Strimzi Drain Cleaner, you can xref:proc-manual-rolling-update-pods-str[add pod annotations to perform rolling updates manually].
24
24
25
-
.Webhook configuration
26
-
The Strimzi Drain Cleaner deployment files include a `ValidatingWebhookConfiguration` resource file.
27
-
The resource provides the configuration for registering the webhook with the Kubernetes API.
25
+
== Default webhook configuration
28
26
29
-
The configuration defines the `rules` for the Kubernetes API to follow in the event of a pod eviction request.
30
-
The rules specify that only `CREATE` operations related to `pods/eviction` sub-resources are intercepted.
31
-
If these rules are met, the API forwards the notification.
27
+
The Strimzi Drain Cleaner deployment includes a `ValidatingWebhookConfiguration` resource that registers the webhook with the Kubernetes API:
32
28
33
-
The `clientConfig` points to the Strimzi Drain Cleaner service and `/drainer` endpoint that exposes the webhook.
34
-
The webhook uses a secure TLS connection, which requires authentication.
35
-
The `caBundle` property specifies the certificate chain to validate HTTPS communication.
36
-
Certificates are encoded in Base64.
37
-
38
-
.Webhook configuration for pod eviction notifications
39
29
[source,yaml,subs="attributes+"]
40
30
----
41
31
apiVersion: admissionregistration.k8s.io/v1
@@ -59,6 +49,19 @@ webhooks:
59
49
# ...
60
50
----
61
51
52
+
Unless you are using your own TLS certificates, no manual configuration is required.
53
+
54
+
The webhook intercepts pod eviction requests based on the `rules` defined in the configuration.
55
+
Only `CREATE` operations targeting the `pods/eviction` sub-resource are evaluated.
56
+
When these conditions are met, the API forwards the request to the webhook.
57
+
58
+
The `clientConfig` section specifies the target service and endpoint for the webhook.
59
+
The webhook listens on the `/drainer` path and requires a secure TLS connection.
60
+
61
+
The `caBundle` property provides the Base64-encoded certificate chain used to validate HTTPS communication.
62
+
By default, the TLS certificates are generated and injected into the configuration automatically.
63
+
If you supply your own TLS certificates, you must manually update the `caBundle` value.
0 commit comments