content/embeds/k8s-admission-webhook-cert.md
Verify the admission-tls secret exists.
kubectl get secret admission-tls
The output should look similar to
NAME TYPE DATA AGE
admission-tls Opaque 2 2m43s
Save the certificate to a local environment variable.
CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`
Create a Kubernetes validating webhook, replacing <namespace> with the namespace where the REC was installed.
The webhook.yaml template can be found in redis-enterprise-k8s-docs/admission
sed 's/OPERATOR_NAMESPACE/<namespace>/g' webhook.yaml | kubectl create -f -
Create a patch file for the Kubernetes validating webhook.
cat > modified-webhook.yaml <<EOF
webhooks:
- name: redisenterprise.admission.redislabs
clientConfig:
caBundle: $CERT
EOF
Patch the webhook with the certificate.
kubectl patch ValidatingWebhookConfiguration \
redis-enterprise-admission --patch "$(cat modified-webhook.yaml)"