Deepfactor’s mutating webhook service pod is deployed with
replicas set to 1 and is deployed in namespace
df-registration. While deploying the webhook, DeepFacor creates TLS Secret for storing certs and keys for the webhook. Also, the mutating webhook configuration is stored in a config map named
This article describes how to decommission Deepfactor’s Admission Controller Webhook.
Decommissioning Deepfactor’s Mutating Webhook #
Once Deepfactor’s webhook is put out of commission, no new pods will be instrumented to run with Deepfactor. This however does not impact pods already running with Deepfactor. The following steps must be executed in sequence to decommission the webhook.
To delete Deepfactor’s mutating webhook, you must delete the deployment of the pods. This can be done using the following command:
kubectl delete -f https://repo.deepfactor.io/k8s-adm-webhook/deployment.yaml
Once the deployment is deleted, you can delete the TLS secret that was created using the following command:
kubectl -n df-registration delete secret df-webhook-tls
Next, you can delete the config map that was used to store webhook configuration using the following command:
kubectl delete -f https://repo.deepfactor.io/k8s-adm-webhook/df-configmap.yaml
And lastly, you can delete the namespace that was created for the webhook using the following command:
kubectl delete namespace df-registration
To simplify this process, Deepfactor provides the following command that can be used to cleanup the mutating webhook:
bash -c "$(curl -L https://repo.deepfactor.io/cleanup-df-adm-webhook.sh)"