From 7defa90cdd64fad84764af9a95bc342760ea1fae Mon Sep 17 00:00:00 2001 From: Krzysztof Pudlowski Date: Fri, 17 Nov 2023 23:06:08 +0100 Subject: [PATCH] adding version 2.0.5 --- charts/adcs-issuer/Chart.yaml | 4 +- charts/adcs-issuer/templates/deployment.yaml | 119 +++++++++++------- .../mutating-webhook-configuration.yaml | 4 +- .../validating-webhook-configuration.yaml | 4 +- .../templates/webhook-service.yaml | 5 +- charts/adcs-issuer/values.yaml | 68 ++++++---- 6 files changed, 127 insertions(+), 77 deletions(-) diff --git a/charts/adcs-issuer/Chart.yaml b/charts/adcs-issuer/Chart.yaml index 24697db..d364d8b 100644 --- a/charts/adcs-issuer/Chart.yaml +++ b/charts/adcs-issuer/Chart.yaml @@ -13,10 +13,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.0.4 +version: 2.0.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "2.0.4" +appVersion: "2.0.5" diff --git a/charts/adcs-issuer/templates/deployment.yaml b/charts/adcs-issuer/templates/deployment.yaml index a91e123..d7ae790 100644 --- a/charts/adcs-issuer/templates/deployment.yaml +++ b/charts/adcs-issuer/templates/deployment.yaml @@ -1,46 +1,73 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "chart.fullname" . }}-controller-manager - labels: - control-plane: controller-manager - {{- include "chart.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.controllerManager.replicas }} - selector: - matchLabels: - control-plane: controller-manager - {{- include "chart.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - control-plane: controller-manager - {{- include "chart.selectorLabels" . | nindent 8 }} - spec: - containers: - - args: - - --enable-leader-election - command: - - /manager - env: - - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ .Values.kubernetesClusterDomain }} - image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag - | default .Chart.AppVersion }} - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 - }} - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - terminationGracePeriodSeconds: 10 - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert \ No newline at end of file +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "chart.fullname" . }}-controller-manager + labels: + control-plane: controller-manager + {{- include "chart.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.controllerManager.replicas }} + selector: + matchLabels: + control-plane: controller-manager + {{- include "chart.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: controller-manager + {{- include "chart.selectorLabels" . | nindent 8 }} + spec: + containers: + - args: + - --enable-leader-election=true + - --cluster-resource-namespace=${POD_NAMESPACE} + - --zap-log-level=5 + - --disable-approved-check=false + command: + - /manager + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ .Values.controllerManager.environment.KUBERNETES_CLUSTER_DOMAIN |quote}} + - name: ENABLE_WEBHOOKS + value: {{ .Values.controllerManager.environment.ENABLE_WEBHOOKS |quote }} + - name: ENABLE_DEBUG + value: {{ .Values.controllerManager.environment.ENABLE_DEBUG |quote }} + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + + image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag | default .Chart.AppVersion }} + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + resources: {{- toYaml .Values.controllerManager.manager.resources | nindent 10 }} + volumeMounts: + {{- if .Values.controllerManager.enabledWebHooks }} + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + {{- end }} + {{- if .Values.controllerManager.enabledCaCerts }} + - mountPath: /etc/ssl/certs/ca-certificates.crt + name: ca-certificates + subPath: ca-certificates.crt + readOnly: true + {{- end }} + terminationGracePeriodSeconds: 10 + volumes: + {{- if .Values.controllerManager.enabledWebHooks }} + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + {{- end }} + + {{- if .Values.controllerManager.enabledCaCerts }} + - name: ca-certificates + secret: + defaultMode: 420 + secretName: {{ .Values.controllerManager.caCertsSecretName| default "ca-certificates" }} + {{- end }} \ No newline at end of file diff --git a/charts/adcs-issuer/templates/mutating-webhook-configuration.yaml b/charts/adcs-issuer/templates/mutating-webhook-configuration.yaml index 886dc5a..e97c594 100644 --- a/charts/adcs-issuer/templates/mutating-webhook-configuration.yaml +++ b/charts/adcs-issuer/templates/mutating-webhook-configuration.yaml @@ -1,3 +1,4 @@ +{{- if .Values.controllerManager.enabledWebHooks }} apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -46,4 +47,5 @@ webhooks: - UPDATE resources: - clusteradcsissuers - sideEffects: None \ No newline at end of file + sideEffects: None +{{- end }} \ No newline at end of file diff --git a/charts/adcs-issuer/templates/validating-webhook-configuration.yaml b/charts/adcs-issuer/templates/validating-webhook-configuration.yaml index fb6af54..168c2d6 100644 --- a/charts/adcs-issuer/templates/validating-webhook-configuration.yaml +++ b/charts/adcs-issuer/templates/validating-webhook-configuration.yaml @@ -1,3 +1,4 @@ +{{- if .Values.controllerManager.enabledWebHooks }} apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: @@ -46,4 +47,5 @@ webhooks: - UPDATE resources: - clusteradcsissuers - sideEffects: None \ No newline at end of file + sideEffects: None +{{- end }} \ No newline at end of file diff --git a/charts/adcs-issuer/templates/webhook-service.yaml b/charts/adcs-issuer/templates/webhook-service.yaml index 82d3451..3764668 100644 --- a/charts/adcs-issuer/templates/webhook-service.yaml +++ b/charts/adcs-issuer/templates/webhook-service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.controllerManager.enabledWebHooks }} apiVersion: v1 kind: Service metadata: @@ -10,4 +11,6 @@ spec: control-plane: controller-manager {{- include "chart.selectorLabels" . | nindent 4 }} ports: - {{- .Values.webhookService.ports | toYaml | nindent 2 -}} \ No newline at end of file + {{- .Values.webhookService.ports | toYaml | nindent 2 -}} + +{{- end }} \ No newline at end of file diff --git a/charts/adcs-issuer/values.yaml b/charts/adcs-issuer/values.yaml index d3a17ab..1a2a618 100644 --- a/charts/adcs-issuer/values.yaml +++ b/charts/adcs-issuer/values.yaml @@ -1,26 +1,42 @@ -controllerManager: - manager: - image: - repository: djkormo/adcs-issuer - tag: latest - resources: - limits: - cpu: 100m - memory: 500Mi - requests: - cpu: 100m - memory: 100Mi - replicas: 1 -kubernetesClusterDomain: cluster.local -metricsService: - ports: - - name: https - port: 8443 - targetPort: https - type: ClusterIP -webhookService: - ports: - - port: 443 - targetPort: 9443 - type: ClusterIP - +controllerManager: + manager: + image: + repository: djkormo/adcs-issuer + tag: latest + resources: + limits: + cpu: 100m + memory: 500Mi + requests: + cpu: 100m + memory: 100Mi + + replicas: 1 + + environment: + KUBERNETES_CLUSTER_DOMAIN: cluster.local + ENABLE_WEBHOOKS: "false" + ENABLE_DEBUG: "false" + arguments: + - --enable-leader-election=true + - --cluster-resource-namespace=cert-manager + - --zap-log-level=5 + - --disable-approved-check=false + securityContext: + runAsUser: 1000 + enabledWebHooks: true + enabledCaCerts: true + caCertsSecretName: ca-certificates +metricsService: + enabled: true + ports: + - name: https + port: 8443 + targetPort: https + type: ClusterIP +webhookService: + ports: + - port: 443 + targetPort: 9443 + type: ClusterIP +