Skip to content

Commit

Permalink
[cert-manager-setup] allow for multiple clusterissuers
Browse files Browse the repository at this point in the history
  • Loading branch information
@alejandroEsc
alejandroEsc committed Jan 24, 2020
1 parent f44ea4d commit 65187ab
Show file tree
Hide file tree
Showing 6 changed files with 33 additions and 15 deletions.
2 changes: 1 addition & 1 deletion staging/cert-manager-setup/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: cert-manager-setup
home: https://github.com/mesosphere/charts
version: 0.1.7
version: 0.1.8
appVersion: 0.10.1
description: Install cert-manager and optionally add a ClusterIssuer
keywords:
Expand Down
14 changes: 9 additions & 5 deletions staging/cert-manager-setup/ci/test-values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
clusterissuer:
name: kubernetes-ca
spec:
ca:
secretName: kubernetes-intermediate-ca
clusterissuers:
- name: kubernetes-ca
spec:
ca:
secretName: kubernetes-intermediate-ca
- name: my-ca
spec:
ca:
secretName: my-secrete-1
3 changes: 3 additions & 0 deletions staging/cert-manager-setup/templates/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: read-apiservices
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "before-hook-creation"
rules:
- apiGroups: ["apiregistration.k8s.io"]
resources: ["apiservices"]
Expand Down
3 changes: 3 additions & 0 deletions staging/cert-manager-setup/templates/clusterrolebinding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ kind: ClusterRoleBinding
metadata:
name: read-apiservices-rolebinding
namespace: {{ .Release.Namespace }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-delete-policy: "before-hook-creation"
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
Expand Down
12 changes: 8 additions & 4 deletions staging/cert-manager-setup/templates/issuers.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{{ if .Values.clusterissuer }}
{{- if .Values.clusterissuers }}
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
Expand Down Expand Up @@ -32,15 +33,18 @@ spec:
usages:
- "digital signature"
- "key encipherment"

---
{{- range .Values.clusterissuers }}
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: {{ required "clusterissuer must have a name" .Values.clusterissuer.name }}
name: {{ required "clusterissuer must have a name" .name }}
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-weight": "-2"
"helm.sh/hook-delete-policy": before-hook-creation
spec:
{{ required "clusterissuer must have a spec" .Values.clusterissuer.spec | toYaml | indent 4 }}
{{ end }}
{{ required "clusterissuer must have a spec" .spec | toYaml | indent 4 }}
{{- end }}
{{- end }}
14 changes: 9 additions & 5 deletions staging/cert-manager-setup/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,15 @@
nameOverride: ""
fullnameOverride: ""

clusterissuer: {}
# name: kubernetes-ca
# spec:
# ca:
# secretName: kubernetes-intermediate-ca
clusterissuers: []
# - name: kubernetes-ca
# spec:
# ca:
# secretName: kubernetes-intermediate-ca
# - name: my-ca-1
# spec:
# ca:
# secretName: my-secrete-1

# When installing addons on a cluster that already has cert-manager
# installed with webhook validation enabled this value should be set to
Expand Down

0 comments on commit 65187ab

Please sign in to comment.