From 90d500061969c2007e74dc0498a498caec3dd975 Mon Sep 17 00:00:00 2001 From: jayl1e Date: Wed, 7 May 2025 15:30:38 +0800 Subject: [PATCH] feat: replace fixed cert by auto generated --- .../kubernetes_v1.22/helm/secrets/ca-cert.pem | 32 ----------- deploy/kubernetes_v1.22/helm/secrets/cert.pem | 32 ----------- deploy/kubernetes_v1.22/helm/secrets/key.pem | 52 ------------------ .../admission-webhooks/mutating-webhook.yaml | 54 +++++++++++-------- .../templates/controller-secret-certs.yaml | 11 ---- 5 files changed, 31 insertions(+), 150 deletions(-) delete mode 100644 deploy/kubernetes_v1.22/helm/secrets/ca-cert.pem delete mode 100644 deploy/kubernetes_v1.22/helm/secrets/cert.pem delete mode 100644 deploy/kubernetes_v1.22/helm/secrets/key.pem delete mode 100644 deploy/kubernetes_v1.22/helm/templates/controller-secret-certs.yaml diff --git a/deploy/kubernetes_v1.22/helm/secrets/ca-cert.pem b/deploy/kubernetes_v1.22/helm/secrets/ca-cert.pem deleted file mode 100644 index 9f63080b..00000000 --- a/deploy/kubernetes_v1.22/helm/secrets/ca-cert.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL -BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt -c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 -MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt -LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur -ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP -N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O -JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d -SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 -LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 -veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i -x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu -s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX -1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR -dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO -6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u -wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 -MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu -amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit -V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr -1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 -YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp -3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV -9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm -PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR -Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di -IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz -QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz -4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 -XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= ------END CERTIFICATE----- diff --git a/deploy/kubernetes_v1.22/helm/secrets/cert.pem b/deploy/kubernetes_v1.22/helm/secrets/cert.pem deleted file mode 100644 index 9f63080b..00000000 --- a/deploy/kubernetes_v1.22/helm/secrets/cert.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFiTCCA3GgAwIBAgIUIBFffLxO8+dMI3kwxNqzblh8foUwDQYJKoZIhvcNAQEL -BQAwNjE0MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMt -c3lzdGVtLnN2YzAgFw0yMjA3MDQwMzE5MThaGA8yMTIxMDYxMDAzMTkxOFowNjE0 -MDIGA1UEAwwrcG9sYXJpcy1zaWRlY2FyLWluamVjdG9yLnBvbGFyaXMtc3lzdGVt -LnN2YzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALLZa876dBtfBRur -ZK6i+E3EK8QbEZ+ehme5caixljDpNRHtqrob64a1bWSQd1SB/2eqmWbcVWcn/TTP -N9XUG7bl4LRidVBKX817zGCXF+kpjm3NzAlxGD+ymyxIyhXKU9+p7Ti9IzNEsO4O -JXZBnb9WsXe6xbI7GeQF9YuBv+tzCL5RtfdbRkLTd6yaw6VXLWDp1kQE8CZDsH9d -SflAyHBR+Z/5jo0m2t3Sxb55OjOXp8U6ewmTfw6tUq5gwfepcXcNQiUMroxYtuy1 -LgXeA7s/0WBx7+VQOYyFHiZAB4WWdHI5KBHxYiHP7ccyia/3H0CiXU+abwt4y9L4 -veR0t9fc/mvWQM5hPcOXpw5IeNlPo0dOogCMtMji90LAEKdLASazlCOHsuQj6G3i -x6N+w4+c/ULaqGTDPg6+G4P9yQEY5uC44YYjIHlcBXrGF0TQJLFL3qxvu5V+iaqu -s/ifrG9ectrcyKs5V3GDHiCtOwcoLj25Lmhc1x0GoOTfZ+7TP564r3Y7qUaqBwXX -1dDjN0DAmSY5UmmLhagm9mOqqZ8OoWcC6rQDUBpmmaM51TEdyQ0lsBsH5OBojZuR -dyFnMy1XwRF5MztkMogFvJahg7XUQ2A7SAiHqiIBcP2e6J47T1SjkK85Jp1MVEnO -6aHVqGopBomR/A70SRTKxjvQnvP/AgMBAAGjgYwwgYkwHQYDVR0OBBYEFCLNFe0u -wvwDdbOEQAl14S0E4AC8MB8GA1UdIwQYMBaAFCLNFe0uwvwDdbOEQAl14S0E4AC8 -MA8GA1UdEwEB/wQFMAMBAf8wNgYDVR0RBC8wLYIrcG9sYXJpcy1zaWRlY2FyLWlu -amVjdG9yLnBvbGFyaXMtc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsFAAOCAgEAlyit -V7Xhtje1W+tA1KbQKAR/+zwbQmQPzQLzQtGjPDoni9UV2+p58AybkoUZ7pHWohEr -1Pb6XjJUV168FoqY1Dx9/RD+Cx/f9fu2K0M1/sjXNOhTDn0vpgeo0VI9WBqC++Q2 -YNFfM3fah42iuZI0Y6WgFWI3wFmD710VL/19XLCGiv+Tng4ftppxNeokZR5uMcjp -3HMxLgRA1nqXCfaOukEVKnxoCXhBdrIq+WUl9FcgObTlZSDL4Jde9vGPwpPEE/iV -9pxl2HqYgTdGWf2WyinJhYk1Wzjfg1QLF4NrHCj7jRMl0EmvG3HS4340OOQDJNZm -PCTuk85z/gpjiyotqRZ+rcWI8AmVCuDVnH4Tujok0STWuIVP39smCPNdPIpQR1nR -Jvu/k3WB+NiYmOxC2yJ4o1dmbvoKfZtb1UPNmTIrlW58e07fPexBcpGrRFNrU/di -IlJL7+WUPJAinL/3/AKBnfwVZzkk9YTvWtolYxIaDLSwrltGof0PRJmbr4P7qnnz -QCQued1lR4ZPrgaIgdGGJ7ZsYDJUYm/1wh77qfGqebTEfj+WOIc5vKOopFScFWwz -4eYVeLb0YvG4vg7dxB4P+lIshSivdUPNW1nYcNipR+6r6Cxtfr0Z6VJAcf7SGQG7 -XfCnAwLvRm0K6CVzYHOLUQGfUJ0DlaDyDwsBNsM= ------END CERTIFICATE----- diff --git a/deploy/kubernetes_v1.22/helm/secrets/key.pem b/deploy/kubernetes_v1.22/helm/secrets/key.pem deleted file mode 100644 index 8b6b4da9..00000000 --- a/deploy/kubernetes_v1.22/helm/secrets/key.pem +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCy2WvO+nQbXwUb -q2SuovhNxCvEGxGfnoZnuXGosZYw6TUR7aq6G+uGtW1kkHdUgf9nqplm3FVnJ/00 -zzfV1Bu25eC0YnVQSl/Ne8xglxfpKY5tzcwJcRg/spssSMoVylPfqe04vSMzRLDu -DiV2QZ2/VrF3usWyOxnkBfWLgb/rcwi+UbX3W0ZC03esmsOlVy1g6dZEBPAmQ7B/ -XUn5QMhwUfmf+Y6NJtrd0sW+eTozl6fFOnsJk38OrVKuYMH3qXF3DUIlDK6MWLbs -tS4F3gO7P9Fgce/lUDmMhR4mQAeFlnRyOSgR8WIhz+3HMomv9x9Aol1Pmm8LeMvS -+L3kdLfX3P5r1kDOYT3Dl6cOSHjZT6NHTqIAjLTI4vdCwBCnSwEms5Qjh7LkI+ht -4sejfsOPnP1C2qhkwz4OvhuD/ckBGObguOGGIyB5XAV6xhdE0CSxS96sb7uVfomq -rrP4n6xvXnLa3MirOVdxgx4grTsHKC49uS5oXNcdBqDk32fu0z+euK92O6lGqgcF -19XQ4zdAwJkmOVJpi4WoJvZjqqmfDqFnAuq0A1AaZpmjOdUxHckNJbAbB+TgaI2b -kXchZzMtV8EReTM7ZDKIBbyWoYO11ENgO0gIh6oiAXD9nuieO09Uo5CvOSadTFRJ -zumh1ahqKQaJkfwO9EkUysY70J7z/wIDAQABAoICAQCeEAl3o2F5z0B0c8VHkkBg -ej8z0biBmViv0vTgYhKap4B/l8yLLqG5LB7CAet0hG907xEkFxZjVLQzN+/gytSz -j/ZHdby4eQKyV/cIZoB7UH7QDFGHBqynnvIE8U+ocmguA7/jpUS2yr6TpWz2VodT -0wqFBkwyeIkpPRsFcGZtb/0KNqzbL4+o/7uEkELYnXM9c2wqMTMMnkYeShRWdSqw -GcLD34pctTo5UU3ySLFnZ2CerlCO5gwkrImmE11ZxCbDULRkihC5eK4yBO3nwY8K -rhwdYJTj1UMHLZ63r172cUH4sQr40Jwpxdofckq9eWnldZmCALqjKN76VVt9zKms -YSlY4Xo9AR3spgq/HepRyeu2FQE5XxXoRoxA0xa+SapR0FoirgzvscmmngTYmqy3 -tFw+wLc9KMYw6gCyjiSzuAWPZ0lEQ2NSgoKmwLMoLlKWxvAjywwimP+IjfTaRcEt -ELaONDhNsXWk0s+WBUZ8ul7UaH7DT9v7fWndSftYE6Rt0Q39CCesXZflnay7g7+M -mTEgbG4ZDdiyy5C6dPi6lJNYfnLmM7X/1l1TWaeH/n1E/n1h+T4vJgTQfitn3upV -BWuC5X3HSmHXJI07XirT4EI0RslFkbyE55BgRnp46drPg/rhbzAwiuC1SmdZ5i78 -ryzsb5fQNS1VTiYRb/0yAQKCAQEA7TIj5GMTA05mePgHiBRqXGrHtEmXAISkiEHC -P8T83uvzb0RXMPObrw6WHvR5fHcUU87Feyf70s1NUUZLVdXJNvbIQsK/P8ZBN3YI -sxrX9xbrGZDBo4MFEeJGHOE9jRyeGSulTTKCNROjLjhPx83igFlXMwkaokMSVl31 -f2pMrcfTpq0/yI75HIJEqR34u1wWBOyq9OoS9RWpJKhsyKfRemu8fzQSNGgP+DIj -PYkYf577WQBUrDgjGgM59NreGwT6loDDwtNaRMei6MvOJKgT4DkBt3eiVize/Gzn -IL+XPBxuI7pqXPWz0nsmSshdt6vS22j7+J+a/glZ5l0DqPMzpQKCAQEAwQclGoPt -LFAv17h61SRLE8MbLgsf25uZ51j4TP3Mga8+mvWeei3BP7NDpaXyJMkltkhJwx36 -wpmomif6E1bIBVOiTiBIGudGr1t/WrijS1uKriwRAcFF3V6L1E9MxqFp8WPs9NOJ -AkUfMifT6mRdgl7gjSH/l10dPvJ7KvwRiDS+9ArrY/LAYD102ldF+p5G6TnyOeCI -9PriR09aJWMvHH4qS18P9UCij+/xdRtLFYNxJX+K/wh+ocImMfxFg9NzCfJ6DF1r -IO7ZNEIcBrsp91ZfCnjv1UN0pU+UjZmdCrWd8qMvvdiD8kacHME2MlBzPrjeqFWq -N1ISCXzhf5Rn0wKCAQAmOC4QXuZxYfChDVYpVyDMQ2hqZHEwZC8exXnHTLZyNRLE -mv5xpM8xJeiKlFn+9DEST/8CGS86iFos/malLg1+DcW2/CpU3F0l0p8UPP8PkWHQ -fMK21iW6+/rQLHr+gd33sFCyX7EbXE6u4+P3DfWxOLQURSNFggkyYXFtVnOEjO5N -rRzZ9C+vqE3n8ixiBDSIFpp1XEIxu4vFnF3q9x+J2lJFLN7CEwJ/u5RyFeUcq0FU -1fjOxzzgtCRij+G5+NNn7NeeTO/+pSxa1nwg6/RH7OeZ6Gz/9br4cZPMcxKrXOli -WGdLE0wmXjGNWzu+nLEdKY1wQkd3J4qU0+gDES0BAoIBAGNsJrRNl2/nrXzTTJFU -LEd1ix5gJHyc3NzIerxNTXTOqtRuBr6vqoYA86rympJP+Ni2yydw3aQ2OR2N0cT8 -QfJcbZEIF5uj3EiePC6iQ5mhAQFNOUVKI44uEJ++aLE2mrb23SoNethsefD/iquE -HpX0AH0xMdDo6RNvGfm989nQMTrKFQxaELSBcxqzMRwxQh0G97jP6jskrkBEow32 -1GE8qtQ/lpygOhshX6EN+dKO7Ux/MTzDR1ZSBhJg+f04gFxzRGHyDCfeXooIMx9U -b/0xw6pFOGMEZ6RuJPn6UWUevsgnPYPvbabwr6Av9JZd0b5Qwn66AP6ViyzP4eYw -rnkCggEAQo7nkZnFqzF2qk7vZ7mfDXLdsCHxNuKBRPvOe0/jHTgREPgI2yecTPBn -XMJvKufyzoa0zALKNaA1Ljm/8/HhjX2abTYRVO9BS9aJN0F+u3t4Sf6+8ZICgmmo -rkRt3vRmFFGr935veMk7yx18/ezstkK3LLuFZFII55XhO+LBaezsVCtPCESU7Vqs -K2V0Ab+9qNC4xNGCFZXRmmyzFSwsuJ3zCKygb3J8HG4sp1R4q+EqN3C++y9CGbgm -YSog19R5+7P8qOopC8cod8jWuMsAsLwoSGc0L0+G2dIqgR0wSGE8P3VLqq3UN9hx -QYNToXs8PwtyNIbvckrJQvbqO8WoBA== ------END PRIVATE KEY----- diff --git a/deploy/kubernetes_v1.22/helm/templates/admission-webhooks/mutating-webhook.yaml b/deploy/kubernetes_v1.22/helm/templates/admission-webhooks/mutating-webhook.yaml index 050235f4..d04f062e 100644 --- a/deploy/kubernetes_v1.22/helm/templates/admission-webhooks/mutating-webhook.yaml +++ b/deploy/kubernetes_v1.22/helm/templates/admission-webhooks/mutating-webhook.yaml @@ -1,3 +1,15 @@ +{{- $ca := genCA "polarismesh-ca" 3650 -}} +{{- $cn := printf "%s.%s.svc" ( .Values.controller.webhook.service ) .Release.Namespace }} +{{- $cert := genSignedCert $cn nil (list $cn) 3650 $ca -}} +{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (include "polaris-controller.controller.fullname" .)}} +{{- if $existingSecret }} +{{- $ca_cert := index $existingSecret.data "ca-cert.pem" | b64dec }} +{{- $ca_key := index $existingSecret.data "ca-key.pem" | b64dec }} +{{- $cert_cert := index $existingSecret.data "cert.pem" | b64dec }} +{{- $cert_key := index $existingSecret.data "key.pem" | b64dec }} +{{- $ca = dict "Cert" $ca_cert "Key" $ca_key }} +{{- $cert = dict "Cert" $cert_cert "Key" $cert_key }} +{{- end }} apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: @@ -5,31 +17,13 @@ metadata: labels: app: sidecar-injector webhooks: - - name: {{ .Values.controller.webhook.host }} - clientConfig: - service: - name: {{ .Values.controller.webhook.service }} - namespace: polaris-system - path: "/inject" - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpVENDQTNHZ0F3SUJBZ0lVSUJGZmZMeE84K2RNSTNrd3hOcXpibGg4Zm9Vd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRTBNRElHQTFVRUF3d3JjRzlzWVhKcGN5MXphV1JsWTJGeUxXbHVhbVZqZEc5eUxuQnZiR0Z5YVhNdApjM2x6ZEdWdExuTjJZekFnRncweU1qQTNNRFF3TXpFNU1UaGFHQTh5TVRJeE1EWXhNREF6TVRreE9Gb3dOakUwCk1ESUdBMVVFQXd3cmNHOXNZWEpwY3kxemFXUmxZMkZ5TFdsdWFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnQKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUxMWmE4NzZkQnRmQlJ1cgpaSzZpK0UzRUs4UWJFWitlaG1lNWNhaXhsakRwTlJIdHFyb2I2NGExYldTUWQxU0IvMmVxbVdiY1ZXY24vVFRQCk45WFVHN2JsNExSaWRWQktYODE3ekdDWEYra3BqbTNOekFseEdEK3lteXhJeWhYS1U5K3A3VGk5SXpORXNPNE8KSlhaQm5iOVdzWGU2eGJJN0dlUUY5WXVCdit0ekNMNVJ0ZmRiUmtMVGQ2eWF3NlZYTFdEcDFrUUU4Q1pEc0g5ZApTZmxBeUhCUitaLzVqbzBtMnQzU3hiNTVPak9YcDhVNmV3bVRmdzZ0VXE1Z3dmZXBjWGNOUWlVTXJveFl0dXkxCkxnWGVBN3MvMFdCeDcrVlFPWXlGSGlaQUI0V1dkSEk1S0JIeFlpSFA3Y2N5aWEvM0gwQ2lYVSthYnd0NHk5TDQKdmVSMHQ5ZmMvbXZXUU01aFBjT1hwdzVJZU5sUG8wZE9vZ0NNdE1qaTkwTEFFS2RMQVNhemxDT0hzdVFqNkczaQp4Nk4rdzQrYy9VTGFxR1REUGc2K0c0UDl5UUVZNXVDNDRZWWpJSGxjQlhyR0YwVFFKTEZMM3F4dnU1VitpYXF1CnMvaWZyRzllY3RyY3lLczVWM0dESGlDdE93Y29MajI1TG1oYzF4MEdvT1RmWis3VFA1NjRyM1k3cVVhcUJ3WFgKMWREak4wREFtU1k1VW1tTGhhZ205bU9xcVo4T29XY0M2clFEVUJwbW1hTTUxVEVkeVEwbHNCc0g1T0Jvalp1UgpkeUZuTXkxWHdSRjVNenRrTW9nRnZKYWhnN1hVUTJBN1NBaUhxaUlCY1AyZTZKNDdUMVNqa0s4NUpwMU1WRW5PCjZhSFZxR29wQm9tUi9BNzBTUlRLeGp2UW52UC9BZ01CQUFHamdZd3dnWWt3SFFZRFZSME9CQllFRkNMTkZlMHUKd3Z3RGRiT0VRQWwxNFMwRTRBQzhNQjhHQTFVZEl3UVlNQmFBRkNMTkZlMHV3dndEZGJPRVFBbDE0UzBFNEFDOApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUkJDOHdMWUlyY0c5c1lYSnBjeTF6YVdSbFkyRnlMV2x1CmFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnRMbk4yWXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWx5aXQKVjdYaHRqZTFXK3RBMUtiUUtBUi8rendiUW1RUHpRTHpRdEdqUERvbmk5VVYyK3A1OEF5YmtvVVo3cEhXb2hFcgoxUGI2WGpKVVYxNjhGb3FZMUR4OS9SRCtDeC9mOWZ1MkswTTEvc2pYTk9oVERuMHZwZ2VvMFZJOVdCcUMrK1EyCllORmZNM2ZhaDQyaXVaSTBZNldnRldJM3dGbUQ3MTBWTC8xOVhMQ0dpditUbmc0ZnRwcHhOZW9rWlI1dU1janAKM0hNeExnUkExbnFYQ2ZhT3VrRVZLbnhvQ1hoQmRySXErV1VsOUZjZ09iVGxaU0RMNEpkZTl2R1B3cFBFRS9pVgo5cHhsMkhxWWdUZEdXZjJXeWluSmhZazFXempmZzFRTEY0TnJIQ2o3alJNbDBFbXZHM0hTNDM0ME9PUURKTlptClBDVHVrODV6L2dwaml5b3RxUlorcmNXSThBbVZDdURWbkg0VHVqb2swU1RXdUlWUDM5c21DUE5kUElwUVIxblIKSnZ1L2szV0IrTmlZbU94QzJ5SjRvMWRtYnZvS2ZadGIxVVBObVRJcmxXNThlMDdmUGV4QmNwR3JSRk5yVS9kaQpJbEpMNytXVVBKQWluTC8zL0FLQm5md1ZaemtrOVlUdld0b2xZeElhRExTd3JsdEdvZjBQUkptYnI0UDdxbm56ClFDUXVlZDFsUjRaUHJnYUlnZEdHSjdac1lESlVZbS8xd2g3N3FmR3FlYlRFZmorV09JYzV2S09vcEZTY0ZXd3oKNGVZVmVMYjBZdkc0dmc3ZHhCNFArbElzaFNpdmRVUE5XMW5ZY05pcFIrNnI2Q3h0ZnIwWjZWSkFjZjdTR1FHNwpYZkNuQXdMdlJtMEs2Q1Z6WUhPTFVRR2ZVSjBEbGFEeUR3c0JOc009Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - rules: - - operations: ["CREATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - admissionReviewVersions: ["v1"] - sideEffects: "None" - failurePolicy: Fail - namespaceSelector: - matchLabels: - polaris-injection: enabled - name: ns.injector.polarismesh.cn clientConfig: service: - name: polaris-sidecar-injector + name: {{ .Values.controller.webhook.service }} namespace: polaris-system path: "/inject" - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpVENDQTNHZ0F3SUJBZ0lVSUJGZmZMeE84K2RNSTNrd3hOcXpibGg4Zm9Vd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRTBNRElHQTFVRUF3d3JjRzlzWVhKcGN5MXphV1JsWTJGeUxXbHVhbVZqZEc5eUxuQnZiR0Z5YVhNdApjM2x6ZEdWdExuTjJZekFnRncweU1qQTNNRFF3TXpFNU1UaGFHQTh5TVRJeE1EWXhNREF6TVRreE9Gb3dOakUwCk1ESUdBMVVFQXd3cmNHOXNZWEpwY3kxemFXUmxZMkZ5TFdsdWFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnQKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUxMWmE4NzZkQnRmQlJ1cgpaSzZpK0UzRUs4UWJFWitlaG1lNWNhaXhsakRwTlJIdHFyb2I2NGExYldTUWQxU0IvMmVxbVdiY1ZXY24vVFRQCk45WFVHN2JsNExSaWRWQktYODE3ekdDWEYra3BqbTNOekFseEdEK3lteXhJeWhYS1U5K3A3VGk5SXpORXNPNE8KSlhaQm5iOVdzWGU2eGJJN0dlUUY5WXVCdit0ekNMNVJ0ZmRiUmtMVGQ2eWF3NlZYTFdEcDFrUUU4Q1pEc0g5ZApTZmxBeUhCUitaLzVqbzBtMnQzU3hiNTVPak9YcDhVNmV3bVRmdzZ0VXE1Z3dmZXBjWGNOUWlVTXJveFl0dXkxCkxnWGVBN3MvMFdCeDcrVlFPWXlGSGlaQUI0V1dkSEk1S0JIeFlpSFA3Y2N5aWEvM0gwQ2lYVSthYnd0NHk5TDQKdmVSMHQ5ZmMvbXZXUU01aFBjT1hwdzVJZU5sUG8wZE9vZ0NNdE1qaTkwTEFFS2RMQVNhemxDT0hzdVFqNkczaQp4Nk4rdzQrYy9VTGFxR1REUGc2K0c0UDl5UUVZNXVDNDRZWWpJSGxjQlhyR0YwVFFKTEZMM3F4dnU1VitpYXF1CnMvaWZyRzllY3RyY3lLczVWM0dESGlDdE93Y29MajI1TG1oYzF4MEdvT1RmWis3VFA1NjRyM1k3cVVhcUJ3WFgKMWREak4wREFtU1k1VW1tTGhhZ205bU9xcVo4T29XY0M2clFEVUJwbW1hTTUxVEVkeVEwbHNCc0g1T0Jvalp1UgpkeUZuTXkxWHdSRjVNenRrTW9nRnZKYWhnN1hVUTJBN1NBaUhxaUlCY1AyZTZKNDdUMVNqa0s4NUpwMU1WRW5PCjZhSFZxR29wQm9tUi9BNzBTUlRLeGp2UW52UC9BZ01CQUFHamdZd3dnWWt3SFFZRFZSME9CQllFRkNMTkZlMHUKd3Z3RGRiT0VRQWwxNFMwRTRBQzhNQjhHQTFVZEl3UVlNQmFBRkNMTkZlMHV3dndEZGJPRVFBbDE0UzBFNEFDOApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUkJDOHdMWUlyY0c5c1lYSnBjeTF6YVdSbFkyRnlMV2x1CmFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnRMbk4yWXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWx5aXQKVjdYaHRqZTFXK3RBMUtiUUtBUi8rendiUW1RUHpRTHpRdEdqUERvbmk5VVYyK3A1OEF5YmtvVVo3cEhXb2hFcgoxUGI2WGpKVVYxNjhGb3FZMUR4OS9SRCtDeC9mOWZ1MkswTTEvc2pYTk9oVERuMHZwZ2VvMFZJOVdCcUMrK1EyCllORmZNM2ZhaDQyaXVaSTBZNldnRldJM3dGbUQ3MTBWTC8xOVhMQ0dpditUbmc0ZnRwcHhOZW9rWlI1dU1janAKM0hNeExnUkExbnFYQ2ZhT3VrRVZLbnhvQ1hoQmRySXErV1VsOUZjZ09iVGxaU0RMNEpkZTl2R1B3cFBFRS9pVgo5cHhsMkhxWWdUZEdXZjJXeWluSmhZazFXempmZzFRTEY0TnJIQ2o3alJNbDBFbXZHM0hTNDM0ME9PUURKTlptClBDVHVrODV6L2dwaml5b3RxUlorcmNXSThBbVZDdURWbkg0VHVqb2swU1RXdUlWUDM5c21DUE5kUElwUVIxblIKSnZ1L2szV0IrTmlZbU94QzJ5SjRvMWRtYnZvS2ZadGIxVVBObVRJcmxXNThlMDdmUGV4QmNwR3JSRk5yVS9kaQpJbEpMNytXVVBKQWluTC8zL0FLQm5md1ZaemtrOVlUdld0b2xZeElhRExTd3JsdEdvZjBQUkptYnI0UDdxbm56ClFDUXVlZDFsUjRaUHJnYUlnZEdHSjdac1lESlVZbS8xd2g3N3FmR3FlYlRFZmorV09JYzV2S09vcEZTY0ZXd3oKNGVZVmVMYjBZdkc0dmc3ZHhCNFArbElzaFNpdmRVUE5XMW5ZY05pcFIrNnI2Q3h0ZnIwWjZWSkFjZjdTR1FHNwpYZkNuQXdMdlJtMEs2Q1Z6WUhPTFVRR2ZVSjBEbGFEeUR3c0JOc009Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + caBundle: {{ b64enc $ca.Cert }} rules: - operations: ["CREATE"] apiGroups: [""] @@ -44,10 +38,10 @@ webhooks: - name: allowlist.polarismesh.cn clientConfig: service: - name: polaris-sidecar-injector + name: {{ .Values.controller.webhook.service }} namespace: polaris-system path: "/inject" - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpVENDQTNHZ0F3SUJBZ0lVSUJGZmZMeE84K2RNSTNrd3hOcXpibGg4Zm9Vd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRTBNRElHQTFVRUF3d3JjRzlzWVhKcGN5MXphV1JsWTJGeUxXbHVhbVZqZEc5eUxuQnZiR0Z5YVhNdApjM2x6ZEdWdExuTjJZekFnRncweU1qQTNNRFF3TXpFNU1UaGFHQTh5TVRJeE1EWXhNREF6TVRreE9Gb3dOakUwCk1ESUdBMVVFQXd3cmNHOXNZWEpwY3kxemFXUmxZMkZ5TFdsdWFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnQKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUxMWmE4NzZkQnRmQlJ1cgpaSzZpK0UzRUs4UWJFWitlaG1lNWNhaXhsakRwTlJIdHFyb2I2NGExYldTUWQxU0IvMmVxbVdiY1ZXY24vVFRQCk45WFVHN2JsNExSaWRWQktYODE3ekdDWEYra3BqbTNOekFseEdEK3lteXhJeWhYS1U5K3A3VGk5SXpORXNPNE8KSlhaQm5iOVdzWGU2eGJJN0dlUUY5WXVCdit0ekNMNVJ0ZmRiUmtMVGQ2eWF3NlZYTFdEcDFrUUU4Q1pEc0g5ZApTZmxBeUhCUitaLzVqbzBtMnQzU3hiNTVPak9YcDhVNmV3bVRmdzZ0VXE1Z3dmZXBjWGNOUWlVTXJveFl0dXkxCkxnWGVBN3MvMFdCeDcrVlFPWXlGSGlaQUI0V1dkSEk1S0JIeFlpSFA3Y2N5aWEvM0gwQ2lYVSthYnd0NHk5TDQKdmVSMHQ5ZmMvbXZXUU01aFBjT1hwdzVJZU5sUG8wZE9vZ0NNdE1qaTkwTEFFS2RMQVNhemxDT0hzdVFqNkczaQp4Nk4rdzQrYy9VTGFxR1REUGc2K0c0UDl5UUVZNXVDNDRZWWpJSGxjQlhyR0YwVFFKTEZMM3F4dnU1VitpYXF1CnMvaWZyRzllY3RyY3lLczVWM0dESGlDdE93Y29MajI1TG1oYzF4MEdvT1RmWis3VFA1NjRyM1k3cVVhcUJ3WFgKMWREak4wREFtU1k1VW1tTGhhZ205bU9xcVo4T29XY0M2clFEVUJwbW1hTTUxVEVkeVEwbHNCc0g1T0Jvalp1UgpkeUZuTXkxWHdSRjVNenRrTW9nRnZKYWhnN1hVUTJBN1NBaUhxaUlCY1AyZTZKNDdUMVNqa0s4NUpwMU1WRW5PCjZhSFZxR29wQm9tUi9BNzBTUlRLeGp2UW52UC9BZ01CQUFHamdZd3dnWWt3SFFZRFZSME9CQllFRkNMTkZlMHUKd3Z3RGRiT0VRQWwxNFMwRTRBQzhNQjhHQTFVZEl3UVlNQmFBRkNMTkZlMHV3dndEZGJPRVFBbDE0UzBFNEFDOApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUkJDOHdMWUlyY0c5c1lYSnBjeTF6YVdSbFkyRnlMV2x1CmFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnRMbk4yWXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWx5aXQKVjdYaHRqZTFXK3RBMUtiUUtBUi8rendiUW1RUHpRTHpRdEdqUERvbmk5VVYyK3A1OEF5YmtvVVo3cEhXb2hFcgoxUGI2WGpKVVYxNjhGb3FZMUR4OS9SRCtDeC9mOWZ1MkswTTEvc2pYTk9oVERuMHZwZ2VvMFZJOVdCcUMrK1EyCllORmZNM2ZhaDQyaXVaSTBZNldnRldJM3dGbUQ3MTBWTC8xOVhMQ0dpditUbmc0ZnRwcHhOZW9rWlI1dU1janAKM0hNeExnUkExbnFYQ2ZhT3VrRVZLbnhvQ1hoQmRySXErV1VsOUZjZ09iVGxaU0RMNEpkZTl2R1B3cFBFRS9pVgo5cHhsMkhxWWdUZEdXZjJXeWluSmhZazFXempmZzFRTEY0TnJIQ2o3alJNbDBFbXZHM0hTNDM0ME9PUURKTlptClBDVHVrODV6L2dwaml5b3RxUlorcmNXSThBbVZDdURWbkg0VHVqb2swU1RXdUlWUDM5c21DUE5kUElwUVIxblIKSnZ1L2szV0IrTmlZbU94QzJ5SjRvMWRtYnZvS2ZadGIxVVBObVRJcmxXNThlMDdmUGV4QmNwR3JSRk5yVS9kaQpJbEpMNytXVVBKQWluTC8zL0FLQm5md1ZaemtrOVlUdld0b2xZeElhRExTd3JsdEdvZjBQUkptYnI0UDdxbm56ClFDUXVlZDFsUjRaUHJnYUlnZEdHSjdac1lESlVZbS8xd2g3N3FmR3FlYlRFZmorV09JYzV2S09vcEZTY0ZXd3oKNGVZVmVMYjBZdkc0dmc3ZHhCNFArbElzaFNpdmRVUE5XMW5ZY05pcFIrNnI2Q3h0ZnIwWjZWSkFjZjdTR1FHNwpYZkNuQXdMdlJtMEs2Q1Z6WUhPTFVRR2ZVSjBEbGFEeUR3c0JOc009Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + caBundle: {{ b64enc $ca.Cert }} rules: - operations: ["CREATE"] apiGroups: [""] @@ -58,4 +52,18 @@ webhooks: failurePolicy: Fail objectSelector: matchLabels: - polarismesh.cn/inject: enabled \ No newline at end of file + polarismesh.cn/inject: enabled + +--- + +apiVersion: v1 +data: + cert.pem: {{ b64enc $cert.Cert }} + key.pem: {{ b64enc $cert.Key }} + ca-cert.pem: {{ b64enc $ca.Cert }} + ca-key.pem: {{ b64enc $ca.Key }} +kind: Secret +metadata: + name: {{ include "polaris-controller.controller.fullname" . }} + namespace: {{ .Release.Namespace }} +type: Opaque diff --git a/deploy/kubernetes_v1.22/helm/templates/controller-secret-certs.yaml b/deploy/kubernetes_v1.22/helm/templates/controller-secret-certs.yaml deleted file mode 100644 index fab55e3f..00000000 --- a/deploy/kubernetes_v1.22/helm/templates/controller-secret-certs.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -data: - {{- $root := . -}} - {{- range $path, $bytes := .Files.Glob "secrets/**.pem" }} - {{ base $path }}: {{ $root.Files.Get $path | b64enc }} - {{- end }} -kind: Secret -metadata: - name: {{ include "polaris-controller.controller.fullname" . }} - namespace: polaris-system -type: Opaque \ No newline at end of file