mirror of
https://github.com/cert-manager/webhook-example.git
synced 2025-07-01 22:35:49 +02:00
3142c584af
- Add variable dnsimple.existingTokenSecret to the Helm chart to support using an existing secret. This is useful e.g. in combination with https://github.com/bitnami-labs/sealed-secrets. - Add variable dnsimple.tokenSecretName to support configuring the name of the token secret.
48 lines
No EOL
1.5 KiB
YAML
48 lines
No EOL
1.5 KiB
YAML
{{- if not .Values.dnsimple.existingTokenSecret -}}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ include "dnsimple-webhook.tokenSecretName" . }}
|
|
labels:
|
|
app: {{ include "dnsimple-webhook.name" . }}
|
|
chart: {{ include "dnsimple-webhook.chart" . }}
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Release.Service }}
|
|
type: Opaque
|
|
data:
|
|
token: {{ .Values.dnsimple.token | b64enc }}
|
|
{{- end }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: {{ include "dnsimple-webhook.fullname" . }}:secret-reader
|
|
labels:
|
|
app: {{ include "dnsimple-webhook.name" . }}
|
|
chart: {{ include "dnsimple-webhook.chart" . }}
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Release.Service }}
|
|
rules:
|
|
- apiGroups: [""] # indicates the core API group
|
|
resources: ["secrets"]
|
|
resourceNames: ["{{ include "dnsimple-webhook.tokenSecretName" . }}"]
|
|
verbs: ["get", "watch"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: {{ include "dnsimple-webhook.fullname" . }}:secret-reader
|
|
labels:
|
|
app: {{ include "dnsimple-webhook.name" . }}
|
|
chart: {{ include "dnsimple-webhook.chart" . }}
|
|
release: {{ .Release.Name }}
|
|
heritage: {{ .Release.Service }}
|
|
subjects:
|
|
- apiGroup: ""
|
|
kind: ServiceAccount
|
|
name: {{ include "dnsimple-webhook.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
roleRef:
|
|
kind: Role
|
|
name: {{ include "dnsimple-webhook.fullname" . }}:secret-reader
|
|
apiGroup: rbac.authorization.k8s.io |