k8s/apps
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move certmanager-netcup

Browse Source
This commit is contained in:
Philip Haupt
2025-11-09 15:44:08 +01:00
parent 78aaf8be1e
commit 69af137e5e
7 changed files with 324 additions and 338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
certmanager-netcup/README.md
View File

@@ -1,5 +0,0 @@
# cert-manager webhook netcup
<https://github.com/aellwein/cert-manager-webhook-netcup>
das RoleBinding in rb.yaml muss manuell applyt werden.

7
certmanager-netcup/kustomization.yaml
View File

@@ -1,7 +0,0 @@
# argocd/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- main.yaml

315
certmanager-netcup/main.yaml
View File

@@ -1,315 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cert-manager-webhook-netcup:secret-reader
namespace: cert-manager
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:domain-solver
rules:
- apiGroups:
- com.netcup.webhook
resources:
- '*'
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:flowcontrol
rules:
- apiGroups:
- flowcontrol.apiserver.k8s.io
resources:
- flowschemas
- prioritylevelconfigurations
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cert-manager-webhook-netcup:secret-reader
namespace: cert-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cert-manager-webhook-netcup:secret-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook-netcup
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:webhook-authentication-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook-netcup
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook-netcup
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:domain-solver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-webhook-netcup:domain-solver
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:flowcontrol
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-webhook-netcup:flowcontrol
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook-netcup
namespace: cert-manager
---
apiVersion: v1
kind: Service
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup
namespace: cert-manager
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app: cert-manager-webhook-netcup
release: cert-manager-webhook-netcup
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup
namespace: cert-manager
spec:
replicas: null
selector:
matchLabels:
app: cert-manager-webhook-netcup
release: cert-manager-webhook-netcup
template:
metadata:
labels:
app: cert-manager-webhook-netcup
release: cert-manager-webhook-netcup
spec:
containers:
- args:
- --tls-cert-file=/tls/tls.crt
- --tls-private-key-file=/tls/tls.key
env:
- name: GROUP_NAME
value: com.netcup.webhook
image: ghcr.io/aellwein/cert-manager-webhook-netcup:1.0.34
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
name: cert-manager-webhook-netcup
ports:
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
resources: {}
volumeMounts:
- mountPath: /tls
name: certs
readOnly: true
serviceAccountName: cert-manager-webhook-netcup
volumes:
- name: certs
secret:
secretName: cert-manager-webhook-netcup-webhook-tls
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
cert-manager.io/inject-ca-from: cert-manager/cert-manager-webhook-netcup-webhook-tls
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: v1alpha1.com.netcup.webhook
spec:
group: com.netcup.webhook
groupPriorityMinimum: 1000
service:
name: cert-manager-webhook-netcup
namespace: cert-manager
version: v1alpha1
versionPriority: 15
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup-ca
namespace: cert-manager
spec:
commonName: ca.cert-manager-webhook-netcup.cert-manager
duration: 43800h
isCA: true
issuerRef:
name: cert-manager-webhook-netcup-selfsign
secretName: cert-manager-webhook-netcup-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup-webhook-tls
namespace: cert-manager
spec:
dnsNames:
- cert-manager-webhook-netcup
- cert-manager-webhook-netcup.cert-manager
- cert-manager-webhook-netcup.cert-manager.svc
duration: 8760h
issuerRef:
name: cert-manager-webhook-netcup-ca
secretName: cert-manager-webhook-netcup-webhook-tls
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup-ca
namespace: cert-manager
spec:
ca:
secretName: cert-manager-webhook-netcup-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup-selfsign
namespace: cert-manager
spec:
selfSigned: {}

11
certmanager-netcup/src/kustomization.yaml
View File

@@ -1,11 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
helmCharts:
- name: cert-manager-webhook-netcup
repo: https://aellwein.github.io/cert-manager-webhook-netcup/charts/
version: 1.0.34
releaseName: cert-manager-webhook-netcup
namespace: cert-manager
valuesFile: values.yaml

317
certmanager/main.yaml
View File

@@ -13141,6 +13141,17 @@ metadata:
name: cert-manager-webhook
namespace: cert-manager
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -13223,6 +13234,20 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: cert-manager-webhook-netcup:secret-reader
namespace: cert-manager
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: webhook
@@ -13942,6 +13967,43 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:domain-solver
rules:
- apiGroups:
- com.netcup.webhook
resources:
- '*'
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:flowcontrol
rules:
- apiGroups:
- flowcontrol.apiserver.k8s.io
resources:
- flowschemas
- prioritylevelconfigurations
verbs:
- list
- watch
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: webhook
@@ -14032,6 +14094,21 @@ subjects:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: cert-manager-webhook-netcup:secret-reader
namespace: cert-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cert-manager-webhook-netcup:secret-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook-netcup
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: webhook
@@ -14075,6 +14152,26 @@ subjects:
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:webhook-authentication-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook-netcup
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
@@ -14265,6 +14362,63 @@ subjects:
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook-netcup
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:domain-solver
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-webhook-netcup:domain-solver
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup:flowcontrol
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-webhook-netcup:flowcontrol
subjects:
- apiGroup: ""
kind: ServiceAccount
name: cert-manager-webhook-netcup
namespace: cert-manager
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: webhook
@@ -14362,6 +14516,27 @@ spec:
app.kubernetes.io/name: webhook
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup
namespace: cert-manager
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
app: cert-manager-webhook-netcup
release: cert-manager-webhook-netcup
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -14607,6 +14782,83 @@ spec:
type: RuntimeDefault
serviceAccountName: cert-manager-webhook
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup
namespace: cert-manager
spec:
replicas: null
selector:
matchLabels:
app: cert-manager-webhook-netcup
release: cert-manager-webhook-netcup
template:
metadata:
labels:
app: cert-manager-webhook-netcup
release: cert-manager-webhook-netcup
spec:
containers:
- args:
- --tls-cert-file=/tls/tls.crt
- --tls-private-key-file=/tls/tls.key
env:
- name: GROUP_NAME
value: com.netcup.webhook
image: ghcr.io/aellwein/cert-manager-webhook-netcup:1.0.34
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
name: cert-manager-webhook-netcup
ports:
- containerPort: 443
name: https
protocol: TCP
readinessProbe:
httpGet:
path: /healthz
port: https
scheme: HTTPS
resources: {}
volumeMounts:
- mountPath: /tls
name: certs
readOnly: true
serviceAccountName: cert-manager-webhook-netcup
volumes:
- name: certs
secret:
secretName: cert-manager-webhook-netcup-webhook-tls
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
cert-manager.io/inject-ca-from: cert-manager/cert-manager-webhook-netcup-webhook-tls
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: v1alpha1.com.netcup.webhook
spec:
group: com.netcup.webhook
groupPriorityMinimum: 1000
service:
name: cert-manager-webhook-netcup
namespace: cert-manager
version: v1alpha1
versionPriority: 15
---
apiVersion: batch/v1
kind: Job
metadata:
@@ -14667,6 +14919,71 @@ spec:
type: RuntimeDefault
serviceAccountName: cert-manager-startupapicheck
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup-ca
namespace: cert-manager
spec:
commonName: ca.cert-manager-webhook-netcup.cert-manager
duration: 43800h
isCA: true
issuerRef:
name: cert-manager-webhook-netcup-selfsign
secretName: cert-manager-webhook-netcup-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup-webhook-tls
namespace: cert-manager
spec:
dnsNames:
- cert-manager-webhook-netcup
- cert-manager-webhook-netcup.cert-manager
- cert-manager-webhook-netcup.cert-manager.svc
duration: 8760h
issuerRef:
name: cert-manager-webhook-netcup-ca
secretName: cert-manager-webhook-netcup-webhook-tls
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup-ca
namespace: cert-manager
spec:
ca:
secretName: cert-manager-webhook-netcup-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
app: cert-manager-webhook-netcup
chart: cert-manager-webhook-netcup-1.0.34
heritage: Helm
release: cert-manager-webhook-netcup
name: cert-manager-webhook-netcup-selfsign
namespace: cert-manager
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:

7
certmanager/src/kustomization.yaml
View File

@@ -9,3 +9,10 @@ helmCharts:
releaseName: cert-manager
namespace: cert-manager
valuesFile: values.yaml
- name: cert-manager-webhook-netcup
repo: https://aellwein.github.io/cert-manager-webhook-netcup/charts/
version: 1.0.34
releaseName: cert-manager-webhook-netcup
namespace: cert-manager
valuesFile: values-netcup.yaml

0
certmanager-netcup/src/values.yaml → certmanager/src/values-netcup.yaml
View File