Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow user to specify the name of cert-manager's ServiceAccount #174

Merged
merged 2 commits into from
Sep 14, 2023
Merged

Allow user to specify the name of cert-manager's ServiceAccount #174

merged 2 commits into from
Sep 14, 2023

Conversation

SgtCoDFish
Copy link
Member

The cert-manager ServiceAccount is not fixed and so can vary between different installations. [1] [2]

cert-manager users might well want to customise it, and we should support those users in trust-manager!

ℹ️ This also removes the namespace from the CertificateRequestPolicy, since that resource is cluster scoped and so passing a namespace here is a no-op!

[1] https://github.com/cert-manager/cert-manager/blob/cab2b3b68ca834b60931fd76d1fb74f757a03550/deploy/charts/cert-manager/templates/serviceaccount.yaml#L10
[2] https://github.com/cert-manager/cert-manager/blob/cab2b3b68ca834b60931fd76d1fb74f757a03550/deploy/charts/cert-manager/values.yaml#L108

@jetstack-bot jetstack-bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Sep 5, 2023
@jetstack-bot jetstack-bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Sep 5, 2023
erikgb
erikgb reviewed Sep 5, 2023
View reviewed changes
Copy link
Contributor

@erikgb erikgb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a minor nit comment, but absolutely no blocker. Thanks!

deploy/charts/trust-manager/values.yaml Outdated
@@ -78,7 +78,10 @@ app:
# -- Whether to create an approver-policy CertificateRequestPolicy allowing auto-approval of the trust-manager webhook certificate. If you have approver-policy installed, you almost certainly want to enable this.
enabled: false

# -- Namespace in which cert-manager was installed. Only used if approverPolicy has been enabled.
# -- Name of cert-manager's ServiceAccount. Only used if app.webhook.tls.approverPolicy.enabled is true
certManagerServiceAccount: "cert-manager"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Maybe put this value below the certManagerNamespace value? Seems more conceptually correct to me. 😉

@SgtCoDFish
Copy link
Member Author

/test pull-trust-manager-verify

2 similar comments
@SgtCoDFish
Copy link
Member Author

/test pull-trust-manager-verify

@SgtCoDFish
Copy link
Member Author

/test pull-trust-manager-verify

@SgtCoDFish
allow user to specify the name of cert-manager's ServiceAccount
2002e6b 
The cert-manager ServiceAccount is not fixed and so can vary between
different installations. [1] [2]

cert-manager users might well want to customise it, and we should support those
users in trust-manager!

[1] https://github.com/cert-manager/cert-manager/blob/cab2b3b68ca834b60931fd76d1fb74f757a03550/deploy/charts/cert-manager/templates/serviceaccount.yaml#L10
[2] https://github.com/cert-manager/cert-manager/blob/cab2b3b68ca834b60931fd76d1fb74f757a03550/deploy/charts/cert-manager/values.yaml#L108

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
@SgtCoDFish
remove namespace for CRP
3ef4c77 
CRPs are cluster scoped so the namespace here is ignored

Signed-off-by: Ashley Davis <ashley.davis@venafi.com>
erikgb
erikgb approved these changes Sep 14, 2023
View reviewed changes
Copy link
Contributor

@erikgb erikgb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Sep 14, 2023
wallrj
wallrj approved these changes Sep 14, 2023
View reviewed changes
Copy link
Member

@wallrj wallrj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Ash.

/approve
/lgtm

@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: erikgb, wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 14, 2023
@jetstack-bot jetstack-bot merged commit 998531f into cert-manager:main Sep 14, 2023
4 checks passed
@SgtCoDFish SgtCoDFish deleted the cert-manager-sa branch September 14, 2023 14:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wallrj wallrj wallrj approved these changes

@erikgb erikgb erikgb approved these changes

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@SgtCoDFish @jetstack-bot @wallrj @erikgb