External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-01 01:28:11 -03:30
Code Issues Packages Projects Releases Wiki Activity

cert-manager: add trusted internal ca when configured (#8135)

Browse Source 
* cert-manager: add trusted internal ca when configured

* wrong check for inventory variable

* Update documentation
This commit is contained in:
Antoine Gatineau
2021-11-05 17:43:52 +01:00
committed by GitHub
parent 6e5b9e0ebf
commit b7eb1cf936
3 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2
View File

@@ -875,6 +875,17 @@ spec:
resources:
{}
---
{% if cert_manager_trusted_internal_ca is defined %}
apiVersion: v1
data:
internal-ca.pem: |
{{ cert_manager_trusted_internal_ca | indent(width=4, indentfirst=False) }}
kind: ConfigMap
metadata:
name: ca-internal-truststore
namespace: {{ cert_manager_namespace }}
---
{% endif %}
# Source: cert-manager/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
@@ -928,6 +939,17 @@ spec:
fieldPath: metadata.namespace
resources:
{}
{% if cert_manager_trusted_internal_ca is defined %}
volumeMounts:
- mountPath: /etc/ssl/certs/internal-ca.pem
name: ca-internal-truststore
subPath: internal-ca.pem
volumes:
- configMap:
defaultMode: 420
name: ca-internal-truststore
name: ca-internal-truststore
{% endif %}
---
# Source: cert-manager/templates/webhook-deployment.yaml
apiVersion: apps/v1