From f87a018b7676ae94ff25e72c82547ba1786940da Mon Sep 17 00:00:00 2001
From: Lennart Dohmann <lennart.dohmann@gdata.de>
Date: Mon, 28 Oct 2024 10:20:32 +0100
Subject: [PATCH] Update ci.yaml to generate and apply self-signed certificate
 for ingress-nginx

---
 .github/workflows/ci.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 9de363b..fd711c7 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -87,6 +87,15 @@ jobs:
             --selector=app.kubernetes.io/component=controller \
             --timeout=120s
 
+      - name: Generate and apply self-signed certificate for ingress-nginx
+        run: |
+          openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
+            -keyout tls.key -out tls.crt -subj "/CN=ingress-nginx-controller-admission.ingress-nginx.svc"
+          kubectl create secret tls ingress-nginx-admission -n ingress-nginx \
+            --key tls.key --cert tls.crt
+          kubectl patch validatingwebhookconfiguration ingress-nginx-admission \
+            --type='json' -p='[{"op": "replace", "path": "/webhooks/0/clientConfig/caBundle", "value": "'$(base64 -w 0 tls.crt)'"}]'
+
       - name: Deploy Helm Chart
         run: |
           cat <<EOF > values-local.yaml