diff --git a/staging/cert-manager-setup/requirements.yaml b/staging/cert-manager-setup/requirements.yaml index 84398470a..0b44a3123 100644 --- a/staging/cert-manager-setup/requirements.yaml +++ b/staging/cert-manager-setup/requirements.yaml @@ -3,4 +3,3 @@ dependencies: version: 0.10.1 repository: https://charts.jetstack.io condition: installCertManager - diff --git a/staging/cert-manager-setup/templates/clusterrole.yaml b/staging/cert-manager-setup/templates/clusterrole.yaml index d66bba43f..82bccf1fd 100644 --- a/staging/cert-manager-setup/templates/clusterrole.yaml +++ b/staging/cert-manager-setup/templates/clusterrole.yaml @@ -1,12 +1,17 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: read-apiservices + name: cert-manager-setup-apiservices annotations: helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: "before-hook-creation" - "helm.sh/hook-weight": "-4" + helm.sh/hook-delete-policy: before-hook-creation + "helm.sh/hook-weight": "-7" rules: -- apiGroups: ["apiregistration.k8s.io"] - resources: ["apiservices"] - verbs: ["get", "watch", "list"] +- apiGroups: + - "apiregistration.k8s.io" + resources: + - "apiservices" + verbs: + - "get" + - "watch" + - "list" diff --git a/staging/cert-manager-setup/templates/clusterrolebinding.yaml b/staging/cert-manager-setup/templates/clusterrolebinding.yaml index 2f169e396..ed9cc7dcb 100644 --- a/staging/cert-manager-setup/templates/clusterrolebinding.yaml +++ b/staging/cert-manager-setup/templates/clusterrolebinding.yaml @@ -1,17 +1,17 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: read-apiservices-rolebinding + name: cert-manager-setup-apiservices namespace: {{ .Release.Namespace }} annotations: helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-delete-policy: "before-hook-creation" - "helm.sh/hook-weight": "-3" + helm.sh/hook-delete-policy: before-hook-creation + "helm.sh/hook-weight": "-7" subjects: - kind: ServiceAccount namespace: {{ .Release.Namespace }} name: default roleRef: kind: ClusterRole - name: read-apiservices + name: cert-manager-setup-apiservices apiGroup: rbac.authorization.k8s.io diff --git a/staging/cert-manager-setup/templates/post-install-hook-job.yaml b/staging/cert-manager-setup/templates/post-install-hook-job.yaml index 9c26a260e..7586d5351 100644 --- a/staging/cert-manager-setup/templates/post-install-hook-job.yaml +++ b/staging/cert-manager-setup/templates/post-install-hook-job.yaml @@ -2,6 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: name: {{ include "cert-manager-setup.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cert-manager-setup.labels" . | indent 4 }} annotations: @@ -13,31 +14,10 @@ spec: metadata: name: "wait-for-cert-manager-webhook" spec: + serviceAccountName: default restartPolicy: Never containers: - name: {{ .Chart.Name }} image: bitnami/kubectl:latest imagePullPolicy: IfNotPresent - command: ["kubectl", "wait", "--for=condition=Available", "--timeout=300s", "apiservice", "v1beta1.webhook.certmanager.k8s.io"] ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "cert-manager-setup.fullname" . }}-sleep - labels: -{{ include "cert-manager-setup.labels" . | indent 4 }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation -spec: - template: - metadata: - name: "sleep" - spec: - restartPolicy: Never - containers: - - name: {{ .Chart.Name }} - image: ubuntu:xenial - imagePullPolicy: IfNotPresent - command: ["sleep", "30"] + command: ["kubectl", "wait", "--for=condition=Available", "--timeout=360s", "apiservice", "v1beta1.webhook.certmanager.k8s.io"] \ No newline at end of file diff --git a/staging/cert-manager-setup/values.yaml b/staging/cert-manager-setup/values.yaml index 3d951ae4c..62e2e3488 100644 --- a/staging/cert-manager-setup/values.yaml +++ b/staging/cert-manager-setup/values.yaml @@ -12,7 +12,7 @@ issuers: [] certificates: [] # - name: kubernetes-intermediate-ca # # where to store this certificate -# secretName: my-certificate-secret +# secretName: kubernetes-intermediate-ca # issuerRef: # name: kubernetes-root-issuer # kind: Issuer