Skip to content

Commit

Permalink
added rbac secret-reader to helm
Browse files Browse the repository at this point in the history
  • Loading branch information
happytreees committed Jul 10, 2023
1 parent a61133c commit 5b142fe
Show file tree
Hide file tree
Showing 3 changed files with 66 additions and 0 deletions.
39 changes: 39 additions & 0 deletions deploy/cert-manager-webhook-vultr/templates/issuers.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: vultr-letsencrypt-staging
spec:
acme:
email: {{ .Values.certManager.email }}
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: vultr-letsencrypt-staging
solvers:
- dns01:
webhook:
groupName: acme.vultr.com
solverName: vultr
config:
apiKeySecretRef:
key: apiKey
name: {{ .Values.secretName }}
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: vultr-letsencrypt-prod
spec:
acme:
email: {{ .Values.certManager.email }}
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: vultr-letsencrypt-prod
solvers:
- dns01:
webhook:
groupName: acme.vultr.com
solverName: vultr
config:
apiKeySecretRef:
key: apiKey
name: {{ .Values.secretName }}
25 changes: 25 additions & 0 deletions deploy/cert-manager-webhook-vultr/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -126,3 +126,28 @@ subjects:
kind: ServiceAccount
name: {{ include "cert-manager-webhook-vultr.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "cert-manager-webhook-vultr.fullname" . }}:secret-reader
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: [{{ .Values.secretName }}]
verbs: ["get", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "cert-manager-webhook-vultr.fullname" . }}:secret-reader
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "cert-manager-webhook-vultr.fullname" . }}:secret-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ .Values.certManager.serviceAccountName }}
2 changes: 2 additions & 0 deletions deploy/cert-manager-webhook-vultr/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,12 @@
# This group name should be **unique**, hence using your own company's domain
# here is recommended.
groupName: acme.vultr.com
secretName: vultr-credentials

certManager:
namespace: cert-manager
serviceAccountName: cert-manager
email: [email protected]

image:
repository: vultr/cert-manager-webhook-vultr
Expand Down

0 comments on commit 5b142fe

Please sign in to comment.