diff --git a/certmanager/main.yaml b/certmanager/main.yaml index b2bcd0d..ae941ae 100644 --- a/certmanager/main.yaml +++ b/certmanager/main.yaml @@ -12760,7 +12760,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: v1 automountServiceAccountToken: true @@ -12775,7 +12775,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-cainjector - namespace: cert-manager + namespace: default --- apiVersion: v1 automountServiceAccountToken: true @@ -12794,7 +12794,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-startupapicheck - namespace: cert-manager + namespace: default --- apiVersion: v1 automountServiceAccountToken: true @@ -12809,87 +12809,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-webhook - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - annotations: - helm.sh/hook: post-install - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - helm.sh/hook-weight: "-5" - labels: - app: startupapicheck - app.kubernetes.io/component: startupapicheck - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: startupapicheck - app.kubernetes.io/version: v1.17.0 - helm.sh/chart: cert-manager-v1.17.0 - name: cert-manager-startupapicheck:create-cert - namespace: cert-manager -rules: -- apiGroups: - - cert-manager.io - resources: - - certificaterequests - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.17.0 - helm.sh/chart: cert-manager-v1.17.0 - name: cert-manager-tokenrequest - namespace: cert-manager -rules: -- apiGroups: - - "" - resourceNames: - - cert-manager - resources: - - serviceaccounts/token - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app: webhook - app.kubernetes.io/component: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.17.0 - helm.sh/chart: cert-manager-v1.17.0 - name: cert-manager-webhook:dynamic-serving - namespace: cert-manager -rules: -- apiGroups: - - "" - resourceNames: - - cert-manager-webhook-ca - resources: - - secrets - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - secrets - verbs: - - create + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -12903,7 +12823,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-cainjector:leaderelection - namespace: kube-system + namespace: cert-manager rules: - apiGroups: - coordination.k8s.io @@ -12935,7 +12855,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager:leaderelection - namespace: kube-system + namespace: cert-manager rules: - apiGroups: - coordination.k8s.io @@ -12955,6 +12875,86 @@ rules: - create --- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + annotations: + helm.sh/hook: post-install + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + helm.sh/hook-weight: "-5" + labels: + app: startupapicheck + app.kubernetes.io/component: startupapicheck + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: startupapicheck + app.kubernetes.io/version: v1.17.0 + helm.sh/chart: cert-manager-v1.17.0 + name: cert-manager-startupapicheck:create-cert + namespace: default +rules: +- apiGroups: + - cert-manager.io + resources: + - certificaterequests + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.17.0 + helm.sh/chart: cert-manager-v1.17.0 + name: cert-manager-tokenrequest + namespace: default +rules: +- apiGroups: + - "" + resourceNames: + - cert-manager + resources: + - serviceaccounts/token + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: webhook + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: webhook + app.kubernetes.io/version: v1.17.0 + helm.sh/chart: cert-manager-v1.17.0 + name: cert-manager-webhook:dynamic-serving + namespace: default +rules: +- apiGroups: + - "" + resourceNames: + - cert-manager-webhook-ca + resources: + - secrets + verbs: + - get + - list + - watch + - update +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: @@ -13632,6 +13632,50 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding +metadata: + labels: + app: cainjector + app.kubernetes.io/component: cainjector + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cainjector + app.kubernetes.io/version: v1.17.0 + helm.sh/chart: cert-manager-v1.17.0 + name: cert-manager-cainjector:leaderelection + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager-cainjector:leaderelection +subjects: +- kind: ServiceAccount + name: cert-manager-cainjector + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: cert-manager + app.kubernetes.io/component: controller + app.kubernetes.io/instance: cert-manager + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: cert-manager + app.kubernetes.io/version: v1.17.0 + helm.sh/chart: cert-manager-v1.17.0 + name: cert-manager:leaderelection + namespace: cert-manager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cert-manager:leaderelection +subjects: +- kind: ServiceAccount + name: cert-manager + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: labels: app: cert-manager @@ -13642,7 +13686,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-cert-manager-tokenrequest - namespace: cert-manager + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -13650,7 +13694,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -13668,7 +13712,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-startupapicheck:create-cert - namespace: cert-manager + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -13676,7 +13720,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager-startupapicheck - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -13690,7 +13734,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-webhook:dynamic-serving - namespace: cert-manager + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -13698,51 +13742,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager-webhook - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: cainjector - app.kubernetes.io/component: cainjector - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.17.0 - helm.sh/chart: cert-manager-v1.17.0 - name: cert-manager-cainjector:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager-cainjector:leaderelection -subjects: -- kind: ServiceAccount - name: cert-manager-cainjector - namespace: cert-manager ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app: cert-manager - app.kubernetes.io/component: controller - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.17.0 - helm.sh/chart: cert-manager-v1.17.0 - name: cert-manager:leaderelection - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cert-manager:leaderelection -subjects: -- kind: ServiceAccount - name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13763,7 +13763,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager-cainjector - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13784,7 +13784,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13805,7 +13805,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13826,7 +13826,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13847,7 +13847,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13868,7 +13868,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13889,7 +13889,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13910,7 +13910,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13931,7 +13931,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -13952,7 +13952,7 @@ roleRef: subjects: - kind: ServiceAccount name: cert-manager-webhook - namespace: cert-manager + namespace: default --- apiVersion: v1 kind: Service @@ -13966,7 +13966,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager - namespace: cert-manager + namespace: default spec: ports: - name: tcp-prometheus-servicemonitor @@ -13991,7 +13991,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-cainjector - namespace: cert-manager + namespace: default spec: ports: - name: http-metrics @@ -14015,7 +14015,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-webhook - namespace: cert-manager + namespace: default spec: ports: - name: https @@ -14044,7 +14044,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager - namespace: cert-manager + namespace: default spec: replicas: 1 selector: @@ -14071,7 +14071,7 @@ spec: - args: - --v=2 - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=kube-system + - --leader-election-namespace=cert-manager - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.17.0 - --enable-gateway-api - --max-concurrent-challenges=60 @@ -14127,7 +14127,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-cainjector - namespace: cert-manager + namespace: default spec: replicas: 1 selector: @@ -14153,7 +14153,7 @@ spec: containers: - args: - --v=2 - - --leader-election-namespace=kube-system + - --leader-election-namespace=cert-manager env: - name: POD_NAMESPACE valueFrom: @@ -14193,7 +14193,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-webhook - namespace: cert-manager + namespace: default spec: replicas: 1 selector: @@ -14294,7 +14294,7 @@ metadata: app.kubernetes.io/version: v1.17.0 helm.sh/chart: cert-manager-v1.17.0 name: cert-manager-startupapicheck - namespace: cert-manager + namespace: default spec: backoffLimit: 4 template: @@ -14342,7 +14342,7 @@ apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: - cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca + cert-manager.io/inject-ca-from-secret: default/cert-manager-webhook-ca labels: app: webhook app.kubernetes.io/component: webhook @@ -14358,7 +14358,7 @@ webhooks: clientConfig: service: name: cert-manager-webhook - namespace: cert-manager + namespace: default path: /mutate failurePolicy: Fail matchPolicy: Equivalent @@ -14379,7 +14379,7 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: - cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca + cert-manager.io/inject-ca-from-secret: default/cert-manager-webhook-ca labels: app: webhook app.kubernetes.io/component: webhook @@ -14395,7 +14395,7 @@ webhooks: clientConfig: service: name: cert-manager-webhook - namespace: cert-manager + namespace: default path: /validate failurePolicy: Fail matchPolicy: Equivalent diff --git a/certmanager/src/kustomization.yaml b/certmanager/src/kustomization.yaml index 57d7560..c7525d8 100644 --- a/certmanager/src/kustomization.yaml +++ b/certmanager/src/kustomization.yaml @@ -7,5 +7,4 @@ helmCharts: repo: https://charts.jetstack.io version: 1.17.0 releaseName: cert-manager - namespace: cert-manager valuesFile: values.yaml diff --git a/certmanager/src/values.yaml b/certmanager/src/values.yaml index c7a41c5..aef70b8 100644 --- a/certmanager/src/values.yaml +++ b/certmanager/src/values.yaml @@ -3,3 +3,7 @@ crds: extraArgs: - --enable-gateway-api + +global: + leaderElection: + namespace: cert-manager \ No newline at end of file