KropCloud/cert-manager-webhook-example
1
0
Fork 1
mirror of https://github.com/cert-manager/webhook-example.git synced 2025-07-02 06:45:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

allow running as unprivileged pod by choosing a higher port for listening (#33)

Browse source
This commit is contained in:
Rémy Moll 2024-05-27 18:28:57 +02:00 committed by GitHub
parent b5793bb12c
commit 97de643226
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -65,6 +65,7 @@ The Helm chart accepts the following values:
| `image.tag` | ✔️ | Docker image tag of the solver | latest tagged docker build | | `image.tag` | ✔️ | Docker image tag of the solver | latest tagged docker build |
| `image.pullPolicy` | ✔️ | Image pull policy of the solver | `IfNotPresent` | | `image.pullPolicy` | ✔️ | Image pull policy of the solver | `IfNotPresent` |
| `logLevel` | | Set the verbosity of the solver | _empty_ | | `logLevel` | | Set the verbosity of the solver | _empty_ |
| `useUnprivilegedPort` | | Use an unprivileged container-port for the webhook | `true` |
| `groupName` | ✔️ | Identifies the company that created the webhook | _empty_ | | `groupName` | ✔️ | Identifies the company that created the webhook | _empty_ |
| `certManager.namespace` | ✔️ | The namespace cert-manager was installed to | `cert-manager` | | `certManager.namespace` | ✔️ | The namespace cert-manager was installed to | `cert-manager` |
| `certManager.serviceAccountName` | ✔️ | The service account cert-manager runs under | `cert-manager` | | `certManager.serviceAccountName` | ✔️ | The service account cert-manager runs under | `cert-manager` |

7
charts/cert-manager-webhook-dnsimple/templates/deployment.yaml
View file

@ -37,13 +37,20 @@ spec:
- --tls-private-key-file=/tls/tls.key - --tls-private-key-file=/tls/tls.key
{{- if .Values.logLevel }} {{- if .Values.logLevel }}
- --v={{ .Values.logLevel }} - --v={{ .Values.logLevel }}
{{- end }}
{{- if .Values.useUnprivilegedPort }}
- --secure-port=8443
{{- end }} {{- end }}
env: env:
- name: GROUP_NAME - name: GROUP_NAME
value: {{ .Values.groupName | quote }} value: {{ .Values.groupName | quote }}
ports: ports:
- name: https - name: https
{{- if .Values.useUnprivilegedPort }}
containerPort: 8443
{{- else }}
containerPort: 443 containerPort: 443
{{- end }}
protocol: TCP protocol: TCP
livenessProbe: livenessProbe:
httpGet: httpGet:

1
charts/cert-manager-webhook-dnsimple/values.yaml
View file

@ -32,6 +32,7 @@ fullnameOverride: ""
service: service:
type: ClusterIP type: ClusterIP
port: 443 port: 443
useUnprivilegedPort: true
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little # choice for the user. This also increases chances charts run on environments with little