diff --git a/deploy/cert-manager-webhook-sotoon/templates/_helpers.tpl b/deploy/cert-manager-webhook-sotoon/templates/_helpers.tpl index d3c474b..47d2f5a 100644 --- a/deploy/cert-manager-webhook-sotoon/templates/_helpers.tpl +++ b/deploy/cert-manager-webhook-sotoon/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "example-webhook.name" -}} +{{- define "cert-manager-webhook-sotoon.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "example-webhook.fullname" -}} +{{- define "cert-manager-webhook-sotoon.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,22 +27,22 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "example-webhook.chart" -}} +{{- define "cert-manager-webhook-sotoon.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "example-webhook.selfSignedIssuer" -}} -{{ printf "%s-selfsign" (include "example-webhook.fullname" .) }} +{{- define "cert-manager-webhook-sotoon.selfSignedIssuer" -}} +{{ printf "%s-selfsign" (include "cert-manager-webhook-sotoon.fullname" .) }} {{- end -}} -{{- define "example-webhook.rootCAIssuer" -}} -{{ printf "%s-ca" (include "example-webhook.fullname" .) }} +{{- define "cert-manager-webhook-sotoon.rootCAIssuer" -}} +{{ printf "%s-ca" (include "cert-manager-webhook-sotoon.fullname" .) }} {{- end -}} -{{- define "example-webhook.rootCACertificate" -}} -{{ printf "%s-ca" (include "example-webhook.fullname" .) }} +{{- define "cert-manager-webhook-sotoon.rootCACertificate" -}} +{{ printf "%s-ca" (include "cert-manager-webhook-sotoon.fullname" .) }} {{- end -}} -{{- define "example-webhook.servingCertificate" -}} -{{ printf "%s-webhook-tls" (include "example-webhook.fullname" .) }} +{{- define "cert-manager-webhook-sotoon.servingCertificate" -}} +{{ printf "%s-webhook-tls" (include "cert-manager-webhook-sotoon.fullname" .) }} {{- end -}} diff --git a/deploy/cert-manager-webhook-sotoon/templates/apiservice.yaml b/deploy/cert-manager-webhook-sotoon/templates/apiservice.yaml index 7426401..c2e7ecc 100644 --- a/deploy/cert-manager-webhook-sotoon/templates/apiservice.yaml +++ b/deploy/cert-manager-webhook-sotoon/templates/apiservice.yaml @@ -1,19 +1,19 @@ -apiVersion: apiregistration.k8s.io/v1 +apiVersion: apiregistration.k8s.io/v1beta1 kind: APIService metadata: name: v1alpha1.{{ .Values.groupName }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: - certmanager.k8s.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "example-webhook.servingCertificate" . }}" + cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "cert-manager-webhook-sotoon.servingCertificate" . }}" spec: group: {{ .Values.groupName }} groupPriorityMinimum: 1000 versionPriority: 15 service: - name: {{ include "example-webhook.fullname" . }} + name: {{ include "cert-manager-webhook-sotoon.fullname" . }} namespace: {{ .Release.Namespace }} version: v1alpha1 diff --git a/deploy/cert-manager-webhook-sotoon/templates/deployment.yaml b/deploy/cert-manager-webhook-sotoon/templates/deployment.yaml index ed49463..7f7fab5 100644 --- a/deploy/cert-manager-webhook-sotoon/templates/deployment.yaml +++ b/deploy/cert-manager-webhook-sotoon/templates/deployment.yaml @@ -1,28 +1,29 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "example-webhook.fullname" . }} + name: {{ include "cert-manager-webhook-sotoon.fullname" . }} + namespace: {{ .Release.Namespace }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app: {{ include "example-webhook.name" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} release: {{ .Release.Name }} template: metadata: labels: - app: {{ include "example-webhook.name" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} release: {{ .Release.Name }} spec: - serviceAccountName: {{ include "example-webhook.fullname" . }} + serviceAccountName: {{ include "cert-manager-webhook-sotoon.fullname" . }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - --tls-cert-file=/tls/tls.crt @@ -53,7 +54,7 @@ spec: volumes: - name: certs secret: - secretName: {{ include "example-webhook.servingCertificate" . }} + secretName: {{ include "cert-manager-webhook-sotoon.servingCertificate" . }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/deploy/cert-manager-webhook-sotoon/templates/pki.yaml b/deploy/cert-manager-webhook-sotoon/templates/pki.yaml index d21f76b..c26cd20 100644 --- a/deploy/cert-manager-webhook-sotoon/templates/pki.yaml +++ b/deploy/cert-manager-webhook-sotoon/templates/pki.yaml @@ -1,14 +1,14 @@ --- # Create a selfsigned Issuer, in order to create a root CA certificate for # signing webhook serving certificates -apiVersion: cert-manager.io/v1alpha3 +apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: - name: {{ include "example-webhook.selfSignedIssuer" . }} + name: {{ include "cert-manager-webhook-sotoon.selfSignedIssuer" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: @@ -17,60 +17,60 @@ spec: --- # Generate a CA Certificate used to sign certificates for the webhook -apiVersion: cert-manager.io/v1alpha3 +apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: - name: {{ include "example-webhook.rootCACertificate" . }} + name: {{ include "cert-manager-webhook-sotoon.rootCACertificate" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - secretName: {{ include "example-webhook.rootCACertificate" . }} + secretName: {{ include "cert-manager-webhook-sotoon.rootCACertificate" . }} duration: 43800h # 5y issuerRef: - name: {{ include "example-webhook.selfSignedIssuer" . }} - commonName: "ca.example-webhook.cert-manager" + name: {{ include "cert-manager-webhook-sotoon.selfSignedIssuer" . }} + commonName: "ca.cert-manager-webhook-sotoon.cert-manager" isCA: true --- # Create an Issuer that uses the above generated CA certificate to issue certs -apiVersion: cert-manager.io/v1alpha3 +apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: - name: {{ include "example-webhook.rootCAIssuer" . }} + name: {{ include "cert-manager-webhook-sotoon.rootCAIssuer" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: ca: - secretName: {{ include "example-webhook.rootCACertificate" . }} + secretName: {{ include "cert-manager-webhook-sotoon.rootCACertificate" . }} --- # Finally, generate a serving certificate for the webhook to use -apiVersion: cert-manager.io/v1alpha3 +apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: - name: {{ include "example-webhook.servingCertificate" . }} + name: {{ include "cert-manager-webhook-sotoon.servingCertificate" . }} namespace: {{ .Release.Namespace | quote }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - secretName: {{ include "example-webhook.servingCertificate" . }} + secretName: {{ include "cert-manager-webhook-sotoon.servingCertificate" . }} duration: 8760h # 1y issuerRef: - name: {{ include "example-webhook.rootCAIssuer" . }} + name: {{ include "cert-manager-webhook-sotoon.rootCAIssuer" . }} dnsNames: - - {{ include "example-webhook.fullname" . }} - - {{ include "example-webhook.fullname" . }}.{{ .Release.Namespace }} - - {{ include "example-webhook.fullname" . }}.{{ .Release.Namespace }}.svc + - {{ include "cert-manager-webhook-sotoon.fullname" . }} + - {{ include "cert-manager-webhook-sotoon.fullname" . }}.{{ .Release.Namespace }} + - {{ include "cert-manager-webhook-sotoon.fullname" . }}.{{ .Release.Namespace }}.svc diff --git a/deploy/cert-manager-webhook-sotoon/templates/rbac.yaml b/deploy/cert-manager-webhook-sotoon/templates/rbac.yaml index d386362..e55ad89 100644 --- a/deploy/cert-manager-webhook-sotoon/templates/rbac.yaml +++ b/deploy/cert-manager-webhook-sotoon/templates/rbac.yaml @@ -1,24 +1,25 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "example-webhook.fullname" . }} + name: {{ include "cert-manager-webhook-sotoon.fullname" . }} + namespace: {{ .Release.Namespace }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} --- # Grant the webhook permission to read the ConfigMap containing the Kubernetes # apiserver's requestheader-ca-certificate. # This ConfigMap is automatically created by the Kubernetes apiserver. -apiVersion: rbac.authorization.k8s.io/v1 +apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: - name: {{ include "example-webhook.fullname" . }}:webhook-authentication-reader + name: {{ include "cert-manager-webhook-sotoon.fullname" . }}:webhook-authentication-reader namespace: kube-system labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} roleRef: @@ -28,18 +29,18 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: {{ include "example-webhook.fullname" . }} + name: {{ include "cert-manager-webhook-sotoon.fullname" . }} namespace: {{ .Release.Namespace }} --- # apiserver gets the auth-delegator role to delegate auth decisions to # the core apiserver -apiVersion: rbac.authorization.k8s.io/v1 +apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ include "example-webhook.fullname" . }}:auth-delegator + name: {{ include "cert-manager-webhook-sotoon.fullname" . }}:auth-delegator labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} roleRef: @@ -49,17 +50,17 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: {{ include "example-webhook.fullname" . }} + name: {{ include "cert-manager-webhook-sotoon.fullname" . }} namespace: {{ .Release.Namespace }} --- # Grant cert-manager permission to validate using our apiserver -apiVersion: rbac.authorization.k8s.io/v1 +apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: {{ include "example-webhook.fullname" . }}:domain-solver + name: {{ include "cert-manager-webhook-sotoon.fullname" . }}:domain-solver labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} rules: @@ -70,19 +71,19 @@ rules: verbs: - 'create' --- -apiVersion: rbac.authorization.k8s.io/v1 +apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ include "example-webhook.fullname" . }}:domain-solver + name: {{ include "cert-manager-webhook-sotoon.fullname" . }}:domain-solver labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ include "example-webhook.fullname" . }}:domain-solver + name: {{ include "cert-manager-webhook-sotoon.fullname" . }}:domain-solver subjects: - apiGroup: "" kind: ServiceAccount diff --git a/deploy/cert-manager-webhook-sotoon/templates/service.yaml b/deploy/cert-manager-webhook-sotoon/templates/service.yaml index 572089e..042fc24 100644 --- a/deploy/cert-manager-webhook-sotoon/templates/service.yaml +++ b/deploy/cert-manager-webhook-sotoon/templates/service.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "example-webhook.fullname" . }} + name: {{ include "cert-manager-webhook-sotoon.fullname" . }} + namespace: {{ .Release.Namespace }} labels: - app: {{ include "example-webhook.name" . }} - chart: {{ include "example-webhook.chart" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} + chart: {{ include "cert-manager-webhook-sotoon.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: @@ -15,5 +16,5 @@ spec: protocol: TCP name: https selector: - app: {{ include "example-webhook.name" . }} + app: {{ include "cert-manager-webhook-sotoon.name" . }} release: {{ .Release.Name }}