mirror of
https://github.com/cert-manager/webhook-example.git
synced 2025-07-01 22:35:49 +02:00
allow running as unprivileged pod by choosing a higher port for listening (#33)
This commit is contained in:
Rémy Moll
GitHub
parent
b5793bb12c
commit
97de643226
3 changed files with 13 additions and 4 deletions
|
|
@ -65,6 +65,7 @@ The Helm chart accepts the following values:
|
|||
| `image.tag` | ✔️ | Docker image tag of the solver | latest tagged docker build |
|
||||
| `image.pullPolicy` | ✔️ | Image pull policy of the solver | `IfNotPresent` |
|
||||
| `logLevel` | | Set the verbosity of the solver | _empty_ |
|
||||
| `useUnprivilegedPort` | | Use an unprivileged container-port for the webhook | `true` |
|
||||
| `groupName` | ✔️ | Identifies the company that created the webhook | _empty_ |
|
||||
| `certManager.namespace` | ✔️ | The namespace cert-manager was installed to | `cert-manager` |
|
||||
| `certManager.serviceAccountName` | ✔️ | The service account cert-manager runs under | `cert-manager` |
|
||||
|
|
|
|||
|
|
@ -37,13 +37,20 @@ spec:
|
|||
- --tls-private-key-file=/tls/tls.key
|
||||
{{- if .Values.logLevel }}
|
||||
- --v={{ .Values.logLevel }}
|
||||
{{- end }}
|
||||
{{- if .Values.useUnprivilegedPort }}
|
||||
- --secure-port=8443
|
||||
{{- end }}
|
||||
env:
|
||||
- name: GROUP_NAME
|
||||
value: {{ .Values.groupName | quote }}
|
||||
ports:
|
||||
- name: https
|
||||
{{- if .Values.useUnprivilegedPort }}
|
||||
containerPort: 8443
|
||||
{{- else }}
|
||||
containerPort: 443
|
||||
{{- end }}
|
||||
protocol: TCP
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ fullnameOverride: ""
|
|||
service:
|
||||
type: ClusterIP
|
||||
port: 443
|
||||
useUnprivilegedPort: true
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
|
|
|
|||
Loading…
Reference in a new issue