From 8e9bf46cb6385bd06a0de170804326b7ea629d35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinhard=20Na=CC=88gele?= Date: Mon, 18 Dec 2017 14:59:59 +0100 Subject: [PATCH 1/4] Enhance Helm chart and apply best practices * Update Chart.yaml * Make templates namespaced * Update config table in README.md * Apply best practices for RBAC (see https://github.com/kubernetes/helm/blob/master/docs/chart_best_practices/rbac.md) * Add extra args for cert-manager container * Make list indentation consistent * Apply standard labels on all resources * Add some content to NOTES.txt --- .gitignore | 1 + contrib/charts/cert-manager/Chart.yaml | 12 +++++- contrib/charts/cert-manager/README.md | 27 ++++++++----- .../charts/cert-manager/templates/NOTES.txt | 5 +++ .../cert-manager/templates/_helpers.tpl | 14 +++++-- .../templates/certificate-crd.yaml | 7 +++- .../templates/clusterissuer-crd.yaml | 5 +++ .../cert-manager/templates/deployment.yaml | 29 +++++++------- .../cert-manager/templates/issuer-crd.yaml | 14 ++++++- .../charts/cert-manager/templates/rbac.yaml | 40 +++++++++---------- .../templates/serviceaccount.yaml | 8 ++-- contrib/charts/cert-manager/values.yaml | 18 +++++++-- 12 files changed, 123 insertions(+), 57 deletions(-) diff --git a/.gitignore b/.gitignore index 1478b23db..cb169b1e8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ .DS_Store +.idea /acmesolver /controller /hack/build/dockerfiles/cert-manager-*_*_* diff --git a/contrib/charts/cert-manager/Chart.yaml b/contrib/charts/cert-manager/Chart.yaml index b892d8bdd..3c48f8891 100644 --- a/contrib/charts/cert-manager/Chart.yaml +++ b/contrib/charts/cert-manager/Chart.yaml @@ -1,4 +1,12 @@ -apiVersion: v1 -description: A Helm chart for Kubernetes name: cert-manager version: 0.1.0 +appVersion: 0.2.2 +description: A Helm chart for cert-manager +home: https://github.com/jetstack/cert-manager +keywords: + - cert-manager + - kube-lego + - letsencrypt + - tls +sources: + - https://github.com/jetstack/cert-manager diff --git a/contrib/charts/cert-manager/README.md b/contrib/charts/cert-manager/README.md index 139fe1940..4efbd9c94 100644 --- a/contrib/charts/cert-manager/README.md +++ b/contrib/charts/cert-manager/README.md @@ -44,15 +44,24 @@ The command removes all the Kubernetes components associated with the chart and The following tables lists the configurable parameters of the cert-manager chart and their default values. -| Parameter | Description | Default | -| ---------------------- | --------------------------------------- | ---------------------------------------------- | -| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | -| `image.tag` | Image tag | `v0.2.3` | -| `image.pullPolicy` | Image pull policy | `Always` | -| `replicaCount` | Number of cert-manager replicas | `1` | -| `createCustomResource` | Create CRD/TPR with this release | `true` | -| `rbac.enabled` | Create RBAC resources with this release | `true` | -| `resources` | CPU/Memory resource requests/limits | `None` | +| Parameter | Description | Default | +| --------- | ----------- | ------- | +| `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | +| `image.tag` | Image tag | `v0.2.3` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `replicaCount` | Number of cert-manager replicas | `1` | +| `createCustomResource` | Create CRD/TPR with this release | `true` | +| `extraArgs` | Optional flags for cert-manager | `[]` | +| `rbac.create` | If true, create & use RBAC resources | `true` +| `rbac.serviceAccountName` | ServiceAccount to be used (ignored if rbac.create=true) | `default` +| `resources` | CPU/memory resource requests/limits | `requests: {cpu: 10m, memory: 32Mi}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `ingressShim.enabled` | Enable ingress-shim for automatic ingress integration | `true`| +| `ingressShim.extraArgs` | Optional flags for ingress-shim | `[]` | +| `ingressShim.resources` | CPU/memory resource requests/limits for ingress-shim | `requests: {cpu: 10m, memory: 32Mi}` | +| `ingressShim.image.repository` | Image repository for ingress-shim | `quay.io/jetstack/cert-manager-ingress-shim` | +| `ingressShim.image.tag` | Image tag for ingress-shim. Defaults to `image.tag` if empty | `` | +| `ingressShim.image.pullPolicy` | Image pull policy for ingress-shim | `IfNotPresent` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/contrib/charts/cert-manager/templates/NOTES.txt b/contrib/charts/cert-manager/templates/NOTES.txt index e69de29bb..547ca086a 100644 --- a/contrib/charts/cert-manager/templates/NOTES.txt +++ b/contrib/charts/cert-manager/templates/NOTES.txt @@ -0,0 +1,5 @@ +cert-manager has been deployed successfully! + +You may now go ahead and create issuers and certificates. + +See https://github.com/jetstack/cert-manager/blob/master/docs/README.md diff --git a/contrib/charts/cert-manager/templates/_helpers.tpl b/contrib/charts/cert-manager/templates/_helpers.tpl index f0d83d2ed..82d3f3a7d 100644 --- a/contrib/charts/cert-manager/templates/_helpers.tpl +++ b/contrib/charts/cert-manager/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "name" -}} +{{- define "cert-manager.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -10,7 +10,15 @@ Expand the name of the chart. Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} -{{- define "fullname" -}} +{{- define "cert-manager.fullname" -}} {{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- $fullname := printf "%s-%s" $name .Release.Name -}} +{{- default $fullname .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "cert-manager.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} diff --git a/contrib/charts/cert-manager/templates/certificate-crd.yaml b/contrib/charts/cert-manager/templates/certificate-crd.yaml index e674a058d..33b3600c7 100644 --- a/contrib/charts/cert-manager/templates/certificate-crd.yaml +++ b/contrib/charts/cert-manager/templates/certificate-crd.yaml @@ -4,6 +4,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: certificates.certmanager.k8s.io + labels: + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: group: certmanager.k8s.io version: v1alpha1 @@ -18,6 +23,6 @@ metadata: name: certificate.certmanager.k8s.io description: "A specification for a cert-manager certificate" versions: -- name: v1alpha1 + - name: v1alpha1 {{- end -}} {{- end -}} diff --git a/contrib/charts/cert-manager/templates/clusterissuer-crd.yaml b/contrib/charts/cert-manager/templates/clusterissuer-crd.yaml index 28edce370..54275647e 100644 --- a/contrib/charts/cert-manager/templates/clusterissuer-crd.yaml +++ b/contrib/charts/cert-manager/templates/clusterissuer-crd.yaml @@ -4,6 +4,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: clusterissuers.certmanager.k8s.io + labels: + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: group: certmanager.k8s.io version: v1alpha1 diff --git a/contrib/charts/cert-manager/templates/deployment.yaml b/contrib/charts/cert-manager/templates/deployment.yaml index 8d4dc47c1..ffddb22ff 100644 --- a/contrib/charts/cert-manager/templates/deployment.yaml +++ b/contrib/charts/cert-manager/templates/deployment.yaml @@ -1,40 +1,41 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1beta1 kind: Deployment metadata: - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: Recreate template: metadata: labels: - app: {{ template "name" . }} + app: {{ template "cert-manager.name" . }} release: {{ .Release.Name }} spec: - serviceAccount: {{ template "fullname" . }} - serviceAccountName: {{ template "fullname" . }} + serviceAccountName: {{ if .Values.rbac.create }}{{ template "cert-manager.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.extraArgs }} args: -{{- range .Values.extraArgs }} - - {{ . }} -{{- end }} +{{ toYaml .Values.extraArgs | indent 12 }} + {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.ingressShim.enabled }} - name: ingress-shim - image: "{{ .Values.ingressShim.image.repository }}:{{ default .Values.ingressShim.image.tag | default .Values.image.tag }}" + image: "{{ .Values.ingressShim.image.repository }}:{{ default .Values.ingressShim.image.tag .Values.image.tag }}" imagePullPolicy: {{ .Values.ingressShim.image.pullPolicy }} + {{- if .Values.ingressShim.extraArgs }} args: -{{- range .Values.ingressShim.extraArgs }} - - {{ . }} -{{- end }} +{{ toYaml .Values.ingressShim.extraArgs | indent 12 }} + {{- end }} resources: {{ toYaml .Values.ingressShim.resources | indent 12 }} {{- end }} diff --git a/contrib/charts/cert-manager/templates/issuer-crd.yaml b/contrib/charts/cert-manager/templates/issuer-crd.yaml index 10f5618fa..6827b7101 100644 --- a/contrib/charts/cert-manager/templates/issuer-crd.yaml +++ b/contrib/charts/cert-manager/templates/issuer-crd.yaml @@ -4,6 +4,11 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: issuers.certmanager.k8s.io + labels: + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: group: certmanager.k8s.io version: v1alpha1 @@ -11,13 +16,18 @@ spec: kind: Issuer plural: issuers scope: Namespaced -{{ else if .Capabilities.APIVersions.Has "extensions/v1beta1" }} +{{ else if .Capabilities.APIVersions.Has "extensions/v1beta1" }} apiVersion: extensions/v1beta1 kind: ThirdPartyResource metadata: name: issuer.certmanager.k8s.io + labels: + app: {{ template "cert-manager.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} description: "A specification for a cert-manager issuer" versions: -- name: v1alpha1 + - name: v1alpha1 {{- end -}} {{- end -}} diff --git a/contrib/charts/cert-manager/templates/rbac.yaml b/contrib/charts/cert-manager/templates/rbac.yaml index 27afe516f..68a3d4ed7 100644 --- a/contrib/charts/cert-manager/templates/rbac.yaml +++ b/contrib/charts/cert-manager/templates/rbac.yaml @@ -1,39 +1,39 @@ -{{- if .Values.rbac.enabled -}} +{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} rules: -- apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "issuers", "clusterissuers"] - verbs: ["*"] -- apiGroups: [""] - resources: ["secrets", "events", "endpoints", "services", "pods"] - verbs: ["*"] -- apiGroups: ["extensions"] - resources: ["ingresses"] - verbs: ["*"] + - apiGroups: ["certmanager.k8s.io"] + resources: ["certificates", "issuers", "clusterissuers"] + verbs: ["*"] + - apiGroups: [""] + resources: ["secrets", "events", "endpoints", "services", "pods"] + verbs: ["*"] + - apiGroups: ["extensions"] + resources: ["ingresses"] + verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} subjects: -- name: {{ template "fullname" . }} - namespace: {{ .Release.Namespace | quote }} - kind: ServiceAccount + - name: {{ template "cert-manager.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + kind: ServiceAccount {{- end -}} diff --git a/contrib/charts/cert-manager/templates/serviceaccount.yaml b/contrib/charts/cert-manager/templates/serviceaccount.yaml index b65d4c92a..34d2e11d6 100644 --- a/contrib/charts/cert-manager/templates/serviceaccount.yaml +++ b/contrib/charts/cert-manager/templates/serviceaccount.yaml @@ -1,9 +1,11 @@ +{{- if .Values.rbac.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "fullname" . }} + name: {{ template "cert-manager.fullname" . }} labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app: {{ template "cert-manager.name" . }} + chart: {{ template "cert-manager.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{- end -}} diff --git a/contrib/charts/cert-manager/values.yaml b/contrib/charts/cert-manager/values.yaml index c2ad895b2..a4f14abe8 100644 --- a/contrib/charts/cert-manager/values.yaml +++ b/contrib/charts/cert-manager/values.yaml @@ -6,12 +6,17 @@ replicaCount: 1 image: repository: quay.io/jetstack/cert-manager-controller tag: v0.2.3 - pullPolicy: Always + pullPolicy: IfNotPresent createCustomResource: true rbac: - enabled: true + create: true + serviceAccountName: default + +# Optional additional arguments +extraArgs: [] + # - --cluster-resource-namespace=ingress resources: requests: @@ -21,17 +26,24 @@ resources: # Optional additional arguments for cert-manager extraArgs: [] +nodeSelector: {} + ingressShim: enabled: true + # Optional additional arguments for ingress-shim extraArgs: [] + resources: requests: cpu: 10m memory: 32Mi + image: repository: quay.io/jetstack/cert-manager-ingress-shim + # Defaults to image.tag. # You should only change this if you know what you are doing! # tag: v0.2.3 - pullPolicy: Always + + pullPolicy: IfNotPresent From f21704833e44a37dd6b525e2abe06deb268c6831 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinhard=20Na=CC=88gele?= Date: Tue, 19 Dec 2017 16:30:47 +0100 Subject: [PATCH 2/4] Bump chart version and apply fixes --- contrib/charts/cert-manager/Chart.yaml | 2 +- contrib/charts/cert-manager/templates/deployment.yaml | 2 +- contrib/charts/cert-manager/values.yaml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/contrib/charts/cert-manager/Chart.yaml b/contrib/charts/cert-manager/Chart.yaml index 3c48f8891..c57c0fc57 100644 --- a/contrib/charts/cert-manager/Chart.yaml +++ b/contrib/charts/cert-manager/Chart.yaml @@ -1,5 +1,5 @@ name: cert-manager -version: 0.1.0 +version: 0.2.0 appVersion: 0.2.2 description: A Helm chart for cert-manager home: https://github.com/jetstack/cert-manager diff --git a/contrib/charts/cert-manager/templates/deployment.yaml b/contrib/charts/cert-manager/templates/deployment.yaml index ffddb22ff..b3f656ef5 100644 --- a/contrib/charts/cert-manager/templates/deployment.yaml +++ b/contrib/charts/cert-manager/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: app: {{ template "cert-manager.name" . }} release: {{ .Release.Name }} spec: - serviceAccountName: {{ if .Values.rbac.create }}{{ template "cert-manager.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} + serviceAccountName: {{ if .Values.rbac.create }}{{ template "cert-manager.fullname" . }}{{ else }}{{ .Values.rbac.serviceAccountName | quote }}{{ end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/contrib/charts/cert-manager/values.yaml b/contrib/charts/cert-manager/values.yaml index a4f14abe8..967df1891 100644 --- a/contrib/charts/cert-manager/values.yaml +++ b/contrib/charts/cert-manager/values.yaml @@ -16,7 +16,9 @@ rbac: # Optional additional arguments extraArgs: [] - # - --cluster-resource-namespace=ingress + # Use this flag to set a namespace that cert-manager will use to store + # supporting resources required for each ClusterIssuer (default is kube-system) + # - --cluster-resource-namespace=kube-system resources: requests: From 8a38db95ad286b50d44767be03d8d26299d125bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinhard=20Na=CC=88gele?= Date: Thu, 11 Jan 2018 14:36:14 +0100 Subject: [PATCH 3/4] Apply revised RBAC best practices --- contrib/charts/cert-manager/Chart.yaml | 2 +- contrib/charts/cert-manager/README.md | 5 +++-- contrib/charts/cert-manager/templates/_helpers.tpl | 11 +++++++++++ contrib/charts/cert-manager/templates/deployment.yaml | 2 +- contrib/charts/cert-manager/templates/rbac.yaml | 2 +- .../charts/cert-manager/templates/serviceaccount.yaml | 4 ++-- contrib/charts/cert-manager/values.yaml | 9 ++++++++- 7 files changed, 27 insertions(+), 8 deletions(-) diff --git a/contrib/charts/cert-manager/Chart.yaml b/contrib/charts/cert-manager/Chart.yaml index c57c0fc57..27be5859e 100644 --- a/contrib/charts/cert-manager/Chart.yaml +++ b/contrib/charts/cert-manager/Chart.yaml @@ -1,6 +1,6 @@ name: cert-manager version: 0.2.0 -appVersion: 0.2.2 +appVersion: 0.2.3 description: A Helm chart for cert-manager home: https://github.com/jetstack/cert-manager keywords: diff --git a/contrib/charts/cert-manager/README.md b/contrib/charts/cert-manager/README.md index 4efbd9c94..e49cfd432 100644 --- a/contrib/charts/cert-manager/README.md +++ b/contrib/charts/cert-manager/README.md @@ -52,8 +52,9 @@ The following tables lists the configurable parameters of the cert-manager chart | `replicaCount` | Number of cert-manager replicas | `1` | | `createCustomResource` | Create CRD/TPR with this release | `true` | | `extraArgs` | Optional flags for cert-manager | `[]` | -| `rbac.create` | If true, create & use RBAC resources | `true` -| `rbac.serviceAccountName` | ServiceAccount to be used (ignored if rbac.create=true) | `default` +| `rbac.create` | If `true`, create and use RBAC resources | `true` +| `serviceAccount.create` | If `true`, create a new service account | `true` +| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` | `resources` | CPU/memory resource requests/limits | `requests: {cpu: 10m, memory: 32Mi}` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `ingressShim.enabled` | Enable ingress-shim for automatic ingress integration | `true`| diff --git a/contrib/charts/cert-manager/templates/_helpers.tpl b/contrib/charts/cert-manager/templates/_helpers.tpl index 82d3f3a7d..5883b323d 100644 --- a/contrib/charts/cert-manager/templates/_helpers.tpl +++ b/contrib/charts/cert-manager/templates/_helpers.tpl @@ -22,3 +22,14 @@ Create chart name and version as used by the chart label. {{- define "cert-manager.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "cert-manager.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "cert-manager.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/contrib/charts/cert-manager/templates/deployment.yaml b/contrib/charts/cert-manager/templates/deployment.yaml index b3f656ef5..953a9b59a 100644 --- a/contrib/charts/cert-manager/templates/deployment.yaml +++ b/contrib/charts/cert-manager/templates/deployment.yaml @@ -17,7 +17,7 @@ spec: app: {{ template "cert-manager.name" . }} release: {{ .Release.Name }} spec: - serviceAccountName: {{ if .Values.rbac.create }}{{ template "cert-manager.fullname" . }}{{ else }}{{ .Values.rbac.serviceAccountName | quote }}{{ end }} + serviceAccountName: {{ template "cert-manager.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/contrib/charts/cert-manager/templates/rbac.yaml b/contrib/charts/cert-manager/templates/rbac.yaml index 68a3d4ed7..8eda9ec7d 100644 --- a/contrib/charts/cert-manager/templates/rbac.yaml +++ b/contrib/charts/cert-manager/templates/rbac.yaml @@ -33,7 +33,7 @@ roleRef: kind: ClusterRole name: {{ template "cert-manager.fullname" . }} subjects: - - name: {{ template "cert-manager.fullname" . }} + - name: {{ template "cert-manager.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} kind: ServiceAccount {{- end -}} diff --git a/contrib/charts/cert-manager/templates/serviceaccount.yaml b/contrib/charts/cert-manager/templates/serviceaccount.yaml index 34d2e11d6..42f92a581 100644 --- a/contrib/charts/cert-manager/templates/serviceaccount.yaml +++ b/contrib/charts/cert-manager/templates/serviceaccount.yaml @@ -1,8 +1,8 @@ -{{- if .Values.rbac.create -}} +{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "cert-manager.fullname" . }} + name: {{ template "cert-manager.serviceAccountName" . }} labels: app: {{ template "cert-manager.name" . }} chart: {{ template "cert-manager.chart" . }} diff --git a/contrib/charts/cert-manager/values.yaml b/contrib/charts/cert-manager/values.yaml index 967df1891..f05d88743 100644 --- a/contrib/charts/cert-manager/values.yaml +++ b/contrib/charts/cert-manager/values.yaml @@ -11,8 +11,15 @@ image: createCustomResource: true rbac: + # Specifies whether RBAC resources should be created create: true - serviceAccountName: default + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: # Optional additional arguments extraArgs: [] From fe904f40650aa26e57d4fa7a72bea131e4821293 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reinhard=20Na=CC=88gele?= Date: Tue, 16 Jan 2018 15:54:50 +0100 Subject: [PATCH 4/4] Remove redundant 'extraArgs' from values.yaml --- contrib/charts/cert-manager/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/contrib/charts/cert-manager/values.yaml b/contrib/charts/cert-manager/values.yaml index f05d88743..b290ed98d 100644 --- a/contrib/charts/cert-manager/values.yaml +++ b/contrib/charts/cert-manager/values.yaml @@ -32,9 +32,6 @@ resources: cpu: 10m memory: 32Mi -# Optional additional arguments for cert-manager -extraArgs: [] - nodeSelector: {} ingressShim: