adding version 2.0.5

djkormo · Nov 17, 2023 · 7defa90 · 7defa90
1 parent 81b4954
commit 7defa90
Show file tree

Hide file tree

Showing 6 changed files with 127 additions and 77 deletions.
diff --git a/charts/adcs-issuer/Chart.yaml b/charts/adcs-issuer/Chart.yaml
@@ -13,10 +13,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.0.4
+version: 2.0.5
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "2.0.4"
+appVersion: "2.0.5"
 
diff --git a/charts/adcs-issuer/templates/deployment.yaml b/charts/adcs-issuer/templates/deployment.yaml
@@ -1,46 +1,73 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "chart.fullname" . }}-controller-manager
-  labels:
-    control-plane: controller-manager
-  {{- include "chart.labels" . | nindent 4 }}
-spec:
-  replicas: {{ .Values.controllerManager.replicas }}
-  selector:
-    matchLabels:
-      control-plane: controller-manager
-    {{- include "chart.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        control-plane: controller-manager
-      {{- include "chart.selectorLabels" . | nindent 8 }}
-    spec:
-      containers:
-      - args:
-        - --enable-leader-election
-        command:
-        - /manager
-        env:
-        - name: KUBERNETES_CLUSTER_DOMAIN
-          value: {{ .Values.kubernetesClusterDomain }}
-        image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag
-          | default .Chart.AppVersion }}
-        name: manager
-        ports:
-        - containerPort: 9443
-          name: webhook-server
-          protocol: TCP
-        resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10
-          }}
-        volumeMounts:
-        - mountPath: /tmp/k8s-webhook-server/serving-certs
-          name: cert
-          readOnly: true
-      terminationGracePeriodSeconds: 10
-      volumes:
-      - name: cert
-        secret:
-          defaultMode: 420
-          secretName: webhook-server-cert
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "chart.fullname" . }}-controller-manager
+  labels:
+    control-plane: controller-manager
+  {{- include "chart.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.controllerManager.replicas }}
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+    {{- include "chart.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        control-plane: controller-manager
+      {{- include "chart.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+      - args:
+        - --enable-leader-election=true
+        - --cluster-resource-namespace=${POD_NAMESPACE}
+        - --zap-log-level=5
+        - --disable-approved-check=false
+        command:
+        - /manager
+        env:
+        - name: KUBERNETES_CLUSTER_DOMAIN
+          value: {{ .Values.controllerManager.environment.KUBERNETES_CLUSTER_DOMAIN |quote}}
+        - name: ENABLE_WEBHOOKS
+          value: {{ .Values.controllerManager.environment.ENABLE_WEBHOOKS |quote }}
+        - name: ENABLE_DEBUG
+          value: {{ .Values.controllerManager.environment.ENABLE_DEBUG |quote }}
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+
+        image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag | default .Chart.AppVersion }}
+        name: manager
+        ports:
+        - containerPort: 9443
+          name: webhook-server
+          protocol: TCP
+        resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 }}
+        volumeMounts:
+         {{- if .Values.controllerManager.enabledWebHooks  }}
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+        {{- end }}  
+        {{- if .Values.controllerManager.enabledCaCerts  }}
+        - mountPath: /etc/ssl/certs/ca-certificates.crt
+          name: ca-certificates
+          subPath: ca-certificates.crt
+          readOnly: true
+        {{- end }}  
+      terminationGracePeriodSeconds: 10
+      volumes:
+      {{- if .Values.controllerManager.enabledWebHooks  }}
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: webhook-server-cert
+      {{- end }}  
+
+      {{- if .Values.controllerManager.enabledCaCerts  }}
+      - name: ca-certificates
+        secret:
+          defaultMode: 420
+          secretName: {{ .Values.controllerManager.caCertsSecretName| default "ca-certificates" }} 
+      {{- end }}  
diff --git a/charts/adcs-issuer/templates/mutating-webhook-configuration.yaml b/charts/adcs-issuer/templates/mutating-webhook-configuration.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.controllerManager.enabledWebHooks  }}
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
@@ -46,4 +47,5 @@ webhooks:
     - UPDATE
     resources:
     - clusteradcsissuers
-  sideEffects: None
+  sideEffects: None
+{{- end }}
diff --git a/charts/adcs-issuer/templates/validating-webhook-configuration.yaml b/charts/adcs-issuer/templates/validating-webhook-configuration.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.controllerManager.enabledWebHooks  }}
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
@@ -46,4 +47,5 @@ webhooks:
     - UPDATE
     resources:
     - clusteradcsissuers
-  sideEffects: None
+  sideEffects: None
+{{- end }}
diff --git a/charts/adcs-issuer/templates/webhook-service.yaml b/charts/adcs-issuer/templates/webhook-service.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.controllerManager.enabledWebHooks  }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -10,4 +11,6 @@ spec:
     control-plane: controller-manager
   {{- include "chart.selectorLabels" . | nindent 4 }}
   ports:
-	{{- .Values.webhookService.ports | toYaml | nindent 2 -}}
+	{{- .Values.webhookService.ports | toYaml | nindent 2 -}}
+
+{{- end  }}
diff --git a/charts/adcs-issuer/values.yaml b/charts/adcs-issuer/values.yaml
@@ -1,26 +1,42 @@
-controllerManager:
-  manager:
-    image:
-      repository: djkormo/adcs-issuer
-      tag: latest
-    resources:
-      limits:
-        cpu: 100m
-        memory: 500Mi
-      requests:
-        cpu: 100m
-        memory: 100Mi
-  replicas: 1
-kubernetesClusterDomain: cluster.local
-metricsService:
-  ports:
-  - name: https
-    port: 8443
-    targetPort: https
-  type: ClusterIP
-webhookService:
-  ports:
-  - port: 443
-    targetPort: 9443
-  type: ClusterIP
-
+controllerManager:
+  manager:
+    image:
+      repository: djkormo/adcs-issuer
+      tag: latest
+    resources:
+      limits:
+        cpu: 100m
+        memory: 500Mi
+      requests:
+        cpu: 100m
+        memory: 100Mi
+
+  replicas: 1
+
+  environment:
+    KUBERNETES_CLUSTER_DOMAIN: cluster.local
+    ENABLE_WEBHOOKS: "false"
+    ENABLE_DEBUG: "false"
+  arguments:
+    - --enable-leader-election=true
+    - --cluster-resource-namespace=cert-manager
+    - --zap-log-level=5
+    - --disable-approved-check=false
+  securityContext:
+    runAsUser: 1000
+  enabledWebHooks: true
+  enabledCaCerts: true
+  caCertsSecretName: ca-certificates
+metricsService:
+  enabled: true
+  ports:
+  - name: https
+    port: 8443
+    targetPort: https
+  type: ClusterIP
+webhookService:
+  ports:
+  - port: 443
+    targetPort: 9443
+  type: ClusterIP
+