certmanager netcup update

2025-11-07 00:19:07 +01:00
parent 3328dddff7
commit a1299094b6
4 changed files with 88 additions and 36 deletions
--- a/certmanager-netcup/main.yaml
+++ b/certmanager-netcup/main.yaml
@@ -3,10 +3,11 @@ kind: ServiceAccount
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup
+  namespace: cert-manager
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -27,7 +28,7 @@ kind: ClusterRole
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:domain-solver
@@ -44,7 +45,7 @@ kind: ClusterRole
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:flowcontrol
@@ -75,11 +76,30 @@ subjects:
  namespace: cert-manager
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: cert-manager-webhook-netcup
+    chart: cert-manager-webhook-netcup-1.0.34
+    heritage: Helm
+    release: cert-manager-webhook-netcup
+  name: cert-manager-webhook-netcup:webhook-authentication-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- apiGroup: ""
+  kind: ServiceAccount
+  name: cert-manager-webhook-netcup
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:auth-delegator
@@ -98,7 +118,7 @@ kind: ClusterRoleBinding
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:domain-solver
@@ -117,7 +137,7 @@ kind: ClusterRoleBinding
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup:flowcontrol
@@ -136,10 +156,11 @@ kind: Service
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup
+  namespace: cert-manager
 spec:
  ports:
  - name: https
@@ -156,12 +177,13 @@ kind: Deployment
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup
+  namespace: cert-manager
 spec:
-  replicas: 1
+  replicas: null
  selector:
    matchLabels:
      app: cert-manager-webhook-netcup
@@ -179,7 +201,7 @@ spec:
        env:
        - name: GROUP_NAME
          value: com.netcup.webhook
-        image: ghcr.io/aellwein/cert-manager-webhook-netcup:1.0.29
+        image: ghcr.io/aellwein/cert-manager-webhook-netcup:1.0.34
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
@@ -214,7 +236,7 @@ metadata:
    cert-manager.io/inject-ca-from: cert-manager/cert-manager-webhook-netcup-webhook-tls
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: v1alpha1.com.netcup.webhook
@@ -232,7 +254,7 @@ kind: Certificate
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup-ca
@@ -250,7 +272,7 @@ kind: Certificate
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup-webhook-tls
@@ -270,7 +292,7 @@ kind: Issuer
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup-ca
@@ -284,7 +306,7 @@ kind: Issuer
 metadata:
  labels:
    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
+    chart: cert-manager-webhook-netcup-1.0.34
    heritage: Helm
    release: cert-manager-webhook-netcup
  name: cert-manager-webhook-netcup-selfsign
--- a/certmanager-netcup/rb.yaml
+++ b/certmanager-netcup/rb.yaml
@@ -1,20 +0,0 @@
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app: cert-manager-webhook-netcup
-    chart: cert-manager-webhook-netcup-1.0.29
-    heritage: Helm
-    release: cert-manager-webhook-netcup
-  name: cert-manager-webhook-netcup:webhook-authentication-reader
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
- apiGroup: ""
-  kind: ServiceAccount
-  name: cert-manager-webhook-netcup
-  namespace: cert-manager
--- a/certmanager-netcup/src/kustomization.yaml
+++ b/certmanager-netcup/src/kustomization.yaml
@@ -5,6 +5,7 @@ kind: Kustomization
 helmCharts:
  - name: cert-manager-webhook-netcup
    repo: https://aellwein.github.io/cert-manager-webhook-netcup/charts/
-    version: 1.0.29
+    version: 1.0.34
    releaseName: cert-manager-webhook-netcup
    namespace: cert-manager
+    valuesFile: values.yaml
--- a/certmanager-netcup/src/values.yaml
+++ b/certmanager-netcup/src/values.yaml
@@ -0,0 +1,49 @@
+# The GroupName here is used to identify your company or business unit that
+# created this webhook.
+# For example, this may be "acme.mycompany.com".
+# This name will need to be referenced in each Issuer's `webhook` stanza to
+# inform cert-manager of where to send ChallengePayload resources in order to
+# solve the DNS01 challenge.
+# This group name should be **unique**, hence using your own company's domain
+# here is recommended.
+
+groupName: com.netcup.webhook
+
+certManager:
+  namespace: cert-manager
+  serviceAccountName: cert-manager
+
+image:
+  repository: ghcr.io/aellwein/cert-manager-webhook-netcup
+  # set version here for upcoming release
+  tag: 1.0.34
+  # sha hash can be used to specify image version, instead of tag
+  hash: ""
+  pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+  type: ClusterIP
+  port: 443
+
+resources:
+  {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+