-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow user to specify the name of cert-manager's ServiceAccount #174
Conversation
eae0d7a
to
3eff9f9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a minor nit comment, but absolutely no blocker. Thanks!
@@ -78,7 +78,10 @@ app: | |||
# -- Whether to create an approver-policy CertificateRequestPolicy allowing auto-approval of the trust-manager webhook certificate. If you have approver-policy installed, you almost certainly want to enable this. | |||
enabled: false | |||
|
|||
# -- Namespace in which cert-manager was installed. Only used if approverPolicy has been enabled. | |||
# -- Name of cert-manager's ServiceAccount. Only used if app.webhook.tls.approverPolicy.enabled is true | |||
certManagerServiceAccount: "cert-manager" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Maybe put this value below the certManagerNamespace
value? Seems more conceptually correct to me. 😉
3eff9f9
to
8d68358
Compare
/test pull-trust-manager-verify |
2 similar comments
/test pull-trust-manager-verify |
/test pull-trust-manager-verify |
The cert-manager ServiceAccount is not fixed and so can vary between different installations. [1] [2] cert-manager users might well want to customise it, and we should support those users in trust-manager! [1] https://github.com/cert-manager/cert-manager/blob/cab2b3b68ca834b60931fd76d1fb74f757a03550/deploy/charts/cert-manager/templates/serviceaccount.yaml#L10 [2] https://github.com/cert-manager/cert-manager/blob/cab2b3b68ca834b60931fd76d1fb74f757a03550/deploy/charts/cert-manager/values.yaml#L108 Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
CRPs are cluster scoped so the namespace here is ignored Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
8d68358
to
3ef4c77
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Ash.
/approve
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: erikgb, wallrj The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The cert-manager ServiceAccount is not fixed and so can vary between different installations. [1] [2]
cert-manager users might well want to customise it, and we should support those users in trust-manager!
ℹ️ This also removes the namespace from the CertificateRequestPolicy, since that resource is cluster scoped and so passing a namespace here is a no-op!
[1] https://github.com/cert-manager/cert-manager/blob/cab2b3b68ca834b60931fd76d1fb74f757a03550/deploy/charts/cert-manager/templates/serviceaccount.yaml#L10
[2] https://github.com/cert-manager/cert-manager/blob/cab2b3b68ca834b60931fd76d1fb74f757a03550/deploy/charts/cert-manager/values.yaml#L108