weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #2642 from meyskens/manifest-phase1

Browse Source 
Put OpenShift specific RBAC in all manifests
This commit is contained in:
jetstack-bot 2020-03-04 13:02:58 +00:00 committed by GitHub
commit f2c462d29f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/charts/cert-manager/templates/rbac.yaml
View File

@ -213,14 +213,12 @@ rules:
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["get", "list", "watch", "create", "delete", "update"]
{{- if .Values.global.isOpenshift }}
# We require the ability to specify a custom hostname when we are creating
# new ingress resources.
# See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148
- apiGroups: ["route.openshift.io"]
resources: ["routes/custom-host"]
verbs: ["create"]
{{- end }}
# We require these rules to support users with the OwnerReferencesPermissionEnforcement
# admission controller enabled:
# https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement

1
deploy/charts/cert-manager/values.yaml
View File

@ -6,7 +6,6 @@ global:
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
##
imagePullSecrets: []
isOpenshift: false
# - name: "image-pull-secret"
# Optional priority class to be used for the cert-manager pods

4
deploy/manifests/BUILD.bazel
View File

@ -14,9 +14,7 @@ VARIANTS = {
"cert-manager-no-webhook": {
"webhook.enabled": "false",
},
"cert-manager-openshift": {
"global.isOpenshift": "true",
},
"cert-manager-openshift": {},
}
[helm_tmpl(