clean cert-manager

certmanager/src/ca.yaml

@@ -1,7 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: ca-issuer
-spec:
-  ca:
-    secretName: ca-key-pair

certmanager/src/charts/cert-manager-1.17.0/cert-manager/Chart.yaml

@@ -1,26 +0,0 @@
-annotations:
-  artifacthub.io/category: security
-  artifacthub.io/license: Apache-2.0
-  artifacthub.io/prerelease: "false"
-  artifacthub.io/signKey: |
-    fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E
-    url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg
-apiVersion: v2
-appVersion: v1.17.0
-description: A Helm chart for cert-manager
-home: https://cert-manager.io
-icon: https://raw.githubusercontent.com/cert-manager/community/4d35a69437d21b76322157e6284be4cd64e6d2b7/logo/logo-small.png
-keywords:
-- cert-manager
-- kube-lego
-- letsencrypt
-- tls
-kubeVersion: '>= 1.22.0-0'
-maintainers:
-- email: cert-manager-maintainers@googlegroups.com
-  name: cert-manager-maintainers
-  url: https://cert-manager.io
-name: cert-manager
-sources:
-- https://github.com/cert-manager/cert-manager
-version: v1.17.0

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/NOTES.txt

@@ -1,18 +0,0 @@
-{{- if .Values.installCRDs }}
-⚠️  WARNING: `installCRDs` is deprecated, use `crds.enabled` instead.
-{{- end }}
-cert-manager {{ .Chart.AppVersion }} has been deployed successfully!
-
-In order to begin issuing certificates, you will need to set up a ClusterIssuer
-or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).
-
-More information on the different types of issuers and how to configure them
-can be found in our documentation:
-
-https://cert-manager.io/docs/configuration/
-
-For information on how to configure cert-manager to automatically provision
-Certificates for Ingress resources, take a look at the `ingress-shim`
-documentation:
-
-https://cert-manager.io/docs/usage/ingress/

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/_helpers.tpl

@@ -1,202 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "cert-manager.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-*/}}
-{{- define "cert-manager.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "cert-manager.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "cert-manager.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Webhook templates
-*/}}
-
-{{/*
-Expand the name of the chart.
-Manually fix the 'app' and 'name' labels to 'webhook' to maintain
-compatibility with the v0.9 deployment selector.
-*/}}
-{{- define "webhook.name" -}}
-{{- printf "webhook" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "webhook.fullname" -}}
-{{- $trimmedName := printf "%s" (include "cert-manager.fullname" .) | trunc 55 | trimSuffix "-" -}}
-{{- printf "%s-webhook" $trimmedName | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{- define "webhook.caRef" -}}
-{{- template "cert-manager.namespace" }}/{{ template "webhook.fullname" . }}-ca
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "webhook.serviceAccountName" -}}
-{{- if .Values.webhook.serviceAccount.create -}}
-    {{ default (include "webhook.fullname" .) .Values.webhook.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.webhook.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-cainjector templates
-*/}}
-
-{{/*
-Expand the name of the chart.
-Manually fix the 'app' and 'name' labels to 'cainjector' to maintain
-compatibility with the v0.9 deployment selector.
-*/}}
-{{- define "cainjector.name" -}}
-{{- printf "cainjector" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "cainjector.fullname" -}}
-{{- $trimmedName := printf "%s" (include "cert-manager.fullname" .) | trunc 52 | trimSuffix "-" -}}
-{{- printf "%s-cainjector" $trimmedName | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "cainjector.serviceAccountName" -}}
-{{- if .Values.cainjector.serviceAccount.create -}}
-    {{ default (include "cainjector.fullname" .) .Values.cainjector.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.cainjector.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-startupapicheck templates
-*/}}
-
-{{/*
-Expand the name of the chart.
-Manually fix the 'app' and 'name' labels to 'startupapicheck' to maintain
-compatibility with the v0.9 deployment selector.
-*/}}
-{{- define "startupapicheck.name" -}}
-{{- printf "startupapicheck" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "startupapicheck.fullname" -}}
-{{- $trimmedName := printf "%s" (include "cert-manager.fullname" .) | trunc 52 | trimSuffix "-" -}}
-{{- printf "%s-startupapicheck" $trimmedName | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "startupapicheck.serviceAccountName" -}}
-{{- if .Values.startupapicheck.serviceAccount.create -}}
-    {{ default (include "startupapicheck.fullname" .) .Values.startupapicheck.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.startupapicheck.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "chartName" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Labels that should be added on each resource
-*/}}
-{{- define "labels" -}}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- if eq .Values.creator "helm" }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-helm.sh/chart: {{ include "chartName" . }}
-{{- end -}}
-{{- if .Values.global.commonLabels}}
-{{ toYaml .Values.global.commonLabels }}
-{{- end }}
-{{- end -}}
-
-{{/*
-Namespace for all resources to be installed into
-If not defined in values file then the helm release namespace is used
-By default this is not set so the helm release namespace will be used
-
-This gets around an problem within helm discussed here
-https://github.com/helm/helm/issues/5358
-*/}}
-{{- define "cert-manager.namespace" -}}
-    {{ .Values.namespace | default .Release.Namespace }}
-{{- end -}}
-
-{{/*
-Util function for generating the image URL based on the provided options.
-IMPORTANT: This function is standardized across all charts in the cert-manager GH organization.
-Any changes to this function should also be made in cert-manager, trust-manager, approver-policy, ...
-See https://github.com/cert-manager/cert-manager/issues/6329 for a list of linked PRs.
-*/}}
-{{- define "image" -}}
-{{- $defaultTag := index . 1 -}}
-{{- with index . 0 -}}
-{{- if .registry -}}{{ printf "%s/%s" .registry .repository }}{{- else -}}{{- .repository -}}{{- end -}}
-{{- if .digest -}}{{ printf "@%s" .digest }}{{- else -}}{{ printf ":%s" (default $defaultTag .tag) }}{{- end -}}
-{{- end }}
-{{- end }}
-
-{{/*
-Check that the user has not set both .installCRDs and .crds.enabled or
-set .installCRDs and disabled .crds.keep.
-.installCRDs is deprecated and users should use .crds.enabled and .crds.keep instead.
-*/}}
-{{- define "cert-manager.crd-check" -}}
-  {{- if and (.Values.installCRDs) (.Values.crds.enabled) }}
-    {{- fail "ERROR: the deprecated .installCRDs option cannot be enabled at the same time as its replacement .crds.enabled" }}
-  {{- end }}
-  {{- if and (.Values.installCRDs) (not .Values.crds.keep) }}
-    {{- fail "ERROR: .crds.keep is not compatible with .installCRDs, please use .crds.enabled and .crds.keep instead" }}
-  {{- end }}
-{{- end -}}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/cainjector-config.yaml

@@ -1,19 +0,0 @@
-{{- if .Values.cainjector.config -}}
-{{- $config := .Values.cainjector.config -}}
-{{- $_ := set $config "apiVersion" (default "cainjector.config.cert-manager.io/v1alpha1" $config.apiVersion) -}}
-{{- $_ := set $config "kind" (default "CAInjectorConfiguration" $config.kind) -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "cainjector.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-data:
-  config.yaml: |
-    {{- $config | toYaml | nindent 4 }}
-{{- end -}}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/cainjector-deployment.yaml

@@ -1,166 +0,0 @@
-{{- if .Values.cainjector.enabled }}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "cainjector.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-  {{- with .Values.cainjector.deploymentAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  replicas: {{ .Values.cainjector.replicaCount }}
-  {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}}
-  {{- if not (has (quote .Values.global.revisionHistoryLimit) (list "" (quote ""))) }}
-  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
-  {{- end }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "cainjector.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/component: "cainjector"
-  {{- with .Values.cainjector.strategy }}
-  strategy:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "cainjector.name" . }}
-        app.kubernetes.io/name: {{ include "cainjector.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/component: "cainjector"
-        {{- include "labels" . | nindent 8 }}
-        {{- with .Values.cainjector.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.cainjector.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- if and .Values.prometheus.enabled (not (or .Values.prometheus.servicemonitor.enabled .Values.prometheus.podmonitor.enabled)) }}
-      {{- if not .Values.cainjector.podAnnotations }}
-      annotations:
-      {{- end }}
-        prometheus.io/path: "/metrics"
-        prometheus.io/scrape: 'true'
-        prometheus.io/port: '9402'
-      {{- end }}
-    spec:
-      {{- if not .Values.cainjector.serviceAccount.create }}
-      {{- with .Values.global.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- end }}
-      serviceAccountName: {{ template "cainjector.serviceAccountName" . }}
-      {{- if hasKey .Values.cainjector "automountServiceAccountToken" }}
-      automountServiceAccountToken: {{ .Values.cainjector.automountServiceAccountToken }}
-      {{- end }}
-      enableServiceLinks: {{ .Values.cainjector.enableServiceLinks }}
-      {{- with .Values.global.priorityClassName }}
-      priorityClassName: {{ . | quote }}
-      {{- end }}
-      {{- with .Values.cainjector.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}-cainjector
-          image: "{{ template "image" (tuple .Values.cainjector.image $.Chart.AppVersion) }}"
-          imagePullPolicy: {{ .Values.cainjector.image.pullPolicy }}
-          args:
-          {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}}
-          {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }}
-          - --v={{ .Values.global.logLevel }}
-          {{- end }}
-          {{- if .Values.cainjector.config }}
-          - --config=/var/cert-manager/config/config.yaml
-          {{- end }}
-          {{- with .Values.global.leaderElection }}
-          - --leader-election-namespace={{ .namespace }}
-          {{- if .leaseDuration }}
-          - --leader-election-lease-duration={{ .leaseDuration }}
-          {{- end }}
-          {{- if .renewDeadline }}
-          - --leader-election-renew-deadline={{ .renewDeadline }}
-          {{- end }}
-          {{- if .retryPeriod }}
-          - --leader-election-retry-period={{ .retryPeriod }}
-          {{- end }}
-          {{- end }}
-          {{- with .Values.cainjector.featureGates}}
-          - --feature-gates={{ . }}
-          {{- end}}
-          {{- with .Values.cainjector.extraArgs }}
-          {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- if not .Values.prometheus.enabled }}
-          - --metrics-listen-address=0
-          {{- end }}
-          {{- if .Values.prometheus.enabled }}
-          ports:
-          - containerPort: 9402
-            name: http-metrics
-            protocol: TCP
-          {{- end }}
-          env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          {{- with .Values.cainjector.extraEnv }}
-          {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- with .Values.cainjector.containerSecurityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.cainjector.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- if or .Values.cainjector.config .Values.cainjector.volumeMounts }}
-          volumeMounts:
-            {{- if .Values.cainjector.config }}
-            - name: config
-              mountPath: /var/cert-manager/config
-            {{- end }}
-            {{- with .Values.cainjector.volumeMounts }}
-            {{- toYaml . | nindent 12 }}
-            {{- end }}
-          {{- end }}
-      {{- with .Values.cainjector.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.cainjector.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.cainjector.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with  .Values.cainjector.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- if or .Values.cainjector.volumes .Values.cainjector.config }}
-      volumes:
-        {{- if .Values.cainjector.config }}
-        - name: config
-          configMap:
-            name: {{ include "cainjector.fullname" . }}
-        {{- end }}
-        {{ with .Values.cainjector.volumes }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/cainjector-poddisruptionbudget.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.cainjector.podDisruptionBudget.enabled }}
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ include "cainjector.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "cainjector.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/component: "cainjector"
-
-  {{- if not (or (hasKey .Values.cainjector.podDisruptionBudget "minAvailable") (hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable")) }}
-  minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set
-  {{- end }}
-  {{- if hasKey .Values.cainjector.podDisruptionBudget "minAvailable" }}
-  minAvailable: {{ .Values.cainjector.podDisruptionBudget.minAvailable }}
-  {{- end }}
-  {{- if hasKey .Values.cainjector.podDisruptionBudget "maxUnavailable" }}
-  maxUnavailable: {{ .Values.cainjector.podDisruptionBudget.maxUnavailable }}
-  {{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/cainjector-psp-clusterrole.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.cainjector.enabled }}
-{{- if .Values.global.podSecurityPolicy.enabled }}
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ template "cainjector.fullname" . }}-psp
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-rules:
-- apiGroups: ['policy']
-  resources: ['podsecuritypolicies']
-  verbs:     ['use']
-  resourceNames:
-  - {{ template "cainjector.fullname" . }}
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/cainjector-psp-clusterrolebinding.yaml

@@ -1,22 +0,0 @@
-{{- if .Values.cainjector.enabled }}
-{{- if .Values.global.podSecurityPolicy.enabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cainjector.fullname" . }}-psp
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cainjector.fullname" . }}-psp
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "cainjector.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/cainjector-psp.yaml

@@ -1,51 +0,0 @@
-{{- if .Values.cainjector.enabled }}
-{{- if .Values.global.podSecurityPolicy.enabled }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ template "cainjector.fullname" . }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
-    {{- if .Values.global.podSecurityPolicy.useAppArmor }}
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
-    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
-    {{- end }}
-spec:
-  privileged: false
-  allowPrivilegeEscalation: false
-  allowedCapabilities: []  # default set of capabilities are implicitly allowed
-  volumes:
-  - 'configMap'
-  - 'emptyDir'
-  - 'projected'
-  - 'secret'
-  - 'downwardAPI'
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/cainjector-rbac.yaml

@@ -1,156 +0,0 @@
-{{- if .Values.cainjector.enabled }}
-{{- if .Values.global.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cainjector.fullname" . }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["get", "create", "update", "patch"]
-  - apiGroups: ["admissionregistration.k8s.io"]
-    resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-  - apiGroups: ["apiregistration.k8s.io"]
-    resources: ["apiservices"]
-    verbs: ["get", "list", "watch", "update", "patch"]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ["get", "list", "watch", "update", "patch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cainjector.fullname" . }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cainjector.fullname" . }}
-subjects:
-  - name: {{ template "cainjector.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-    kind: ServiceAccount
-
----
-# leader election rules
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "cainjector.fullname" . }}:leaderelection
-  namespace: {{ .Values.global.leaderElection.namespace }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  # Used for leader election by the controller
-  # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller
-  #   see cmd/cainjector/start.go#L113
-  # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller
-  #   see cmd/cainjector/start.go#L137
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
-    verbs: ["get", "update", "patch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["create"]
-
----
-
-# grant cert-manager permission to manage the leaderelection configmap in the
-# leader election namespace
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "cainjector.fullname" . }}:leaderelection
-  namespace: {{ .Values.global.leaderElection.namespace }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "cainjector.fullname" . }}:leaderelection
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "cainjector.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}
-{{- end }}
-{{- $certmanagerNamespace := include "cert-manager.namespace" . }}
-{{- if (.Values.cainjector.config.metricsTLSConfig).dynamic }}
-{{- if $certmanagerNamespace | eq .Values.cainjector.config.metricsTLSConfig.dynamic.secretNamespace }}
-
----
-
-# Metrics server dynamic TLS serving certificate rules
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "cainjector.fullname" . }}:dynamic-serving
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: [""]
-    resources: ["secrets"]
-    resourceNames:
-    # Allow cainjector to read and update the metrics CA Secret when dynamic TLS is
-    # enabled for the metrics server and if the Secret is configured to be in the
-    # same namespace as cert-manager.
-    - {{ .Values.cainjector.config.metricsTLSConfig.dynamic.secretName | quote }}
-    verbs: ["get", "list", "watch", "update"]
-  # It's not possible to grant CREATE permission on a single resourceName.
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["create"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "cainjector.fullname" . }}:dynamic-serving
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "cainjector.fullname" . }}:dynamic-serving
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "cainjector.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/cainjector-service.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.cainjector.enabled }}
-{{- if and .Values.prometheus.enabled (not .Values.prometheus.podmonitor.enabled) }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "cainjector.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-{{- with .Values.cainjector.serviceAnnotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-    {{- with .Values.cainjector.serviceLabels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  type: ClusterIP
-  ports:
-  - protocol: TCP
-    port: 9402
-    name: http-metrics
-  selector:
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/cainjector-serviceaccount.yaml

@@ -1,27 +0,0 @@
-{{- if .Values.cainjector.enabled }}
-{{- if .Values.cainjector.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: {{ .Values.cainjector.serviceAccount.automountServiceAccountToken }}
-metadata:
-  name: {{ template "cainjector.serviceAccountName" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  {{- with .Values.cainjector.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  labels:
-    app: {{ include "cainjector.name" . }}
-    app.kubernetes.io/name: {{ include "cainjector.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cainjector"
-    {{- include "labels" . | nindent 4 }}
-    {{- with .Values.cainjector.serviceAccount.labels }}
-      {{ toYaml . | nindent 4 }}
-    {{- end }}
-{{- with .Values.global.imagePullSecrets }}
-imagePullSecrets:
-  {{- toYaml . | nindent 2 }}
-{{- end }}
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/controller-config.yaml

@@ -1,19 +0,0 @@
-{{- if .Values.config -}}
-{{- $config := .Values.config -}}
-{{- $_ := set $config "apiVersion" (default "controller.config.cert-manager.io/v1alpha1" $config.apiVersion) -}}
-{{- $_ := set $config "kind" (default "ControllerConfiguration" $config.kind) -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "cert-manager.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-data:
-  config.yaml: |
-    {{- $config | toYaml | nindent 4 }}
-{{- end -}}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/deployment.yaml

@@ -1,237 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ template "cert-manager.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ template "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ template "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-  {{- with .Values.deploymentAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}}
-  {{- if not (has (quote .Values.global.revisionHistoryLimit) (list "" (quote ""))) }}
-  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
-  {{- end }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ template "cert-manager.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/component: "controller"
-  {{- with .Values.strategy }}
-  strategy:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "cert-manager.name" . }}
-        app.kubernetes.io/name: {{ template "cert-manager.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/component: "controller"
-        {{- include "labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- if and .Values.prometheus.enabled (not (or .Values.prometheus.servicemonitor.enabled .Values.prometheus.podmonitor.enabled)) }}
-      {{- if not .Values.podAnnotations }}
-      annotations:
-      {{- end }}
-        prometheus.io/path: "/metrics"
-        prometheus.io/scrape: 'true'
-        prometheus.io/port: '9402'
-      {{- end }}
-    spec:
-      {{- if not .Values.serviceAccount.create }}
-      {{- with .Values.global.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- end }}
-      serviceAccountName: {{ template "cert-manager.serviceAccountName" . }}
-      {{- if hasKey .Values "automountServiceAccountToken" }}
-      automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
-      {{- end }}
-      enableServiceLinks: {{ .Values.enableServiceLinks }}
-      {{- with .Values.global.priorityClassName }}
-      priorityClassName: {{ . | quote }}
-      {{- end }}
-      {{- with .Values.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- if or .Values.volumes .Values.config}}
-      volumes:
-        {{- if .Values.config }}
-        - name: config 
-          configMap: 
-            name: {{ include "cert-manager.fullname" . }}
-        {{- end }}
-        {{ with .Values.volumes }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}-controller
-          image: "{{ template "image" (tuple .Values.image $.Chart.AppVersion) }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-          {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}}
-          {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }}
-          - --v={{ .Values.global.logLevel }}
-          {{- end }}
-          {{- if .Values.config }}
-          - --config=/var/cert-manager/config/config.yaml
-          {{- end }}
-          {{- $config := default .Values.config "" }}
-          {{- if .Values.clusterResourceNamespace }}
-          - --cluster-resource-namespace={{ .Values.clusterResourceNamespace }}
-          {{- else }}
-          - --cluster-resource-namespace=$(POD_NAMESPACE)
-          {{- end }}
-          {{- with .Values.global.leaderElection }}
-          - --leader-election-namespace={{ .namespace }}
-          {{- if .leaseDuration }}
-          - --leader-election-lease-duration={{ .leaseDuration }}
-          {{- end }}
-          {{- if .renewDeadline }}
-          - --leader-election-renew-deadline={{ .renewDeadline }}
-          {{- end }}
-          {{- if .retryPeriod }}
-          - --leader-election-retry-period={{ .retryPeriod }}
-          {{- end }}
-          {{- end }}
-          {{- with .Values.acmesolver.image }}
-          - --acme-http01-solver-image={{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}
-          {{- end }}
-          {{- with .Values.extraArgs }}
-          {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- with .Values.ingressShim }}
-          {{- if .defaultIssuerName }}
-          - --default-issuer-name={{ .defaultIssuerName }}
-          {{- end }}
-          {{- if .defaultIssuerKind }}
-          - --default-issuer-kind={{ .defaultIssuerKind }}
-          {{- end }}
-          {{- if .defaultIssuerGroup }}
-          - --default-issuer-group={{ .defaultIssuerGroup }}
-          {{- end }}
-          {{- end }}
-          {{- if .Values.featureGates }}
-          - --feature-gates={{ .Values.featureGates }}
-          {{- end }}
-          {{- if .Values.maxConcurrentChallenges }}
-          - --max-concurrent-challenges={{ .Values.maxConcurrentChallenges }}
-          {{- end }}
-          {{- if .Values.enableCertificateOwnerRef }}
-          - --enable-certificate-owner-ref=true
-          {{- end }}
-          {{- if .Values.dns01RecursiveNameserversOnly }}
-          - --dns01-recursive-nameservers-only=true
-          {{- end }}
-          {{- with .Values.dns01RecursiveNameservers }}
-          - --dns01-recursive-nameservers={{ . }}
-          {{- end }}
-          {{- if .Values.disableAutoApproval }}
-          - --controllers=-certificaterequests-approver
-          {{- end }}
-          ports:
-          - containerPort: 9402
-            name: http-metrics
-            protocol: TCP
-          - containerPort: 9403
-            name: http-healthz
-            protocol: TCP
-          {{- with .Values.containerSecurityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- if or .Values.config .Values.volumeMounts }}
-          volumeMounts:
-            {{- if .Values.config }}
-            - name: config 
-              mountPath: /var/cert-manager/config
-            {{- end }}
-            {{- with .Values.volumeMounts }}
-            {{- toYaml . | nindent 12 }}
-            {{- end }}
-          {{- end }}
-          env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          {{- with .Values.extraEnv }}
-          {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- with .Values.http_proxy }}
-          - name: HTTP_PROXY
-            value: {{ . }}
-          {{- end }}
-          {{- with .Values.https_proxy }}
-          - name: HTTPS_PROXY
-            value: {{ . }}
-          {{- end }}
-          {{- with .Values.no_proxy }}
-          - name: NO_PROXY
-            value: {{ . }}
-          {{- end }}
-          {{- with .Values.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-
-          {{- with .Values.livenessProbe }}
-          {{- if .enabled }}
-          # LivenessProbe settings are based on those used for the Kubernetes
-          # controller-manager. See:
-          # https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245
-          livenessProbe:
-            httpGet:
-              port: http-healthz
-              path: /livez
-              scheme: HTTP
-            initialDelaySeconds: {{ .initialDelaySeconds }}
-            periodSeconds: {{ .periodSeconds }}
-            timeoutSeconds: {{ .timeoutSeconds }}
-            successThreshold: {{ .successThreshold }}
-            failureThreshold: {{ .failureThreshold }}
-          {{- end }}
-          {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with  .Values.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.podDnsPolicy }}
-      dnsPolicy: {{ . }}
-      {{- end }}
-      {{- with .Values.podDnsConfig }}
-      dnsConfig:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.hostAliases }}
-      hostAliases: {{ toYaml . | nindent 8 }}
-      {{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/extras-objects.yaml

@@ -1,4 +0,0 @@
-{{ range .Values.extraObjects }}
----
-{{ tpl . $ }}
-{{ end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/networkpolicy-egress.yaml

@@ -1,19 +0,0 @@
-{{- if .Values.webhook.networkPolicy.enabled }}
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ template "webhook.fullname" . }}-allow-egress
-  namespace: {{ include "cert-manager.namespace" . }}
-spec:
-  egress:
-    {{- with .Values.webhook.networkPolicy.egress }}
-      {{- toYaml . | nindent 2 }}
-    {{- end }}
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "webhook.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/component: "webhook"
-  policyTypes:
-  - Egress
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/networkpolicy-webhooks.yaml

@@ -1,21 +0,0 @@
-{{- if .Values.webhook.networkPolicy.enabled }}
-
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: {{ template "webhook.fullname" . }}-allow-ingress
-  namespace: {{ include "cert-manager.namespace" . }}
-spec:
-  ingress:
-    {{- with .Values.webhook.networkPolicy.ingress }}
-      {{- toYaml . | nindent 2 }}
-    {{- end }}
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "webhook.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/component: "webhook"
-  policyTypes:
-  - Ingress
-
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/poddisruptionbudget.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.podDisruptionBudget.enabled }}
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ include "cert-manager.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/component: "controller"
-
-  {{- if not (or (hasKey .Values.podDisruptionBudget "minAvailable") (hasKey .Values.podDisruptionBudget "maxUnavailable")) }}
-  minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set
-  {{- end }}
-  {{- if hasKey .Values.podDisruptionBudget "minAvailable" }}
-  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
-  {{- end }}
-  {{- if hasKey .Values.podDisruptionBudget "maxUnavailable" }}
-  maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
-  {{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/podmonitor.yaml

@@ -1,63 +0,0 @@
-{{- if and .Values.prometheus.enabled (and .Values.prometheus.podmonitor.enabled .Values.prometheus.servicemonitor.enabled) }}
-{{- fail "Either .Values.prometheus.podmonitor.enabled or .Values.prometheus.servicemonitor.enabled can be enabled at a time, but not both." }}
-{{- else if and .Values.prometheus.enabled .Values.prometheus.podmonitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  name: {{ template "cert-manager.fullname" . }}
-{{- if .Values.prometheus.podmonitor.namespace }}
-  namespace: {{ .Values.prometheus.podmonitor.namespace }}
-{{- else }}
-  namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-    prometheus: {{ .Values.prometheus.podmonitor.prometheusInstance }}
-    {{- with .Values.prometheus.podmonitor.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- if .Values.prometheus.podmonitor.annotations }}
-  annotations:
-    {{- with .Values.prometheus.podmonitor.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- end }}
-spec:
-  jobLabel: {{ template "cert-manager.fullname" . }}
-  selector:
-    matchExpressions:
-      - key: app.kubernetes.io/name
-        operator: In
-        values:
-        - {{ include "cainjector.name" . }}
-        - {{ template "cert-manager.name" . }}
-        - {{ include "webhook.name" . }}
-      - key: app.kubernetes.io/instance
-        operator: In
-        values:
-        - {{ .Release.Name }}
-      - key: app.kubernetes.io/component
-        operator: In
-        values:
-        - cainjector
-        - controller
-        - webhook
-{{- if .Values.prometheus.podmonitor.namespace }}
-  namespaceSelector:
-    matchNames:
-      - {{ include "cert-manager.namespace" . }}
-{{- end }}
-  podMetricsEndpoints:
-    - port: http-metrics
-      path: {{ .Values.prometheus.podmonitor.path }}
-      interval: {{ .Values.prometheus.podmonitor.interval }}
-      scrapeTimeout: {{ .Values.prometheus.podmonitor.scrapeTimeout }}
-      honorLabels: {{ .Values.prometheus.podmonitor.honorLabels }}
-      {{- with .Values.prometheus.podmonitor.endpointAdditionalProperties }}
-      {{- toYaml . | nindent 6 }}
-      {{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/psp-clusterrole.yaml

@@ -1,18 +0,0 @@
-{{- if .Values.global.podSecurityPolicy.enabled }}
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-psp
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-rules:
-- apiGroups: ['policy']
-  resources: ['podsecuritypolicies']
-  verbs:     ['use']
-  resourceNames:
-  - {{ template "cert-manager.fullname" . }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/psp-clusterrolebinding.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.global.podSecurityPolicy.enabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-psp
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cert-manager.fullname" . }}-psp
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/psp.yaml

@@ -1,49 +0,0 @@
-{{- if .Values.global.podSecurityPolicy.enabled }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ template "cert-manager.fullname" . }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
-    {{- if .Values.global.podSecurityPolicy.useAppArmor }}
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
-    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
-    {{- end }}
-spec:
-  privileged: false
-  allowPrivilegeEscalation: false
-  allowedCapabilities: []  # default set of capabilities are implicitly allowed
-  volumes:
-  - 'configMap'
-  - 'emptyDir'
-  - 'projected'
-  - 'secret'
-  - 'downwardAPI'
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/rbac.yaml

@@ -1,617 +0,0 @@
-{{- if .Values.global.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "cert-manager.fullname" . }}:leaderelection
-  namespace: {{ .Values.global.leaderElection.namespace }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    resourceNames: ["cert-manager-controller"]
-    verbs: ["get", "update", "patch"]
-  - apiGroups: ["coordination.k8s.io"]
-    resources: ["leases"]
-    verbs: ["create"]
-
----
-
-# grant cert-manager permission to manage the leaderelection configmap in the
-# leader election namespace
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "cert-manager.fullname" . }}:leaderelection
-  namespace: {{ .Values.global.leaderElection.namespace }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "cert-manager.fullname" . }}:leaderelection
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-
----
-
-{{- if .Values.serviceAccount.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "cert-manager.serviceAccountName" . }}-tokenrequest
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: [""]
-    resources: ["serviceaccounts/token"]
-    resourceNames: ["{{ template "cert-manager.serviceAccountName" . }}"]
-    verbs: ["create"]
-
----
-
-# grant cert-manager permission to create tokens for the serviceaccount
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "cert-manager.fullname" . }}-{{ template "cert-manager.serviceAccountName" .  }}-tokenrequest
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "cert-manager.serviceAccountName" . }}-tokenrequest
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}
-
----
-
-# Issuer controller role
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-issuers
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["issuers", "issuers/status"]
-    verbs: ["update", "patch"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["issuers"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch", "create", "update", "delete"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
----
-
-# ClusterIssuer controller role
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-clusterissuers
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["clusterissuers", "clusterissuers/status"]
-    verbs: ["update", "patch"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["clusterissuers"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch", "create", "update", "delete"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
-
----
-
-# Certificates controller role
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-certificates
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
-    verbs: ["update", "patch"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"]
-    verbs: ["get", "list", "watch"]
-  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
-  # admission controller enabled:
-  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates/finalizers", "certificaterequests/finalizers"]
-    verbs: ["update"]
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["orders"]
-    verbs: ["create", "delete", "get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
-
----
-
-# Orders controller role
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-orders
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["orders", "orders/status"]
-    verbs: ["update", "patch"]
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["orders", "challenges"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["clusterissuers", "issuers"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["challenges"]
-    verbs: ["create", "delete"]
-  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
-  # admission controller enabled:
-  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["orders/finalizers"]
-    verbs: ["update"]
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
-
----
-
-# Challenges controller role
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-challenges
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  # Use to update challenge resource status
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["challenges", "challenges/status"]
-    verbs: ["update", "patch"]
-  # Used to watch challenge resources
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["challenges"]
-    verbs: ["get", "list", "watch"]
-  # Used to watch challenges, issuer and clusterissuer resources
-  - apiGroups: ["cert-manager.io"]
-    resources: ["issuers", "clusterissuers"]
-    verbs: ["get", "list", "watch"]
-  # Need to be able to retrieve ACME account private key to complete challenges
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch"]
-  # Used to create events
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
-  # HTTP01 rules
-  - apiGroups: [""]
-    resources: ["pods", "services"]
-    verbs: ["get", "list", "watch", "create", "delete"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get", "list", "watch", "create", "delete", "update"]
-  - apiGroups: [ "gateway.networking.k8s.io" ]
-    resources: [ "httproutes" ]
-    verbs: ["get", "list", "watch", "create", "delete", "update"]
-  # We require the ability to specify a custom hostname when we are creating
-  # new ingress resources.
-  # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148
-  - apiGroups: ["route.openshift.io"]
-    resources: ["routes/custom-host"]
-    verbs: ["create"]
-  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
-  # admission controller enabled:
-  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["challenges/finalizers"]
-    verbs: ["update"]
-  # DNS01 rules (duplicated above)
-  - apiGroups: [""]
-    resources: ["secrets"]
-    verbs: ["get", "list", "watch"]
-
----
-
-# ingress-shim controller role
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-ingress-shim
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates", "certificaterequests"]
-    verbs: ["create", "update", "delete"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses"]
-    verbs: ["get", "list", "watch"]
-  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
-  # admission controller enabled:
-  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
-  - apiGroups: ["networking.k8s.io"]
-    resources: ["ingresses/finalizers"]
-    verbs: ["update"]
-  - apiGroups: ["gateway.networking.k8s.io"]
-    resources: ["gateways", "httproutes"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["gateway.networking.k8s.io"]
-    resources: ["gateways/finalizers", "httproutes/finalizers"]
-    verbs: ["update"]
-  - apiGroups: [""]
-    resources: ["events"]
-    verbs: ["create", "patch"]
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-issuers
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cert-manager.fullname" . }}-controller-issuers
-subjects:
-  - name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-    kind: ServiceAccount
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-clusterissuers
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cert-manager.fullname" . }}-controller-clusterissuers
-subjects:
-  - name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-    kind: ServiceAccount
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-certificates
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cert-manager.fullname" . }}-controller-certificates
-subjects:
-  - name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-    kind: ServiceAccount
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-orders
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cert-manager.fullname" . }}-controller-orders
-subjects:
-  - name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-    kind: ServiceAccount
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-challenges
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cert-manager.fullname" . }}-controller-challenges
-subjects:
-  - name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-    kind: ServiceAccount
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-ingress-shim
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cert-manager.fullname" . }}-controller-ingress-shim
-subjects:
-  - name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-    kind: ServiceAccount
-
-{{- if .Values.global.rbac.aggregateClusterRoles }}
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-cluster-view
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-    rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["clusterissuers"]
-    verbs: ["get", "list", "watch"]
-
-{{- end }}
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-view
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-    {{- if .Values.global.rbac.aggregateClusterRoles }}
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
-    {{- end }}
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates", "certificaterequests", "issuers"]
-    verbs: ["get", "list", "watch"]
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["challenges", "orders"]
-    verbs: ["get", "list", "watch"]
-
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-edit
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-    {{- if .Values.global.rbac.aggregateClusterRoles }}
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-    {{- end }}
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates", "certificaterequests", "issuers"]
-    verbs: ["create", "delete", "deletecollection", "patch", "update"]
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificates/status"]
-    verbs: ["update"]
-  - apiGroups: ["acme.cert-manager.io"]
-    resources: ["challenges", "orders"]
-    verbs: ["create", "delete", "deletecollection", "patch", "update"]
-
----
-
-{{- if not .Values.disableAutoApproval -}}
-
-# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-approve:cert-manager-io
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cert-manager"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["signers"]
-    verbs: ["approve"]
-    {{- with .Values.approveSignerNames }}
-    resourceNames:
-    {{- range . }}
-    - {{ . | quote }}
-    {{- end  }}
-    {{- end }}
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-approve:cert-manager-io
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cert-manager"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cert-manager.fullname" . }}-controller-approve:cert-manager-io
-subjects:
-  - name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-    kind: ServiceAccount
-
----
-
-{{- end -}}
-
-# Permission to:
-# - Update and sign CertificateSigningRequests referencing cert-manager.io Issuers and ClusterIssuers
-# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-certificatesigningrequests
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cert-manager"
-    {{- include "labels" . | nindent 4 }}
-rules:
-  - apiGroups: ["certificates.k8s.io"]
-    resources: ["certificatesigningrequests"]
-    verbs: ["get", "list", "watch", "update"]
-  - apiGroups: ["certificates.k8s.io"]
-    resources: ["certificatesigningrequests/status"]
-    verbs: ["update", "patch"]
-  - apiGroups: ["certificates.k8s.io"]
-    resources: ["signers"]
-    resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
-    verbs: ["sign"]
-  - apiGroups: ["authorization.k8s.io"]
-    resources: ["subjectaccessreviews"]
-    verbs: ["create"]
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "cert-manager.fullname" . }}-controller-certificatesigningrequests
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "cert-manager"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "cert-manager.fullname" . }}-controller-certificatesigningrequests
-subjects:
-  - name: {{ template "cert-manager.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-    kind: ServiceAccount
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/service.yaml

@@ -1,37 +0,0 @@
-{{- if and .Values.prometheus.enabled (not .Values.prometheus.podmonitor.enabled) }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "cert-manager.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-{{- with .Values.serviceAnnotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-    {{- with .Values.serviceLabels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  type: ClusterIP
-  {{- if .Values.serviceIPFamilyPolicy }}
-  ipFamilyPolicy: {{ .Values.serviceIPFamilyPolicy }}
-  {{- end }}
-  {{- if .Values.serviceIPFamilies }}
-  ipFamilies: {{ .Values.serviceIPFamilies | toYaml | nindent 2 }}
-  {{- end }}
-  ports:
-  - protocol: TCP
-    port: 9402
-    name: tcp-prometheus-servicemonitor
-    targetPort: {{ .Values.prometheus.servicemonitor.targetPort }}
-  selector:
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/serviceaccount.yaml

@@ -1,27 +0,0 @@
-{{- if .Values.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-{{- with .Values.global.imagePullSecrets }}
-imagePullSecrets:
-  {{- toYaml . | nindent 2 }}
-{{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
-metadata:
-  name: {{ template "cert-manager.serviceAccountName" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- range $k, $v := . }}
-      {{- printf "%s: %s" (tpl $k $) (tpl $v $) | nindent 4 }}
-    {{- end }} 
-  {{- end }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-    {{- with .Values.serviceAccount.labels }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/servicemonitor.yaml

@@ -1,63 +0,0 @@
-{{- if and .Values.prometheus.enabled (and .Values.prometheus.podmonitor.enabled .Values.prometheus.servicemonitor.enabled) }}
-{{- fail "Either .Values.prometheus.podmonitor.enabled or .Values.prometheus.servicemonitor.enabled can be enabled at a time, but not both." }}
-{{- else if and .Values.prometheus.enabled .Values.prometheus.servicemonitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ template "cert-manager.fullname" . }}
-{{- if .Values.prometheus.servicemonitor.namespace }}
-  namespace: {{ .Values.prometheus.servicemonitor.namespace }}
-{{- else }}
-  namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}
-  labels:
-    app: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/name: {{ include "cert-manager.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "controller"
-    {{- include "labels" . | nindent 4 }}
-    prometheus: {{ .Values.prometheus.servicemonitor.prometheusInstance }}
-    {{- with .Values.prometheus.servicemonitor.labels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- if .Values.prometheus.servicemonitor.annotations }}
-  annotations:
-    {{- with .Values.prometheus.servicemonitor.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- end }}
-spec:
-  jobLabel: {{ template "cert-manager.fullname" . }}
-  selector:
-    matchExpressions:
-      - key: app.kubernetes.io/name
-        operator: In
-        values:
-        - {{ include "cainjector.name" . }}
-        - {{ template "cert-manager.name" . }}
-        - {{ include "webhook.name" . }}
-      - key: app.kubernetes.io/instance
-        operator: In
-        values:
-        - {{ .Release.Name }}
-      - key: app.kubernetes.io/component
-        operator: In
-        values:
-        - cainjector
-        - controller
-        - webhook
-{{- if .Values.prometheus.servicemonitor.namespace }}
-  namespaceSelector:
-    matchNames:
-      - {{ include "cert-manager.namespace" . }}
-{{- end }}
-  endpoints:
-  - targetPort: {{ .Values.prometheus.servicemonitor.targetPort }}
-    path: {{ .Values.prometheus.servicemonitor.path }}
-    interval: {{ .Values.prometheus.servicemonitor.interval }}
-    scrapeTimeout: {{ .Values.prometheus.servicemonitor.scrapeTimeout }}
-    honorLabels: {{ .Values.prometheus.servicemonitor.honorLabels }}
-    {{- with .Values.prometheus.servicemonitor.endpointAdditionalProperties }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/startupapicheck-job.yaml

@@ -1,95 +0,0 @@
-{{- if .Values.startupapicheck.enabled }}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "startupapicheck.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "startupapicheck"
-    {{- include "labels" . | nindent 4 }}
-  {{- with .Values.startupapicheck.jobAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  backoffLimit: {{ .Values.startupapicheck.backoffLimit }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "startupapicheck.name" . }}
-        app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/component: "startupapicheck"
-        {{- include "labels" . | nindent 8 }}
-        {{- with .Values.startupapicheck.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.startupapicheck.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    spec:
-      restartPolicy: OnFailure
-      serviceAccountName: {{ template "startupapicheck.serviceAccountName" . }}
-      {{- if hasKey .Values.startupapicheck "automountServiceAccountToken" }}
-      automountServiceAccountToken: {{ .Values.startupapicheck.automountServiceAccountToken }}
-      {{- end }}
-      enableServiceLinks: {{ .Values.startupapicheck.enableServiceLinks }}
-      {{- with .Values.global.priorityClassName }}
-      priorityClassName: {{ . | quote }}
-      {{- end }}
-      {{- with .Values.startupapicheck.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}-startupapicheck
-          image: "{{ template "image" (tuple .Values.startupapicheck.image $.Chart.AppVersion) }}"
-          imagePullPolicy: {{ .Values.startupapicheck.image.pullPolicy }}
-          args:
-          - check
-          - api
-          - --wait={{ .Values.startupapicheck.timeout }}
-          {{- with .Values.startupapicheck.extraArgs }}
-          {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- with .Values.startupapicheck.containerSecurityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          {{- with .Values.startupapicheck.extraEnv }}
-          {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- with .Values.startupapicheck.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.startupapicheck.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.startupapicheck.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.startupapicheck.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.startupapicheck.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.startupapicheck.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/startupapicheck-psp-clusterrole.yaml

@@ -1,24 +0,0 @@
-{{- if .Values.startupapicheck.enabled }}
-{{- if .Values.global.podSecurityPolicy.enabled }}
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ template "startupapicheck.fullname" . }}-psp
-  labels:
-    app: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "startupapicheck"
-    {{- include "labels" . | nindent 4 }}
-  {{- with .Values.startupapicheck.rbac.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-rules:
-- apiGroups: ['policy']
-  resources: ['podsecuritypolicies']
-  verbs:     ['use']
-  resourceNames:
-  - {{ template "startupapicheck.fullname" . }}
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/startupapicheck-psp-clusterrolebinding.yaml

@@ -1,26 +0,0 @@
-{{- if .Values.startupapicheck.enabled }}
-{{- if .Values.global.podSecurityPolicy.enabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "startupapicheck.fullname" . }}-psp
-  labels:
-    app: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "startupapicheck"
-    {{- include "labels" . | nindent 4 }}
-  {{- with .Values.startupapicheck.rbac.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "startupapicheck.fullname" . }}-psp
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "startupapicheck.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/startupapicheck-psp.yaml

@@ -1,51 +0,0 @@
-{{- if .Values.startupapicheck.enabled }}
-{{- if .Values.global.podSecurityPolicy.enabled }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ template "startupapicheck.fullname" . }}
-  labels:
-    app: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "startupapicheck"
-    {{- include "labels" . | nindent 4 }}
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
-    {{- if .Values.global.podSecurityPolicy.useAppArmor }}
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
-    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
-    {{- end }}
-    {{- with .Values.startupapicheck.rbac.annotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  privileged: false
-  allowPrivilegeEscalation: false
-  allowedCapabilities: []  # default set of capabilities are implicitly allowed
-  volumes:
-  - 'projected'
-  - 'secret'
-  hostNetwork: false
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/startupapicheck-rbac.yaml

@@ -1,48 +0,0 @@
-{{- if .Values.startupapicheck.enabled }}
-{{- if .Values.global.rbac.create }}
-# create certificate role
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "startupapicheck.fullname" . }}:create-cert
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "startupapicheck"
-    {{- include "labels" . | nindent 4 }}
-  {{- with .Values.startupapicheck.rbac.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-rules:
-  - apiGroups: ["cert-manager.io"]
-    resources: ["certificaterequests"]
-    verbs: ["create"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ include "startupapicheck.fullname" . }}:create-cert
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "startupapicheck"
-    {{- include "labels" . | nindent 4 }}
-  {{- with .Values.startupapicheck.rbac.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "startupapicheck.fullname" . }}:create-cert
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "startupapicheck.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/startupapicheck-serviceaccount.yaml

@@ -1,27 +0,0 @@
-{{- if .Values.startupapicheck.enabled }}
-{{- if .Values.startupapicheck.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: {{ .Values.startupapicheck.serviceAccount.automountServiceAccountToken }}
-metadata:
-  name: {{ template "startupapicheck.serviceAccountName" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  {{- with .Values.startupapicheck.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  labels:
-    app: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "startupapicheck"
-    {{- include "labels" . | nindent 4 }}
-    {{- with .Values.startupapicheck.serviceAccount.labels }}
-      {{ toYaml . | nindent 4 }}
-    {{- end }}
-{{- with .Values.global.imagePullSecrets }}
-imagePullSecrets:
-  {{- toYaml . | nindent 2 }}
-{{- end }}
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-config.yaml

@@ -1,19 +0,0 @@
-{{- if .Values.webhook.config -}}
-{{- $config := .Values.webhook.config -}}
-{{- $_ := set $config "apiVersion" (default "webhook.config.cert-manager.io/v1alpha1" $config.apiVersion) -}}
-{{- $_ := set $config "kind" (default "WebhookConfiguration" $config.kind) -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "webhook.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-data:
-  config.yaml: |
-    {{- $config | toYaml | nindent 4 }}
-{{- end -}}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-deployment.yaml

@@ -1,217 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "webhook.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-  {{- with .Values.webhook.deploymentAnnotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  replicas: {{ .Values.webhook.replicaCount }}
-  {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}}
-  {{- if not (has (quote .Values.global.revisionHistoryLimit) (list "" (quote ""))) }}
-  revisionHistoryLimit: {{ .Values.global.revisionHistoryLimit }}
-  {{- end }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "webhook.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/component: "webhook"
-  {{- with .Values.webhook.strategy }}
-  strategy:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  template:
-    metadata:
-      labels:
-        app: {{ include "webhook.name" . }}
-        app.kubernetes.io/name: {{ include "webhook.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
-        app.kubernetes.io/component: "webhook"
-        {{- include "labels" . | nindent 8 }}
-        {{- with .Values.webhook.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- with .Values.webhook.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- if and .Values.prometheus.enabled (not (or .Values.prometheus.servicemonitor.enabled .Values.prometheus.podmonitor.enabled)) }}
-      {{- if not .Values.webhook.podAnnotations }}
-      annotations:
-      {{- end }}
-        prometheus.io/path: "/metrics"
-        prometheus.io/scrape: 'true'
-        prometheus.io/port: '9402'
-      {{- end }}
-    spec:
-      {{- if not .Values.webhook.serviceAccount.create }}
-      {{- with .Values.global.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- end }}
-      serviceAccountName: {{ template "webhook.serviceAccountName" . }}
-      {{- if hasKey .Values.webhook "automountServiceAccountToken" }}
-      automountServiceAccountToken: {{ .Values.webhook.automountServiceAccountToken }}
-      {{- end }}
-      enableServiceLinks: {{ .Values.webhook.enableServiceLinks }}
-      {{- with .Values.global.priorityClassName }}
-      priorityClassName: {{ . | quote }}
-      {{- end }}
-      {{- with .Values.webhook.securityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- if .Values.webhook.hostNetwork }}
-      hostNetwork: true
-      {{- end }}
-      {{- if .Values.webhook.hostNetwork }}
-      dnsPolicy: ClusterFirstWithHostNet
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}-webhook
-          image: "{{ template "image" (tuple .Values.webhook.image $.Chart.AppVersion) }}"
-          imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
-          args:
-          {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}}
-          {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }}
-          - --v={{ .Values.global.logLevel }}
-          {{- end }}
-          {{- if .Values.webhook.config }}
-          - --config=/var/cert-manager/config/config.yaml
-          {{- end }}
-          {{- $config := default .Values.webhook.config "" }}
-          {{ if not $config.securePort -}}
-          - --secure-port={{ .Values.webhook.securePort }}
-          {{- end }}
-          {{- if .Values.webhook.featureGates }}
-          - --feature-gates={{ .Values.webhook.featureGates }}
-          {{- end }}
-          {{- $tlsConfig := default $config.tlsConfig "" }}
-          {{ if or (not $config.tlsConfig) (and (not $tlsConfig.dynamic) (not $tlsConfig.filesystem) ) -}}
-          - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
-          - --dynamic-serving-ca-secret-name={{ template "webhook.fullname" . }}-ca
-          - --dynamic-serving-dns-names={{ template "webhook.fullname" . }}
-          - --dynamic-serving-dns-names={{ template "webhook.fullname" . }}.$(POD_NAMESPACE)
-          - --dynamic-serving-dns-names={{ template "webhook.fullname" . }}.$(POD_NAMESPACE).svc
-          {{ if .Values.webhook.url.host }}
-          - --dynamic-serving-dns-names={{ .Values.webhook.url.host }}
-          {{- end }}
-          {{- end }}
-          {{- with .Values.webhook.extraArgs }}
-          {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- if not .Values.prometheus.enabled }}
-          - --metrics-listen-address=0
-          {{- end }}
-          ports:
-          - name: https
-            protocol: TCP
-            {{- if $config.securePort }}
-            containerPort: {{ $config.securePort }}
-            {{- else if .Values.webhook.securePort }}
-            containerPort: {{ .Values.webhook.securePort }}
-            {{- else }}
-            containerPort: 6443
-            {{- end }}
-          - name: healthcheck
-            protocol: TCP
-            {{- if $config.healthzPort }}
-            containerPort: {{ $config.healthzPort }}
-            {{- else }}
-            containerPort: 6080
-            {{- end }}
-          {{- if .Values.prometheus.enabled }}
-          - containerPort: 9402
-            name: http-metrics
-            protocol: TCP
-          {{- end }}
-          livenessProbe:
-            httpGet:
-              path: /livez
-              {{- if $config.healthzPort }}
-              port: {{ $config.healthzPort }}
-              {{- else }}
-              port: 6080
-              {{- end }}
-              scheme: HTTP
-            initialDelaySeconds: {{ .Values.webhook.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.webhook.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.webhook.livenessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.webhook.livenessProbe.successThreshold }}
-            failureThreshold: {{ .Values.webhook.livenessProbe.failureThreshold }}
-          readinessProbe:
-            httpGet:
-              path: /healthz
-              {{- if $config.healthzPort }}
-              port: {{ $config.healthzPort }}
-              {{- else }}
-              port: 6080
-              {{- end }}
-              scheme: HTTP
-            initialDelaySeconds: {{ .Values.webhook.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.webhook.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ .Values.webhook.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.webhook.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.webhook.readinessProbe.failureThreshold }}
-          {{- with .Values.webhook.containerSecurityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          env:
-          - name: POD_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          {{- with .Values.webhook.extraEnv }}
-          {{- toYaml . | nindent 10 }}
-          {{- end }}
-          {{- with .Values.webhook.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- if or .Values.webhook.config .Values.webhook.volumeMounts }}
-          volumeMounts:
-            {{- if .Values.webhook.config }}
-            - name: config
-              mountPath: /var/cert-manager/config
-            {{- end }}
-            {{- with .Values.webhook.volumeMounts }}
-            {{- toYaml . | nindent 12 }}
-            {{- end }}
-          {{- end }}
-      {{- with .Values.webhook.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.webhook.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.webhook.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with  .Values.webhook.topologySpreadConstraints }}
-      topologySpreadConstraints:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- if or .Values.webhook.config .Values.webhook.volumes }}
-      volumes:
-        {{- if .Values.webhook.config }}
-        - name: config
-          configMap:
-            name: {{ include "webhook.fullname" . }}
-        {{- end }}
-        {{- with .Values.webhook.volumes }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-      {{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-mutating-webhook.yaml

@@ -1,48 +0,0 @@
-apiVersion: admissionregistration.k8s.io/v1
-kind: MutatingWebhookConfiguration
-metadata:
-  name: {{ include "webhook.fullname" . }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-  annotations:
-    cert-manager.io/inject-ca-from-secret: {{ printf "%s/%s-ca" (include "cert-manager.namespace" .) (include "webhook.fullname" .) | quote }}
-    {{- with .Values.webhook.mutatingWebhookConfigurationAnnotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-webhooks:
-  - name: webhook.cert-manager.io
-    {{- with .Values.webhook.mutatingWebhookConfiguration.namespaceSelector }}
-    namespaceSelector:
-      {{- toYaml . | nindent 6 }}
-    {{- end }}
-    rules:
-      - apiGroups:
-          - "cert-manager.io"
-        apiVersions:
-          - "v1"
-        operations:
-          - CREATE
-        resources:
-          - "certificaterequests"
-    admissionReviewVersions: ["v1"]
-    # This webhook only accepts v1 cert-manager resources.
-    # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
-    # this webhook (after the resources have been converted to v1).
-    matchPolicy: Equivalent
-    timeoutSeconds: {{ .Values.webhook.timeoutSeconds }}
-    failurePolicy: Fail
-    # Only include 'sideEffects' field in Kubernetes 1.12+
-    sideEffects: None
-    clientConfig:
-      {{- if .Values.webhook.url.host }}
-      url: https://{{ .Values.webhook.url.host }}/mutate
-      {{- else }}
-      service:
-        name: {{ template "webhook.fullname" . }}
-        namespace: {{ include "cert-manager.namespace" . }}
-        path: /mutate
-      {{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-poddisruptionbudget.yaml

@@ -1,29 +0,0 @@
-{{- if .Values.webhook.podDisruptionBudget.enabled }}
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name: {{ include "webhook.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: {{ include "webhook.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
-      app.kubernetes.io/component: "webhook"
-
-  {{- if not (or (hasKey .Values.webhook.podDisruptionBudget "minAvailable") (hasKey .Values.webhook.podDisruptionBudget "maxUnavailable")) }}
-  minAvailable: 1 # Default value because minAvailable and maxUnavailable are not set
-  {{- end }}
-  {{- if hasKey .Values.webhook.podDisruptionBudget "minAvailable" }}
-  minAvailable: {{ .Values.webhook.podDisruptionBudget.minAvailable }}
-  {{- end }}
-  {{- if hasKey .Values.webhook.podDisruptionBudget "maxUnavailable" }}
-  maxUnavailable: {{ .Values.webhook.podDisruptionBudget.maxUnavailable }}
-  {{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-psp-clusterrole.yaml

@@ -1,18 +0,0 @@
-{{- if .Values.global.podSecurityPolicy.enabled }}
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ template "webhook.fullname" . }}-psp
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-rules:
-- apiGroups: ['policy']
-  resources: ['podsecuritypolicies']
-  verbs:     ['use']
-  resourceNames:
-  - {{ template "webhook.fullname" . }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-psp-clusterrolebinding.yaml

@@ -1,20 +0,0 @@
-{{- if .Values.global.podSecurityPolicy.enabled }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "webhook.fullname" . }}-psp
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "webhook.fullname" . }}-psp
-subjects:
-  - kind: ServiceAccount
-    name: {{ template "webhook.serviceAccountName" . }}
-    namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-psp.yaml

@@ -1,54 +0,0 @@
-{{- if .Values.global.podSecurityPolicy.enabled }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ template "webhook.fullname" . }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-  annotations:
-    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
-    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
-    {{- if .Values.global.podSecurityPolicy.useAppArmor }}
-    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
-    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
-    {{- end }}
-spec:
-  privileged: false
-  allowPrivilegeEscalation: false
-  allowedCapabilities: []  # default set of capabilities are implicitly allowed
-  volumes:
-  - 'configMap'
-  - 'emptyDir'
-  - 'projected'
-  - 'secret'
-  - 'downwardAPI'
-  hostNetwork: {{ .Values.webhook.hostNetwork }}
-  {{- if .Values.webhook.hostNetwork }}
-  hostPorts:
-  - max: {{ .Values.webhook.securePort }}
-    min: {{ .Values.webhook.securePort }}
-  {{- end }}
-  hostIPC: false
-  hostPID: false
-  runAsUser:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-  seLinux:
-    rule: 'RunAsAny'
-  supplementalGroups:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-  fsGroup:
-    rule: 'MustRunAs'
-    ranges:
-    - min: 1000
-      max: 1000
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-rbac.yaml

@@ -1,90 +0,0 @@
-{{- if .Values.global.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: {{ template "webhook.fullname" . }}:dynamic-serving
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-rules:
-- apiGroups: [""]
-  resources: ["secrets"]
-  resourceNames:
-  - '{{ template "webhook.fullname" . }}-ca'
-  {{- $certmanagerNamespace := include "cert-manager.namespace" . }}
-  {{- with (.Values.webhook.config.metricsTLSConfig).dynamic }}
-  {{- if $certmanagerNamespace | eq .secretNamespace }}
-  # Allow webhook to read and update the metrics CA Secret when dynamic TLS is
-  # enabled for the metrics server and if the Secret is configured to be in the
-  # same namespace as cert-manager.
-  - {{ .secretName | quote }}
-  {{- end }}
-  {{- end }}
-  verbs: ["get", "list", "watch", "update"]
-# It's not possible to grant CREATE permission on a single resourceName.
-- apiGroups: [""]
-  resources: ["secrets"]
-  verbs: ["create"]
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: {{ template "webhook.fullname" . }}:dynamic-serving
-  namespace: {{ include "cert-manager.namespace" . }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: {{ template "webhook.fullname" . }}:dynamic-serving
-subjects:
-- kind: ServiceAccount
-  name: {{ template "webhook.serviceAccountName" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ template "webhook.fullname" . }}:subjectaccessreviews
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-rules:
-- apiGroups: ["authorization.k8s.io"]
-  resources: ["subjectaccessreviews"]
-  verbs: ["create"]
----
-
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "webhook.fullname" . }}:subjectaccessreviews
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "webhook.fullname" . }}:subjectaccessreviews
-subjects:
-- kind: ServiceAccount
-  name: {{ template "webhook.serviceAccountName" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-service.yaml

@@ -1,44 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "webhook.fullname" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-{{- with .Values.webhook.serviceAnnotations }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-    {{- with .Values.webhook.serviceLabels }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-spec:
-  type: {{ .Values.webhook.serviceType }}
-  {{- if .Values.webhook.serviceIPFamilyPolicy }}
-  ipFamilyPolicy: {{ .Values.webhook.serviceIPFamilyPolicy }}
-  {{- end }}
-  {{- if .Values.webhook.serviceIPFamilies }}
-  ipFamilies: {{ .Values.webhook.serviceIPFamilies | toYaml | nindent 2 }}
-  {{- end }}
-  {{- with .Values.webhook.loadBalancerIP }}
-  loadBalancerIP: {{ . }}
-  {{- end }}
-  ports:
-  - name: https
-    port: 443
-    protocol: TCP
-    targetPort: "https"
-{{- if and .Values.prometheus.enabled (not .Values.prometheus.podmonitor.enabled) }}
-  - name: metrics
-    port: 9402
-    protocol: TCP
-    targetPort: "http-metrics"
-{{- end }}
-  selector:
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-serviceaccount.yaml

@@ -1,25 +0,0 @@
-{{- if .Values.webhook.serviceAccount.create }}
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: {{ .Values.webhook.serviceAccount.automountServiceAccountToken }}
-metadata:
-  name: {{ template "webhook.serviceAccountName" . }}
-  namespace: {{ include "cert-manager.namespace" . }}
-  {{- with .Values.webhook.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-    {{- with .Values.webhook.serviceAccount.labels }}
-      {{ toYaml . | nindent 4 }}
-    {{- end }}
-{{- with .Values.global.imagePullSecrets }}
-imagePullSecrets:
-  {{- toYaml . | nindent 2 }}
-{{- end }}
-{{- end }}

certmanager/src/charts/cert-manager-1.17.0/cert-manager/templates/webhook-validating-webhook.yaml

@@ -1,49 +0,0 @@
-apiVersion: admissionregistration.k8s.io/v1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: {{ include "webhook.fullname" . }}
-  labels:
-    app: {{ include "webhook.name" . }}
-    app.kubernetes.io/name: {{ include "webhook.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/component: "webhook"
-    {{- include "labels" . | nindent 4 }}
-  annotations:
-    cert-manager.io/inject-ca-from-secret: {{ printf "%s/%s-ca" (include "cert-manager.namespace" .) (include "webhook.fullname" .) | quote}}
-    {{- with .Values.webhook.validatingWebhookConfigurationAnnotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-webhooks:
-  - name: webhook.cert-manager.io
-    {{- with .Values.webhook.validatingWebhookConfiguration.namespaceSelector }}
-    namespaceSelector:
-      {{- toYaml . | nindent 6 }}
-    {{- end }}
-    rules:
-      - apiGroups:
-          - "cert-manager.io"
-          - "acme.cert-manager.io"
-        apiVersions:
-          - "v1"
-        operations:
-          - CREATE
-          - UPDATE
-        resources:
-          - "*/*"
-    admissionReviewVersions: ["v1"]
-    # This webhook only accepts v1 cert-manager resources.
-    # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
-    # this webhook (after the resources have been converted to v1).
-    matchPolicy: Equivalent
-    timeoutSeconds: {{ .Values.webhook.timeoutSeconds }}
-    failurePolicy: Fail
-    sideEffects: None
-    clientConfig:
-      {{- if .Values.webhook.url.host }}
-      url: https://{{ .Values.webhook.url.host }}/validate
-      {{- else }}
-      service:
-        name: {{ template "webhook.fullname" . }}
-        namespace: {{ include "cert-manager.namespace" . }}
-        path: /validate
-      {{- end }}

certmanager/src/kustomization.yaml

@@ -1,10 +0,0 @@
-# argocd/kustomization.yaml
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-helmCharts:
-  - name: cert-manager
-    repo: https://charts.jetstack.io
-    version: 1.17.0
-    releaseName: cert-manager
-    valuesFile: values.yaml

certmanager/src/values.yaml

@@ -1,9 +0,0 @@
-crds:
-  enabled: true
-
-extraArgs:
-  - --enable-gateway-api
-
-global:
-  leaderElection:
-    namespace: cert-manager