namespace #3

2025-03-21 00:55:26 +01:00
parent e08b80055d
commit e073cdda7e
3 changed files with 163 additions and 160 deletions
--- a/certmanager/main.yaml
+++ b/certmanager/main.yaml
@@ -12760,7 +12760,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: v1
 automountServiceAccountToken: true
@@ -12775,7 +12775,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-cainjector
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: v1
 automountServiceAccountToken: true
@@ -12794,7 +12794,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-startupapicheck
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: v1
 automountServiceAccountToken: true
@@ -12809,87 +12809,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-webhook
-  namespace: cert-manager
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  annotations:
-    helm.sh/hook: post-install
-    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
-    helm.sh/hook-weight: "-5"
-  labels:
-    app: startupapicheck
-    app.kubernetes.io/component: startupapicheck
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: startupapicheck
-    app.kubernetes.io/version: v1.17.0
-    helm.sh/chart: cert-manager-v1.17.0
-  name: cert-manager-startupapicheck:create-cert
-  namespace: cert-manager
-rules:
- apiGroups:
-  - cert-manager.io
-  resources:
-  - certificaterequests
-  verbs:
-  - create
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app: cert-manager
-    app.kubernetes.io/component: controller
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.17.0
-    helm.sh/chart: cert-manager-v1.17.0
-  name: cert-manager-tokenrequest
-  namespace: cert-manager
-rules:
- apiGroups:
-  - ""
-  resourceNames:
-  - cert-manager
-  resources:
-  - serviceaccounts/token
-  verbs:
-  - create
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app: webhook
-    app.kubernetes.io/component: webhook
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: webhook
-    app.kubernetes.io/version: v1.17.0
-    helm.sh/chart: cert-manager-v1.17.0
-  name: cert-manager-webhook:dynamic-serving
-  namespace: cert-manager
-rules:
- apiGroups:
-  - ""
-  resourceNames:
-  - cert-manager-webhook-ca
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-  - update
- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - create
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -12903,7 +12823,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-cainjector:leaderelection
-  namespace: kube-system
+  namespace: cert-manager
 rules:
 - apiGroups:
  - coordination.k8s.io
@@ -12935,7 +12855,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager:leaderelection
-  namespace: kube-system
+  namespace: cert-manager
 rules:
 - apiGroups:
  - coordination.k8s.io
@@ -12955,6 +12875,86 @@ rules:
  - create
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations:
+    helm.sh/hook: post-install
+    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+    helm.sh/hook-weight: "-5"
+  labels:
+    app: startupapicheck
+    app.kubernetes.io/component: startupapicheck
+    app.kubernetes.io/instance: cert-manager
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: startupapicheck
+    app.kubernetes.io/version: v1.17.0
+    helm.sh/chart: cert-manager-v1.17.0
+  name: cert-manager-startupapicheck:create-cert
+  namespace: default
+rules:
+- apiGroups:
+  - cert-manager.io
+  resources:
+  - certificaterequests
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: cert-manager
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: cert-manager
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: cert-manager
+    app.kubernetes.io/version: v1.17.0
+    helm.sh/chart: cert-manager-v1.17.0
+  name: cert-manager-tokenrequest
+  namespace: default
+rules:
+- apiGroups:
+  - ""
+  resourceNames:
+  - cert-manager
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: webhook
+    app.kubernetes.io/component: webhook
+    app.kubernetes.io/instance: cert-manager
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: webhook
+    app.kubernetes.io/version: v1.17.0
+    helm.sh/chart: cert-manager-v1.17.0
+  name: cert-manager-webhook:dynamic-serving
+  namespace: default
+rules:
+- apiGroups:
+  - ""
+  resourceNames:
+  - cert-manager-webhook-ca
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  labels:
@@ -13632,6 +13632,50 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
+metadata:
+  labels:
+    app: cainjector
+    app.kubernetes.io/component: cainjector
+    app.kubernetes.io/instance: cert-manager
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: cainjector
+    app.kubernetes.io/version: v1.17.0
+    helm.sh/chart: cert-manager-v1.17.0
+  name: cert-manager-cainjector:leaderelection
+  namespace: cert-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cert-manager-cainjector:leaderelection
+subjects:
+- kind: ServiceAccount
+  name: cert-manager-cainjector
+  namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: cert-manager
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/instance: cert-manager
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: cert-manager
+    app.kubernetes.io/version: v1.17.0
+    helm.sh/chart: cert-manager-v1.17.0
+  name: cert-manager:leaderelection
+  namespace: cert-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: cert-manager:leaderelection
+subjects:
+- kind: ServiceAccount
+  name: cert-manager
+  namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
 metadata:
  labels:
    app: cert-manager
@@ -13642,7 +13686,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-cert-manager-tokenrequest
-  namespace: cert-manager
+  namespace: default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -13650,7 +13694,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -13668,7 +13712,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-startupapicheck:create-cert
-  namespace: cert-manager
+  namespace: default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -13676,7 +13720,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager-startupapicheck
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -13690,7 +13734,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-webhook:dynamic-serving
-  namespace: cert-manager
+  namespace: default
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -13698,51 +13742,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager-webhook
-  namespace: cert-manager
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app: cainjector
-    app.kubernetes.io/component: cainjector
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: cainjector
-    app.kubernetes.io/version: v1.17.0
-    helm.sh/chart: cert-manager-v1.17.0
-  name: cert-manager-cainjector:leaderelection
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cert-manager-cainjector:leaderelection
-subjects:
- kind: ServiceAccount
-  name: cert-manager-cainjector
-  namespace: cert-manager
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app: cert-manager
-    app.kubernetes.io/component: controller
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/managed-by: Helm
-    app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.17.0
-    helm.sh/chart: cert-manager-v1.17.0
-  name: cert-manager:leaderelection
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cert-manager:leaderelection
-subjects:
- kind: ServiceAccount
-  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13763,7 +13763,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager-cainjector
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13784,7 +13784,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13805,7 +13805,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13826,7 +13826,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13847,7 +13847,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13868,7 +13868,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13889,7 +13889,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13910,7 +13910,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13931,7 +13931,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -13952,7 +13952,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: cert-manager-webhook
-  namespace: cert-manager
+  namespace: default
 ---
 apiVersion: v1
 kind: Service
@@ -13966,7 +13966,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 spec:
  ports:
  - name: tcp-prometheus-servicemonitor
@@ -13991,7 +13991,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-cainjector
-  namespace: cert-manager
+  namespace: default
 spec:
  ports:
  - name: http-metrics
@@ -14015,7 +14015,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-webhook
-  namespace: cert-manager
+  namespace: default
 spec:
  ports:
  - name: https
@@ -14044,7 +14044,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager
-  namespace: cert-manager
+  namespace: default
 spec:
  replicas: 1
  selector:
@@ -14071,7 +14071,7 @@ spec:
      - args:
        - --v=2
        - --cluster-resource-namespace=$(POD_NAMESPACE)
-        - --leader-election-namespace=kube-system
+        - --leader-election-namespace=cert-manager
        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.17.0
        - --enable-gateway-api
        - --max-concurrent-challenges=60
@@ -14127,7 +14127,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-cainjector
-  namespace: cert-manager
+  namespace: default
 spec:
  replicas: 1
  selector:
@@ -14153,7 +14153,7 @@ spec:
      containers:
      - args:
        - --v=2
-        - --leader-election-namespace=kube-system
+        - --leader-election-namespace=cert-manager
        env:
        - name: POD_NAMESPACE
          valueFrom:
@@ -14193,7 +14193,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-webhook
-  namespace: cert-manager
+  namespace: default
 spec:
  replicas: 1
  selector:
@@ -14294,7 +14294,7 @@ metadata:
    app.kubernetes.io/version: v1.17.0
    helm.sh/chart: cert-manager-v1.17.0
  name: cert-manager-startupapicheck
-  namespace: cert-manager
+  namespace: default
 spec:
  backoffLimit: 4
  template:
@@ -14342,7 +14342,7 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
  annotations:
-    cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca
+    cert-manager.io/inject-ca-from-secret: default/cert-manager-webhook-ca
  labels:
    app: webhook
    app.kubernetes.io/component: webhook
@@ -14358,7 +14358,7 @@ webhooks:
  clientConfig:
    service:
      name: cert-manager-webhook
-      namespace: cert-manager
+      namespace: default
      path: /mutate
  failurePolicy: Fail
  matchPolicy: Equivalent
@@ -14379,7 +14379,7 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  annotations:
-    cert-manager.io/inject-ca-from-secret: cert-manager/cert-manager-webhook-ca
+    cert-manager.io/inject-ca-from-secret: default/cert-manager-webhook-ca
  labels:
    app: webhook
    app.kubernetes.io/component: webhook
@@ -14395,7 +14395,7 @@ webhooks:
  clientConfig:
    service:
      name: cert-manager-webhook
-      namespace: cert-manager
+      namespace: default
      path: /validate
  failurePolicy: Fail
  matchPolicy: Equivalent
--- a/certmanager/src/kustomization.yaml
+++ b/certmanager/src/kustomization.yaml
@@ -7,5 +7,4 @@ helmCharts:
    repo: https://charts.jetstack.io
    version: 1.17.0
    releaseName: cert-manager
-    namespace: cert-manager
    valuesFile: values.yaml
--- a/certmanager/src/values.yaml
+++ b/certmanager/src/values.yaml
@@ -3,3 +3,7 @@ crds:

 extraArgs:
  - --enable-gateway-api
+
+global:
+  leaderElection:
+    namespace: cert-manager