From 26f5b0c0a5adad128bce5d4e9373748f464fff9e Mon Sep 17 00:00:00 2001 From: Idriss Neumann Date: Tue, 15 Nov 2022 15:53:48 +0100 Subject: [PATCH] feat(certmanager): be able to inject an Issuer or ClusterIssuer ref instead of creating a new one --- charts/mirrors/CHANGELOG.md | 3 +++ charts/mirrors/Chart.yaml | 2 +- charts/mirrors/templates/certmanager.yaml | 9 ++++++++- charts/mirrors/values.yaml | 2 ++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/charts/mirrors/CHANGELOG.md b/charts/mirrors/CHANGELOG.md index 174e40f..6ba78fc 100644 --- a/charts/mirrors/CHANGELOG.md +++ b/charts/mirrors/CHANGELOG.md @@ -1,5 +1,8 @@ # mirrors chart +## 0.1.8 +* Ability to inject an existing Issuer or ClusterIssuer instead of creating a new one + ## 0.1.7 * Use caBundle when certmanager.enabled is false diff --git a/charts/mirrors/Chart.yaml b/charts/mirrors/Chart.yaml index d0c325e..263bd00 100644 --- a/charts/mirrors/Chart.yaml +++ b/charts/mirrors/Chart.yaml @@ -2,6 +2,6 @@ apiVersion: v2 name: mirrors description: mirrors controller type: application -version: 0.1.7 +version: 0.1.8 appVersion: "0.2.5" home: https://github.com/ktsstudio/mirrors diff --git a/charts/mirrors/templates/certmanager.yaml b/charts/mirrors/templates/certmanager.yaml index 34ad276..3685501 100644 --- a/charts/mirrors/templates/certmanager.yaml +++ b/charts/mirrors/templates/certmanager.yaml @@ -1,10 +1,12 @@ {{ if and .Values.webhooks.enabled .Values.webhooks.cert.certmanager.enabled }} +{{ if not (and .Values.webhooks.cert.certmanager.external_issuer .Values.webhooks.cert.certmanager.external_issuer.enabled) }} apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: {{ include "mirrors.fullname" . }}-selfsigned-issuer spec: selfSigned: {} +{{ end }} --- apiVersion: cert-manager.io/v1 kind: Certificate @@ -15,9 +17,14 @@ spec: - {{ include "mirrors.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc - {{ include "mirrors.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.{{ .Values.webhooks.cert.certmanager.clusterDomain }} issuerRef: + {{ if and .Values.webhooks.cert.certmanager.external_issuer .Values.webhooks.cert.certmanager.external_issuer.enabled }} + kind: {{ default "ClusterIssuer" .Values.webhooks.cert.certmanager.external_issuer.kind }} + name: {{ .Values.webhooks.cert.certmanager.external_issuer.name }} + {{ else }} kind: Issuer name: {{ include "mirrors.fullname" . }}-selfsigned-issuer + {{ end }} secretName: {{ include "mirrors.fullname" . }}-webhook-server-cert duration: {{ .Values.webhooks.cert.certmanager.duration }} renewBefore: {{ .Values.webhooks.cert.certmanager.renewBefore }} -{{ end }} \ No newline at end of file +{{ end }} diff --git a/charts/mirrors/values.yaml b/charts/mirrors/values.yaml index 234856d..f969d7b 100644 --- a/charts/mirrors/values.yaml +++ b/charts/mirrors/values.yaml @@ -93,6 +93,8 @@ webhooks: certmanager: # enables automatic certificate creation via cert-manager enabled: true + external_issuer: + enabled: false # clusterDomain is used to specify correctly a DNS for automatic certificate generation clusterDomain: cluster.local