KropCloud/cert-manager-webhook-example
1
0
Fork 1
mirror of https://github.com/cert-manager/webhook-example.git synced 2025-07-01 22:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

allow running as unprivileged pod by choosing a higher port for listening (#33)

Browse source
This commit is contained in:
Rémy Moll 2024-05-27 18:28:57 +02:00 committed by GitHub
parent b5793bb12c
commit 97de643226
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
README.md
View file

@ -57,15 +57,16 @@ The Helm chart accepts the following values:
| name | required | description | default value |
| ---------------------------------- | -------- | ----------------------------------------------- | --------------------------------------- |
| `dnsimple.token` | ✔️ | DNSimple API Token | _empty_ |
| `dnsimple.accountID` | | DNSimple Account ID (required when `dnsimple.token` is a user-token) | _empty_ |
| `clusterIssuer.email` | | LetsEncrypt Admin Email | _empty_ |
| `dnsimple.accountID` | | DNSimple Account ID (required when `dnsimple.token` is a user-token) | _empty_ |
| `clusterIssuer.email` | | LetsEncrypt Admin Email | _empty_ |
| `clusterIssuer.production.enabled` | | Create a production `ClusterIssuer` | `false` |
| `clusterIssuer.staging.enabled` | | Create a staging `ClusterIssuer` | `false` |
| `image.repository` | ✔️ | Docker image for the webhook solver | `ghcr.io/puzzle/cert-manager-webhook-dnsimple` |
| `image.tag` | ✔️ | Docker image tag of the solver | latest tagged docker build |
| `image.tag` | ✔️ | Docker image tag of the solver | latest tagged docker build |
| `image.pullPolicy` | ✔️ | Image pull policy of the solver | `IfNotPresent` |
| `logLevel` | | Set the verbosity of the solver | _empty_ |
| `groupName` | ✔️ | Identifies the company that created the webhook | _empty_ |
| `useUnprivilegedPort` | | Use an unprivileged container-port for the webhook | `true` |
| `groupName` | ✔️ | Identifies the company that created the webhook | _empty_ |
| `certManager.namespace` | ✔️ | The namespace cert-manager was installed to | `cert-manager` |
| `certManager.serviceAccountName` | ✔️ | The service account cert-manager runs under | `cert-manager` |

7
charts/cert-manager-webhook-dnsimple/templates/deployment.yaml
View file

@ -37,13 +37,20 @@ spec:
- --tls-private-key-file=/tls/tls.key
{{- if .Values.logLevel }}
- --v={{ .Values.logLevel }}
{{- end }}
{{- if .Values.useUnprivilegedPort }}
- --secure-port=8443
{{- end }}
env:
- name: GROUP_NAME
value: {{ .Values.groupName | quote }}
ports:
- name: https
{{- if .Values.useUnprivilegedPort }}
containerPort: 8443
{{- else }}
containerPort: 443
{{- end }}
protocol: TCP
livenessProbe:
httpGet:

1
charts/cert-manager-webhook-dnsimple/values.yaml
View file

@ -32,6 +32,7 @@ fullnameOverride: ""
service:
type: ClusterIP
port: 443
useUnprivilegedPort: true
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little