Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Infer caBundle from .Values.certificates.secretName
Currently, `.Values.certificates.secretName` is no longer supported to provide the `caBundle` that should be supplied to the admission webhooks since the `certificates.cabundle` is no longer queried. This commit ensures that that functionality is restored for users who are deploying the certificate data as a k8s Secret. Here are the tests I ran with my changes: ```bash $ helm template gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle' null --- null $ helm template --set 'certificates.certManager.enabled=false' gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle' INSERT_CERTIFICATE_FROM_SECRET --- INSERT_CERTIFICATE_FROM_SECRET $ helm template --set 'certificates.certManager.enabled=false' --set 'certificates.caBundle="my-custom-ca-bundle"' gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle' $ helm template --set 'certificates.caBundle="my-custom-ca-bundle"' gmsa charts/gmsa | yq e 'select(.kind == "MutatingWebhookConfiguration" or .kind == "ValidatingWebhookConfiguration") | .webhooks[].clientConfig.caBundle' null --- null ```
- Loading branch information