Merge pull request #123 from aiyengar2/fix_certificates_secret_name

Infer caBundle from .Values.certificates.secretName
kubernetes-sigs · Oct 17, 2023 · 545c6e0 · 545c6e0
2 parents d35d560 + 3cce8ea
commit 545c6e0
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 3 deletions.
diff --git a/charts/gmsa/templates/_helpers.tpl b/charts/gmsa/templates/_helpers.tpl
@@ -26,7 +26,9 @@ apiVersion: cert-manager.io/v1
 {{- end }}
 
 {{- define "certificates.cabundle"}}
-{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+{{- if .Values.certificates.caBundle }}
+{{- .Values.certificates.caBundle }}
+{{- else if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.certificates.secretName) -}}
 {{- if lt (len $secret) 1 -}}
 {{- required (printf "CA Bundle secret '%s' in namespace '%s' must exist" .Values.certificates.secretName .Release.Namespace) "" -}}

diff --git a/charts/gmsa/templates/mutatingwebhook.yaml b/charts/gmsa/templates/mutatingwebhook.yaml
@@ -15,7 +15,7 @@ webhooks:
         namespace: {{.Release.Namespace}}
         path: "/mutate"
       {{- if not (.Values.certificates.certManager.enabled) }}
-      caBundle: {{ .Values.certificates.caBundle }}
+      caBundle: {{ template "certificates.cabundle" . }}
       {{- end }}
     rules:
       - operations: ["CREATE"]

diff --git a/charts/gmsa/templates/validatingwebhook.yaml b/charts/gmsa/templates/validatingwebhook.yaml
@@ -15,7 +15,7 @@ webhooks:
         namespace: {{ .Release.Namespace }}
         path: "/validate"
       {{- if not (.Values.certificates.certManager.enabled) }}
-      caBundle: {{ .Values.certificates.caBundle }}
+      caBundle: {{ template "certificates.cabundle" . }}
       {{- end }}
     rules:
       - operations: ["CREATE", "UPDATE"]