forked from hswaw/hscloud
cluster/kube: minor cert-manager cleanups, disable webhooks by default
This commit is contained in:
parent
79ddbc57d9
commit
2afe604595
1 changed files with 10 additions and 21 deletions
|
@ -10,6 +10,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
|
||||
cfg:: {
|
||||
namespace: "cert-manager",
|
||||
enableWebhook: false,
|
||||
},
|
||||
|
||||
metadata:: {
|
||||
|
@ -518,7 +519,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: env.metadata,
|
||||
spec: {
|
||||
secretName: "cert-manager-webhook-ca",
|
||||
duration: "43800h", // 5 years
|
||||
duration: "43800h0m0s", // 5 years
|
||||
issuerRef: {
|
||||
name: env.issuers.webhookSelfsign.metadata.name,
|
||||
},
|
||||
|
@ -530,7 +531,7 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
metadata+: env.metadata,
|
||||
spec: {
|
||||
secretName: "cert-manager-webhook-webhook-tls",
|
||||
duration: "8760h", // 1 year
|
||||
duration: "8760h0m0s", // 1 year
|
||||
issuerRef: {
|
||||
name: env.issuers.webhookSelfsign.metadata.name,
|
||||
},
|
||||
|
@ -545,11 +546,10 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
admission: kube._Object("admissionregistration.k8s.io/v1beta1", "ValidatingWebhookConfiguration", "cert-manager-webhook") {
|
||||
metadata+: {
|
||||
annotations: {
|
||||
"certmanager.k8s.io/inject-apiserver-ca": "true",
|
||||
},
|
||||
},
|
||||
webhooks: [
|
||||
// Copied from official yaml
|
||||
// Copied from official yaml
|
||||
webhooks: if cfg.enableWebhook then [
|
||||
{
|
||||
"name": "certificates.admission.certmanager.k8s.io",
|
||||
"namespaceSelector": {
|
||||
|
@ -691,29 +691,18 @@ local kube = import "../../../kube/kube.libsonnet";
|
|||
"caBundle": "",
|
||||
}
|
||||
}
|
||||
],
|
||||
] else [],
|
||||
},
|
||||
},
|
||||
|
||||
/*
|
||||
Issuer(name):: {
|
||||
local cfg = self,
|
||||
spec:: error "spec must be specified",
|
||||
metadata:: {
|
||||
namespace: "cert-manager",
|
||||
},
|
||||
|
||||
issuer: kube._Object("certmanager.k8s.io/v1alpha1", "Issuer", name) {
|
||||
metadata+: cfg.metadata,
|
||||
spec: cfg.spec,
|
||||
},
|
||||
},
|
||||
*/
|
||||
|
||||
Issuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "Issuer", name) {
|
||||
spec: error "spec must be specified",
|
||||
},
|
||||
|
||||
ClusterIssuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "ClusterIssuer", name) {
|
||||
spec: error "spec must be specified",
|
||||
},
|
||||
|
||||
Certificate(name): kube._Object("certmanager.k8s.io/v1alpha1", "Certificate", name) {
|
||||
spec: error "spec must be specified",
|
||||
},
|
||||
|
|
Loading…
Reference in a new issue