diff --git a/deploy/manifests/with-rbac-webhook.yaml b/deploy/manifests/cert-manager-webhook.yaml similarity index 89% rename from deploy/manifests/with-rbac-webhook.yaml rename to deploy/manifests/cert-manager-webhook.yaml index b5930b4fb67..0dbaef3f3d7 100644 --- a/deploy/manifests/with-rbac-webhook.yaml +++ b/deploy/manifests/cert-manager-webhook.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: webhook + name: cert-manager namespace: "cert-manager" labels: app: webhook @@ -20,7 +20,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: webhook:auth-delegator + name: cert-manager:auth-delegator labels: app: webhook chart: webhook-v0.6.0-dev.3 @@ -33,7 +33,7 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: webhook + name: cert-manager namespace: cert-manager --- @@ -44,7 +44,7 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: - name: webhook:webhook-authentication-reader + name: cert-manager:webhook-authentication-reader namespace: kube-system labels: app: webhook @@ -58,7 +58,7 @@ roleRef: subjects: - apiGroup: "" kind: ServiceAccount - name: webhook + name: cert-manager namespace: cert-manager --- @@ -66,7 +66,7 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: webhook:webhook-requester + name: cert-manager:webhook-requester labels: app: webhook chart: webhook-v0.6.0-dev.3 @@ -87,7 +87,7 @@ rules: apiVersion: v1 kind: Service metadata: - name: webhook + name: cert-manager namespace: "cert-manager" labels: app: webhook @@ -109,7 +109,7 @@ spec: apiVersion: apps/v1beta1 kind: Deployment metadata: - name: webhook + name: cert-manager namespace: "cert-manager" labels: app: webhook @@ -129,7 +129,7 @@ spec: release: webhook annotations: spec: - serviceAccountName: webhook + serviceAccountName: cert-manager containers: - name: webhook image: "quay.io/jetstack/cert-manager-webhook:canary" @@ -156,7 +156,7 @@ spec: volumes: - name: certs secret: - secretName: webhook-webhook-tls + secretName: cert-manager-webhook-tls --- # Source: webhook/templates/ca-sync.yaml @@ -167,7 +167,7 @@ spec: apiVersion: batch/v1beta1 kind: CronJob metadata: - name: webhook-ca-sync + name: cert-manager-ca-sync namespace: "cert-manager" labels: app: webhook @@ -183,7 +183,7 @@ spec: labels: app: ca-helper spec: - serviceAccountName: webhook-ca-sync + serviceAccountName: cert-manager-ca-sync restartPolicy: OnFailure containers: - name: ca-helper @@ -204,12 +204,12 @@ spec: volumes: - name: config configMap: - name: webhook-ca-sync + name: cert-manager-ca-sync --- apiVersion: batch/v1 kind: Job metadata: - name: webhook-ca-sync + name: cert-manager-ca-sync namespace: "cert-manager" labels: app: webhook @@ -222,7 +222,7 @@ spec: labels: app: ca-helper spec: - serviceAccountName: webhook-ca-sync + serviceAccountName: cert-manager-ca-sync restartPolicy: OnFailure containers: - name: ca-helper @@ -243,12 +243,12 @@ spec: volumes: - name: config configMap: - name: webhook-ca-sync + name: cert-manager-ca-sync --- apiVersion: v1 kind: ConfigMap metadata: - name: webhook-ca-sync + name: cert-manager-ca-sync namespace: "cert-manager" labels: app: webhook @@ -262,7 +262,7 @@ data: { "name": "v1beta1.admission.certmanager.k8s.io", "secret": { - "name": "webhook-ca", + "name": "cert-manager-ca", "namespace": "cert-manager", "key": "tls.crt" } @@ -270,7 +270,7 @@ data: ], "validatingWebhookConfigurations": [ { - "name": "webhook", + "name": "cert-manager", "file": { "path": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" } @@ -281,7 +281,7 @@ data: apiVersion: v1 kind: ServiceAccount metadata: - name: webhook-ca-sync + name: cert-manager-ca-sync namespace: "cert-manager" labels: app: webhook @@ -292,7 +292,7 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: webhook-ca-sync + name: cert-manager-ca-sync labels: app: webhook chart: webhook-v0.6.0-dev.3 @@ -303,12 +303,12 @@ rules: resources: ["secrets"] verbs: ["get"] resourceNames: - - webhook-ca + - cert-manager-ca - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "update"] resourceNames: - - webhook + - cert-manager - apiGroups: ["apiregistration.k8s.io"] resources: ["apiservices"] verbs: ["get", "update"] @@ -318,7 +318,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: - name: webhook-ca-sync + name: cert-manager-ca-sync labels: app: webhook chart: webhook-v0.6.0-dev.3 @@ -327,9 +327,9 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: webhook-ca-sync + name: cert-manager-ca-sync subjects: - - name: webhook-ca-sync + - name: cert-manager-ca-sync namespace: cert-manager kind: ServiceAccount @@ -349,7 +349,7 @@ spec: groupPriorityMinimum: 1000 versionPriority: 15 service: - name: webhook + name: cert-manager namespace: "cert-manager" version: v1beta1 @@ -361,7 +361,7 @@ spec: apiVersion: certmanager.k8s.io/v1alpha1 kind: Issuer metadata: - name: webhook-selfsign + name: cert-manager-selfsign namespace: "cert-manager" labels: app: webhook @@ -377,7 +377,7 @@ spec: apiVersion: certmanager.k8s.io/v1alpha1 kind: Certificate metadata: - name: webhook-ca + name: cert-manager-ca namespace: "cert-manager" labels: app: webhook @@ -385,9 +385,9 @@ metadata: release: webhook heritage: Tiller spec: - secretName: webhook-ca + secretName: cert-manager-ca issuerRef: - name: webhook-selfsign + name: cert-manager-selfsign commonName: "ca.webhook.cert-manager" isCA: true @@ -397,7 +397,7 @@ spec: apiVersion: certmanager.k8s.io/v1alpha1 kind: Issuer metadata: - name: webhook-ca + name: cert-manager-ca namespace: "cert-manager" labels: app: webhook @@ -406,7 +406,7 @@ metadata: heritage: Tiller spec: ca: - secretName: webhook-ca + secretName: cert-manager-ca --- @@ -414,7 +414,7 @@ spec: apiVersion: certmanager.k8s.io/v1alpha1 kind: Certificate metadata: - name: webhook-webhook-tls + name: cert-manager-webhook-tls namespace: "cert-manager" labels: app: webhook @@ -422,20 +422,20 @@ metadata: release: webhook heritage: Tiller spec: - secretName: webhook-webhook-tls + secretName: cert-manager-webhook-tls issuerRef: - name: webhook-ca + name: cert-manager-ca dnsNames: - - webhook - - webhook.cert-manager - - webhook.cert-manager.svc + - cert-manager + - cert-manager.cert-manager + - cert-manager.cert-manager.svc --- # Source: webhook/templates/validating-webhook.yaml apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration metadata: - name: webhook + name: cert-manager labels: app: webhook chart: webhook-v0.6.0-dev.3 diff --git a/deploy/manifests/with-rbac.yaml b/deploy/manifests/cert-manager.yaml similarity index 100% rename from deploy/manifests/with-rbac.yaml rename to deploy/manifests/cert-manager.yaml diff --git a/hack/deploy/rbac-values.yaml b/deploy/manifests/helm-values.yaml similarity index 80% rename from hack/deploy/rbac-values.yaml rename to deploy/manifests/helm-values.yaml index 112a30e1165..6aca82357bf 100644 --- a/hack/deploy/rbac-values.yaml +++ b/deploy/manifests/helm-values.yaml @@ -1,3 +1,5 @@ +fullnameOverride: cert-manager + resources: requests: cpu: 10m diff --git a/deploy/manifests/without-rbac-webhook.yaml b/deploy/manifests/without-rbac-webhook.yaml deleted file mode 100644 index b5930b4fb67..00000000000 --- a/deploy/manifests/without-rbac-webhook.yaml +++ /dev/null @@ -1,526 +0,0 @@ ---- -# Source: webhook/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - name: webhook - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller - ---- -# Source: webhook/templates/rbac.yaml -### Webhook ### ---- -# apiserver gets the auth-delegator role to delegate auth decisions to -# the core apiserver -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: webhook:auth-delegator - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- apiGroup: "" - kind: ServiceAccount - name: webhook - namespace: cert-manager - ---- - -# apiserver gets the ability to read authentication. This allows it to -# read the specific configmap that has the requestheader-* entries to -# api agg -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: webhook:webhook-authentication-reader - namespace: kube-system - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- apiGroup: "" - kind: ServiceAccount - name: webhook - namespace: cert-manager - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: webhook:webhook-requester - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -rules: -- apiGroups: - - admission.certmanager.k8s.io - resources: - - certificates - - issuers - - clusterissuers - verbs: - - create - ---- -# Source: webhook/templates/service.yaml -apiVersion: v1 -kind: Service -metadata: - name: webhook - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -spec: - type: ClusterIP - ports: - - name: https - port: 443 - targetPort: 6443 - selector: - app: webhook - release: webhook - ---- -# Source: webhook/templates/deployment.yaml -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: webhook - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -spec: - replicas: 1 - selector: - matchLabels: - app: webhook - release: webhook - template: - metadata: - labels: - app: webhook - release: webhook - annotations: - spec: - serviceAccountName: webhook - containers: - - name: webhook - image: "quay.io/jetstack/cert-manager-webhook:canary" - imagePullPolicy: Always - args: - - --v=12 - - --secure-port=6443 - - --tls-cert-file=/certs/tls.crt - - --tls-private-key-file=/certs/tls.key - - --disable-admission-plugins=NamespaceLifecycle,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,Initializers - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - requests: - cpu: 10m - memory: 32Mi - - volumeMounts: - - name: certs - mountPath: /certs - volumes: - - name: certs - secret: - secretName: webhook-webhook-tls - ---- -# Source: webhook/templates/ca-sync.yaml -## This file contains a CronJob that runs every 24h to automatically update the -## caBundle set on the APIService and ValidatingWebhookConfiguration resource. -## This allows us to store the CA bundle in a Secret resource which is -## generated by cert-manager's 'selfsigned' Issuer. -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: webhook-ca-sync - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -spec: - schedule: "* * */24 * *" - jobTemplate: - spec: - template: - metadata: - labels: - app: ca-helper - spec: - serviceAccountName: webhook-ca-sync - restartPolicy: OnFailure - containers: - - name: ca-helper - image: quay.io/munnerz/apiextensions-ca-helper:v0.1.0 - imagePullPolicy: IfNotPresent - args: - - -config=/config/config - volumeMounts: - - name: config - mountPath: /config - resources: - requests: - cpu: 10m - memory: 32Mi - limits: - cpu: 100m - memory: 128Mi - volumes: - - name: config - configMap: - name: webhook-ca-sync ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: webhook-ca-sync - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -spec: - template: - metadata: - labels: - app: ca-helper - spec: - serviceAccountName: webhook-ca-sync - restartPolicy: OnFailure - containers: - - name: ca-helper - image: quay.io/munnerz/apiextensions-ca-helper:v0.1.0 - imagePullPolicy: IfNotPresent - args: - - -config=/config/config - volumeMounts: - - name: config - mountPath: /config - resources: - requests: - cpu: 10m - memory: 32Mi - limits: - cpu: 100m - memory: 128Mi - volumes: - - name: config - configMap: - name: webhook-ca-sync ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: webhook-ca-sync - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -data: - config: |- - { - "apiServices": [ - { - "name": "v1beta1.admission.certmanager.k8s.io", - "secret": { - "name": "webhook-ca", - "namespace": "cert-manager", - "key": "tls.crt" - } - } - ], - "validatingWebhookConfigurations": [ - { - "name": "webhook", - "file": { - "path": "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - } - } - ] - } ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: webhook-ca-sync - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: webhook-ca-sync - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - resourceNames: - - webhook-ca - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["get", "update"] - resourceNames: - - webhook - - apiGroups: ["apiregistration.k8s.io"] - resources: ["apiservices"] - verbs: ["get", "update"] - resourceNames: - - v1beta1.admission.certmanager.k8s.io ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: webhook-ca-sync - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: webhook-ca-sync -subjects: - - name: webhook-ca-sync - namespace: cert-manager - kind: ServiceAccount - ---- -# Source: webhook/templates/apiservice.yaml -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1beta1.admission.certmanager.k8s.io - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -spec: - group: admission.certmanager.k8s.io - groupPriorityMinimum: 1000 - versionPriority: 15 - service: - name: webhook - namespace: "cert-manager" - version: v1beta1 - ---- -# Source: webhook/templates/pki.yaml ---- -# Create a selfsigned Issuer, in order to create a root CA certificate for -# signing webhook serving certificates -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Issuer -metadata: - name: webhook-selfsign - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -spec: - selfsigned: {} - ---- - -# Generate a CA Certificate used to sign certificates for the webhook -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: webhook-ca - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -spec: - secretName: webhook-ca - issuerRef: - name: webhook-selfsign - commonName: "ca.webhook.cert-manager" - isCA: true - ---- - -# Create an Issuer that uses the above generated CA certificate to issue certs -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Issuer -metadata: - name: webhook-ca - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -spec: - ca: - secretName: webhook-ca - ---- - -# Finally, generate a serving certificate for the webhook to use -apiVersion: certmanager.k8s.io/v1alpha1 -kind: Certificate -metadata: - name: webhook-webhook-tls - namespace: "cert-manager" - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -spec: - secretName: webhook-webhook-tls - issuerRef: - name: webhook-ca - dnsNames: - - webhook - - webhook.cert-manager - - webhook.cert-manager.svc - ---- -# Source: webhook/templates/validating-webhook.yaml -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: webhook - labels: - app: webhook - chart: webhook-v0.6.0-dev.3 - release: webhook - heritage: Tiller -webhooks: - - name: certificates.admission.certmanager.k8s.io - namespaceSelector: - matchExpressions: - - key: "certmanager.k8s.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager - rules: - - apiGroups: - - "certmanager.k8s.io" - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - certificates - failurePolicy: Fail - clientConfig: - service: - name: kubernetes - namespace: default - path: /apis/admission.certmanager.k8s.io/v1beta1/certificates - - name: issuers.admission.certmanager.k8s.io - namespaceSelector: - matchExpressions: - - key: "certmanager.k8s.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager - rules: - - apiGroups: - - "certmanager.k8s.io" - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - issuers - failurePolicy: Fail - clientConfig: - service: - name: kubernetes - namespace: default - path: /apis/admission.certmanager.k8s.io/v1beta1/issuers - - name: clusterissuers.admission.certmanager.k8s.io - namespaceSelector: - matchExpressions: - - key: "certmanager.k8s.io/disable-validation" - operator: "NotIn" - values: - - "true" - - key: "name" - operator: "NotIn" - values: - - cert-manager - rules: - - apiGroups: - - "certmanager.k8s.io" - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - clusterissuers - failurePolicy: Fail - clientConfig: - service: - name: kubernetes - namespace: default - path: /apis/admission.certmanager.k8s.io/v1beta1/clusterissuers - diff --git a/deploy/manifests/without-rbac.yaml b/deploy/manifests/without-rbac.yaml deleted file mode 100644 index 1e3414d6c46..00000000000 --- a/deploy/manifests/without-rbac.yaml +++ /dev/null @@ -1,161 +0,0 @@ ---- -# Source: cert-manager/templates/00-namespace.yaml - -apiVersion: v1 -kind: Namespace -metadata: - name: "cert-manager" - labels: - name: "cert-manager" - certmanager.k8s.io/disable-validation: "true" - ---- -# Source: cert-manager/templates/certificate-crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io - annotations: - "helm.sh/hook": crd-install - labels: - app: cert-manager - chart: cert-manager-v0.6.0-dev.6 - release: cert-manager - heritage: Tiller -spec: - group: certmanager.k8s.io - version: v1alpha1 - scope: Namespaced - names: - kind: Certificate - plural: certificates - shortNames: - - cert - - certs - ---- -# Source: cert-manager/templates/challenge-crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: challenges.certmanager.k8s.io - labels: - app: cert-manager - chart: cert-manager-v0.6.0-dev.6 - release: cert-manager - heritage: Tiller -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Challenge - plural: challenges - scope: Namespaced ---- -# Source: cert-manager/templates/clusterissuer-crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io - annotations: - "helm.sh/hook": crd-install - labels: - app: cert-manager - chart: cert-manager-v0.6.0-dev.6 - release: cert-manager - heritage: Tiller -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster ---- -# Source: cert-manager/templates/issuer-crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io - annotations: - "helm.sh/hook": crd-install - labels: - app: cert-manager - chart: cert-manager-v0.6.0-dev.6 - release: cert-manager - heritage: Tiller -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Issuer - plural: issuers - scope: Namespaced ---- -# Source: cert-manager/templates/order-crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: orders.certmanager.k8s.io - labels: - app: cert-manager - chart: cert-manager-v0.6.0-dev.6 - release: cert-manager - heritage: Tiller -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Order - plural: orders - scope: Namespaced ---- -# Source: cert-manager/templates/deployment.yaml -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: cert-manager - namespace: "cert-manager" - labels: - app: cert-manager - chart: cert-manager-v0.6.0-dev.6 - release: cert-manager - heritage: Tiller -spec: - replicas: 1 - selector: - matchLabels: - app: cert-manager - release: cert-manager - template: - metadata: - labels: - app: cert-manager - release: cert-manager - annotations: - spec: - serviceAccountName: default - containers: - - name: cert-manager - image: "quay.io/jetstack/cert-manager-controller:canary" - imagePullPolicy: Always - args: - - --cluster-resource-namespace=$(POD_NAMESPACE) - - --leader-election-namespace=$(POD_NAMESPACE) - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: - requests: - cpu: 10m - memory: 32Mi - - ---- -# Source: cert-manager/templates/rbac.yaml - ---- -# Source: cert-manager/templates/serviceaccount.yaml - diff --git a/hack/BUILD.bazel b/hack/BUILD.bazel index 40d95b79da9..4bec2cb4bf4 100644 --- a/hack/BUILD.bazel +++ b/hack/BUILD.bazel @@ -109,7 +109,6 @@ sh_test( data = [ ":update-deploy-gen", "//deploy:all-srcs", - "//hack/deploy:all-srcs", ], ) @@ -164,7 +163,6 @@ filegroup( ":package-srcs", "//hack/bin:all-srcs", "//hack/boilerplate:all-srcs", - "//hack/deploy:all-srcs", ], tags = ["automanaged"], visibility = ["//visibility:public"], diff --git a/hack/deploy/BUILD.bazel b/hack/deploy/BUILD.bazel deleted file mode 100644 index 6df04e38cd7..00000000000 --- a/hack/deploy/BUILD.bazel +++ /dev/null @@ -1,13 +0,0 @@ -filegroup( - name = "package-srcs", - srcs = glob(["**"]), - tags = ["automanaged"], - visibility = ["//visibility:private"], -) - -filegroup( - name = "all-srcs", - srcs = [":package-srcs"], - tags = ["automanaged"], - visibility = ["//visibility:public"], -) diff --git a/hack/deploy/without-rbac-values.yaml b/hack/deploy/without-rbac-values.yaml deleted file mode 100644 index afc09aa8c72..00000000000 --- a/hack/deploy/without-rbac-values.yaml +++ /dev/null @@ -1,16 +0,0 @@ -rbac: - create: false - -serviceAccount: - create: false - -resources: - requests: - cpu: 10m - memory: 32Mi - -ingressShim: - resources: - requests: - cpu: 10m - memory: 32Mi diff --git a/hack/update-deploy-gen.sh b/hack/update-deploy-gen.sh index 789043ba475..4365132e003 100755 --- a/hack/update-deploy-gen.sh +++ b/hack/update-deploy-gen.sh @@ -28,22 +28,20 @@ cd "${REPO_ROOT}" KUBE_VERSION=1.9 gen() { - VALUES=$1 - OUTPUT=$2 + OUTPUT=$1 TMP_OUTPUT=$(mktemp) TMP_OUTPUT_WEBHOOK=$(mktemp) mkdir -p "$(dirname ${OUTPUT})" helm template \ "${REPO_ROOT}/deploy/chart" \ - --values "${REPO_ROOT}/hack/deploy/${VALUES}.yaml" \ + --values "${REPO_ROOT}/deploy/manifests/helm-values.yaml" \ --kube-version "${KUBE_VERSION}" \ --namespace "cert-manager" \ --name "cert-manager" \ - --set "fullnameOverride=cert-manager" \ --set "createNamespaceResource=true" > "${TMP_OUTPUT}" helm template \ "${REPO_ROOT}/deploy/chart/webhook" \ - --values "${REPO_ROOT}/hack/deploy/${VALUES}.yaml" \ + --values "${REPO_ROOT}/deploy/manifests/helm-values.yaml" \ --kube-version "${KUBE_VERSION}" \ --namespace "cert-manager" \ --name "webhook" > "${TMP_OUTPUT_WEBHOOK}" @@ -54,5 +52,4 @@ gen() { export HELM_HOME="$(mktemp -d)" helm init --client-only helm dep update "${REPO_ROOT}/deploy/chart" -gen rbac-values "${REPO_ROOT}/deploy/manifests/with-rbac" -gen without-rbac-values "${REPO_ROOT}/deploy/manifests/without-rbac" +gen "${REPO_ROOT}/deploy/manifests/cert-manager"