weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Adding the ability to set volumes and volumeMounts to all pods

Browse Source 
Signed-off-by: Aaron Aichlmayr <aaichlmayr@conquestcyber.com>
This commit is contained in:
Aaron Aichlmayr 2022-12-28 18:31:48 -06:00
parent 3115953b02
commit 0ce3553e7f
No known key found for this signature in database
GPG Key ID: 7FA6DE00691B6C1A
5 changed files with 44 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
deploy/charts/cert-manager/templates/cainjector-deployment.yaml
View File

@ -90,6 +90,10 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.cainjector.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.cainjector.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@ -106,4 +110,8 @@ spec:
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.cainjector.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

11
deploy/charts/cert-manager/templates/startupapicheck-job.yaml
View File

@ -34,6 +34,9 @@ spec:
spec:
restartPolicy: OnFailure
serviceAccountName: {{ template "startupapicheck.serviceAccountName" . }}
{{- if hasKey .Values.startupapicheck "automountServiceAccountToken" }}
automountServiceAccountToken: {{ .Values.startupapicheck.automountServiceAccountToken }}
{{- end }}
{{- with .Values.global.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
@ -62,6 +65,10 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.startupapicheck.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.startupapicheck.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@ -74,4 +81,8 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.startupapicheck.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

14
deploy/charts/cert-manager/templates/webhook-deployment.yaml
View File

@ -146,10 +146,15 @@ spec:
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if .Values.webhook.config }}
{{- if or .Values.webhook.config (gt (len .Values.webhook.volumeMounts) 0) }}
volumeMounts:
{{- if .Values.webhook.config }}
- name: config
mountPath: /var/cert-manager/config
{{- end }}
{{- if (gt (len .Values.webhook.volumeMounts) 0) }}
{{- toYaml .Values.webhook.volumeMounts | nindent 10 }}
{{- end }}
{{- end }}
{{- with .Values.webhook.nodeSelector }}
nodeSelector:
@ -167,9 +172,14 @@ spec:
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.webhook.config }}
{{- if or .Values.webhook.config (gt (len .Values.webhook.volumes) 0) }}
volumes:
{{- if .Values.webhook.config }}
- name: config
configMap:
name: {{ include "webhook.fullname" . }}
{{- end }}
{{- if (gt (len .Values.webhook.volumes) 0) }}
{{- toYaml .Values.webhook.volumes | nindent 8 }}
{{- end }}
{{- end }}

2
deploy/charts/cert-manager/templates/webhook-psp-clusterrole.yaml
View File

@ -15,4 +15,4 @@ rules:
verbs: ['use']
resourceNames:
- {{ template "webhook.fullname" . }}
{{- end }}
{{- end }}

12
deploy/charts/cert-manager/values.yaml
View File

@ -424,6 +424,9 @@ webhook:
- ipBlock:
cidr: 0.0.0.0/0
volumes: []
volumeMounts: []
cainjector:
enabled: true
replicaCount: 1
@ -512,6 +515,9 @@ cainjector:
# Automounting API credentials for a particular pod
# automountServiceAccountToken: true
volumes: []
volumeMounts: []
acmesolver:
image:
repository: quay.io/jetstack/cert-manager-acmesolver
@ -609,6 +615,9 @@ startupapicheck:
helm.sh/hook-weight: "-5"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
# Automounting API credentials for a particular pod
# automountServiceAccountToken: true
serviceAccount:
# Specifies whether a service account should be created
create: true
@ -628,3 +637,6 @@ startupapicheck:
# Optional additional labels to add to the startupapicheck's ServiceAccount
# labels: {}
volumes: []
volumeMounts: []