From 2d58744254cbe990c0e440a35b3426d53f18b4f1 Mon Sep 17 00:00:00 2001
From: biondizzle <biondizzle@gmail.com>
Date: Thu, 11 Dec 2025 04:39:25 -0500
Subject: [PATCH] tweax

---
 .gitignore                  | 40 +++++++++++++++++++++++++++++++++++++
 Makefile                    |  9 +++++++--
 example.yaml => deploy.yaml |  4 ++--
 generate-certs.sh           | 17 ++++++++--------
 4 files changed, 58 insertions(+), 12 deletions(-)
 create mode 100644 .gitignore
 rename example.yaml => deploy.yaml (95%)

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6d2d65e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,40 @@
+# Binaries
+webhook
+*.exe
+*.dll
+*.so
+*.dylib
+
+# Test binary
+*.test
+
+# Output of the go coverage tool
+*.out
+
+# Go workspace file
+go.work
+
+# Dependency directories
+vendor/
+
+# IDE specific files
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# OS specific files
+.DS_Store
+Thumbs.db
+
+# Certificates and keys
+*.key
+*.crt
+*.csr
+*.pem
+.ca-bundle.txt
+
+# Build artifacts
+dist/
+build/
diff --git a/Makefile b/Makefile
index 178572c..b0e05ef 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,12 @@ certs:
 
 # Deploy to Kubernetes
 deploy:
-	kubectl apply -f deploy.yaml
+	@if [ ! -f .ca-bundle.txt ]; then \
+		echo "Error: .ca-bundle.txt not found. Run 'make certs' first."; \
+		exit 1; \
+	fi
+	@CA_BUNDLE=$$(cat .ca-bundle.txt) && \
+	sed "s|CA_BUNDLE_PLACEHOLDER|$$CA_BUNDLE|g" deploy.yaml | kubectl apply -f -
 
 # Undeploy from Kubernetes
 undeploy:
@@ -111,4 +116,4 @@ help:
 	@echo "  status         - Check webhook status"
 	@echo "  clean          - Remove all resources"
 	@echo "  restart        - Restart webhook deployment"
-	@echo "  help           - Show this help"
+	@echo "  help           - Show this help"
\ No newline at end of file
diff --git a/example.yaml b/deploy.yaml
similarity index 95%
rename from example.yaml
rename to deploy.yaml
index 512e679..7239485 100644
--- a/example.yaml
+++ b/deploy.yaml
@@ -63,7 +63,7 @@ spec:
       serviceAccountName: irsa-webhook
       containers:
       - name: webhook
-        image: ewr.vultrcr.com/chansey/irsa-webhook:latest
+        image: your-registry/irsa-webhook:latest
         imagePullPolicy: Always
         ports:
         - containerPort: 8443
@@ -122,7 +122,7 @@ webhooks:
       name: irsa-webhook
       namespace: irsa-system
       path: /mutate
-    caBundle: ${CA_BUNDLE} # Replace with base64-encoded CA certificate
+    caBundle: CA_BUNDLE_PLACEHOLDER
   rules:
   - operations: ["CREATE"]
     apiGroups: [""]
diff --git a/generate-certs.sh b/generate-certs.sh
index c542188..3e14945 100755
--- a/generate-certs.sh
+++ b/generate-certs.sh
@@ -29,7 +29,7 @@ openssl req -x509 -new -nodes -key ${CERT_DIR}/ca.key \
 openssl genrsa -out ${CERT_DIR}/tls.key 2048
 
 # Create certificate signing request
-cat > ${CERT_DIR}/csr.conf <<EOL
+cat > ${CERT_DIR}/csr.conf <<EOF
 [req]
 req_extensions = v3_req
 distinguished_name = req_distinguished_name
@@ -44,7 +44,7 @@ DNS.1 = ${SERVICE_NAME}
 DNS.2 = ${SERVICE_NAME}.${NAMESPACE}
 DNS.3 = ${SERVICE_NAME}.${NAMESPACE}.svc
 DNS.4 = ${SERVICE_NAME}.${NAMESPACE}.svc.cluster.local
-EOL
+EOF
 
 # Generate certificate signing request
 openssl req -new -key ${CERT_DIR}/tls.key \
@@ -65,20 +65,23 @@ openssl x509 -req -in ${CERT_DIR}/tls.csr \
 echo "Certificates generated successfully."
 
 # Create namespace if it doesn't exist
-kubectl create namespace ${NAMESPACE} --dry-run=client -o yaml | kubectl apply -f -
+kubectl create namespace ${NAMESPACE} --dry-run=client -o yaml | kubectl apply -f - --validate=false
 
 # Create or update secret with certificates
 kubectl create secret tls ${SECRET_NAME} \
     --cert=${CERT_DIR}/tls.crt \
     --key=${CERT_DIR}/tls.key \
     --namespace=${NAMESPACE} \
-    --dry-run=client -o yaml | kubectl apply -f -
+    --dry-run=client -o yaml | kubectl apply -f - --validate=false
 
 echo "Secret ${SECRET_NAME} created/updated in namespace ${NAMESPACE}"
 
 # Get CA bundle for webhook configuration
 CA_BUNDLE=$(cat ${CERT_DIR}/ca.crt | base64 | tr -d '\n')
 
+# Save CA bundle to file for deployment
+echo "${CA_BUNDLE}" > .ca-bundle.txt
+
 # Update MutatingWebhookConfiguration with CA bundle
 if kubectl get mutatingwebhookconfiguration ${WEBHOOK_CONFIG_NAME} &> /dev/null; then
     kubectl patch mutatingwebhookconfiguration ${WEBHOOK_CONFIG_NAME} \
@@ -86,10 +89,8 @@ if kubectl get mutatingwebhookconfiguration ${WEBHOOK_CONFIG_NAME} &> /dev/null;
         -p="[{'op': 'replace', 'path': '/webhooks/0/clientConfig/caBundle', 'value':'${CA_BUNDLE}'}]"
     echo "MutatingWebhookConfiguration ${WEBHOOK_CONFIG_NAME} updated with CA bundle"
 else
-    echo "MutatingWebhookConfiguration ${WEBHOOK_CONFIG_NAME} not found. Please update deploy.yaml with:"
-    echo "caBundle: ${CA_BUNDLE}"
+    echo "MutatingWebhookConfiguration not found yet. CA bundle saved to .ca-bundle.txt"
 fi
 
 echo ""
-echo "Setup complete! CA Bundle (for manual configuration):"
-echo "${CA_BUNDLE}"
+echo "Setup complete! CA Bundle saved to .ca-bundle.txt"
\ No newline at end of file