From 943ab5b1a65336080af779b6d9b81f2ddca02a32 Mon Sep 17 00:00:00 2001
From: Serge Bazanski <q3k@hackerspace.pl>
Date: Mon, 8 Feb 2021 00:33:45 +0100
Subject: [PATCH] cluster/admitomatic: allow whitelist-source-range

Without this, cert-manager get stuck.

Deployed to prod.

Change-Id: I356cd44f455b6f4aecea9ae396f6a05e1a727859
---
 cluster/admitomatic/ingress.go         | 2 ++
 cluster/kube/lib/admitomatic.libsonnet | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/cluster/admitomatic/ingress.go b/cluster/admitomatic/ingress.go
index a1d57a5e..6b8a3657 100644
--- a/cluster/admitomatic/ingress.go
+++ b/cluster/admitomatic/ingress.go
@@ -210,6 +210,8 @@ func (i *ingressFilter) admit(req *admission.AdmissionRequest) (*admission.Admis
 		"proxy-body-size":  true,
 		"ssl-redirect":     true,
 		"backend-protocol": true,
+		// Used by cert-manager
+		"whitelist-source-range": true,
 	}
 	prefix := "nginx.ingress.kubernetes.io/"
 	for k, _ := range ingress.Annotations {
diff --git a/cluster/kube/lib/admitomatic.libsonnet b/cluster/kube/lib/admitomatic.libsonnet
index ab44bfb8..d8e04404 100644
--- a/cluster/kube/lib/admitomatic.libsonnet
+++ b/cluster/kube/lib/admitomatic.libsonnet
@@ -32,7 +32,7 @@ local prototext = import "../../../kube/prototext.libsonnet";
 
         cfg:: {
             namespace: "admitomatic",
-            image: "registry.k0.hswaw.net/q3k/admitomatic:1612618063-0b68e233116f733fb3ec9016c9d3b7decb86f192",
+            image: "registry.k0.hswaw.net/q3k/admitomatic:315532800-6cc2f867951e123909b23955cd7bcbcc3ec24f8a",
 
             proto: {},
         },