KropCloud/cert-manager-webhook-example
1
0
Fork 1
mirror of https://github.com/cert-manager/webhook-example.git synced 2025-07-02 06:45:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Change wording and handling of .Values.groupName

Browse source
This commit is contained in:
Valentin Klopfenstein 2024-06-19 09:53:06 +02:00
parent f6d110c78b
commit b9630d8894
8 changed files with 20 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -66,7 +66,7 @@ The Helm chart accepts the following values:
| `image.pullPolicy` | ✔️ | Image pull policy of the solver | `IfNotPresent` | | `image.pullPolicy` | ✔️ | Image pull policy of the solver | `IfNotPresent` |
| `logLevel` | | Set the verbosity of the solver | _empty_ | | `logLevel` | | Set the verbosity of the solver | _empty_ |
| `useUnprivilegedPort` | | Use an unprivileged container-port for the webhook | `true` | | `useUnprivilegedPort` | | Use an unprivileged container-port for the webhook | `true` |
| `groupName` | ✔️ | Identifies the company that created the webhook | _empty_ | | `groupName` | ✔️ | Name of the API group used to register the webhook API service as | `acme.dnsimple.com` |
| `certManager.namespace` | ✔️ | The namespace cert-manager was installed to | `cert-manager` | | `certManager.namespace` | ✔️ | The namespace cert-manager was installed to | `cert-manager` |
| `certManager.serviceAccountName` | ✔️ | The service account cert-manager runs under | `cert-manager` | | `certManager.serviceAccountName` | ✔️ | The service account cert-manager runs under | `cert-manager` |

7
charts/cert-manager-webhook-dnsimple/templates/_helpers.tpl
View file

@ -6,6 +6,13 @@ Expand the name of the chart.
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}} {{- end -}}
{{/*
APIService group name
*/}}
{{- define "dnsimple-webhook.api-group" -}}
{{- default "acme.dnsimple.com" (.Values.groupName) -}}
{{- end -}}
{{/* {{/*
Create a default fully qualified app name. Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).

4
charts/cert-manager-webhook-dnsimple/templates/apiservice.yaml
View file

@ -2,7 +2,7 @@
apiVersion: {{ $APIRegistrationAPIVersion }} apiVersion: {{ $APIRegistrationAPIVersion }}
kind: APIService kind: APIService
metadata: metadata:
name: v1alpha1.{{ .Values.groupName }} name: v1alpha1.{{ include "dnsimple-webhook.api-group" . }}
labels: labels:
app: {{ include "dnsimple-webhook.name" . }} app: {{ include "dnsimple-webhook.name" . }}
chart: {{ include "dnsimple-webhook.chart" . }} chart: {{ include "dnsimple-webhook.chart" . }}
@ -11,7 +11,7 @@ metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "dnsimple-webhook.servingCertificate" . }}" cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "dnsimple-webhook.servingCertificate" . }}"
spec: spec:
group: {{ .Values.groupName }} group: {{ include "dnsimple-webhook.api-group" . }}
groupPriorityMinimum: 1000 groupPriorityMinimum: 1000
versionPriority: 15 versionPriority: 15
service: service:

2
charts/cert-manager-webhook-dnsimple/templates/deployment.yaml
View file

@ -43,7 +43,7 @@ spec:
{{- end }} {{- end }}
env: env:
- name: GROUP_NAME - name: GROUP_NAME
value: {{ .Values.groupName | quote }} value: {{ include "dnsimple-webhook.api-group" . | quote }}
ports: ports:
- name: https - name: https
{{- if .Values.useUnprivilegedPort }} {{- if .Values.useUnprivilegedPort }}

2
charts/cert-manager-webhook-dnsimple/templates/production.cluster-issuer.yaml
View file

@ -22,6 +22,6 @@ spec:
key: token key: token
name: {{ include "dnsimple-webhook.tokenSecretName" . }} name: {{ include "dnsimple-webhook.tokenSecretName" . }}
accountID: {{ .Values.dnsimple.accountID | quote }} accountID: {{ .Values.dnsimple.accountID | quote }}
groupName: {{ .Values.groupName }} groupName: {{ include "dnsimple-webhook.api-group" . }}
solverName: dnsimple solverName: dnsimple
{{- end -}} {{- end -}}

2
charts/cert-manager-webhook-dnsimple/templates/rbac.yaml
View file

@ -65,7 +65,7 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
rules: rules:
- apiGroups: - apiGroups:
- {{ .Values.groupName }} - {{ include "dnsimple-webhook.api-group" . }}
resources: resources:
- '*' - '*'
verbs: verbs:

2
charts/cert-manager-webhook-dnsimple/templates/staging.cluster-issuer.yaml
View file

@ -22,6 +22,6 @@ spec:
key: token key: token
name: {{ include "dnsimple-webhook.tokenSecretName" . }} name: {{ include "dnsimple-webhook.tokenSecretName" . }}
accountID: {{ .Values.dnsimple.accountID | quote }} accountID: {{ .Values.dnsimple.accountID | quote }}
groupName: {{ .Values.groupName }} groupName: {{ include "dnsimple-webhook.api-group" . }}
solverName: dnsimple solverName: dnsimple
{{- end -}} {{- end -}}

14
charts/cert-manager-webhook-dnsimple/values.yaml
View file

@ -1,12 +1,8 @@
# The GroupName here is used to identify your company or business unit that
# created this webhook. # groupName sets the API group name for the API service that registers this webhook service.
# For example, this may be "acme.mycompany.com". # If you wish to customize this name, uncomment line and set the value to an FQDN, i.e. acme.company.com
# This name will need to be referenced in each Issuer's `webhook` stanza to #groupName: ""
# inform cert-manager of where to send ChallengePayload resources in order to
# solve the DNS01 challenge.
# This group name should be **unique**, hence using your own company's domain
# here is recommended.
groupName: ""
certManager: certManager:
namespace: cert-manager namespace: cert-manager
serviceAccountName: cert-manager serviceAccountName: cert-manager