From 627b2c7507f384e2665e131fcd2aca5bb429f265 Mon Sep 17 00:00:00 2001 From: Travis Holton Date: Thu, 19 Dec 2024 19:23:30 +1300 Subject: [PATCH] feat: Allow additional SANS for web certificate This makes it possible to include extra variants of the service-name that aren't captured by the {{ include "capsule.fullname" }} macro Signed-off-by: Travis Holton Update charts/capsule/README.md Co-authored-by: Dario Tranchitella --- charts/capsule/README.md | 1 + charts/capsule/templates/certificate.yaml | 3 +++ charts/capsule/values.yaml | 3 ++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/capsule/README.md b/charts/capsule/README.md index f39e38f5..808a1a42 100644 --- a/charts/capsule/README.md +++ b/charts/capsule/README.md @@ -99,6 +99,7 @@ Here the values you can override: |-----|------|---------|-------------| | affinity | object | `{}` | Set affinity rules for the Capsule pod | | certManager.generateCertificates | bool | `false` | Specifies whether capsule webhooks certificates should be generated using cert-manager | +| certManager.additionalSANS | list | `[]` | Specify additional SAN to add to the certificate | | customAnnotations | object | `{}` | Additional annotations which will be added to all resources created by Capsule helm chart | | customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart | | imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry. | diff --git a/charts/capsule/templates/certificate.yaml b/charts/capsule/templates/certificate.yaml index 29d6ff4d..9ad96f05 100644 --- a/charts/capsule/templates/certificate.yaml +++ b/charts/capsule/templates/certificate.yaml @@ -27,6 +27,9 @@ spec: dnsNames: - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.cluster.local + {{- range .Values.certManager.additionalSANS }} + - {{ toYaml . }} + {{- end }} issuerRef: kind: Issuer name: {{ include "capsule.fullname" . }}-webhook-selfsigned diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml index 5d486395..061f8d58 100644 --- a/charts/capsule/values.yaml +++ b/charts/capsule/values.yaml @@ -212,7 +212,8 @@ serviceAccount: certManager: # -- Specifies whether capsule webhooks certificates should be generated using cert-manager generateCertificates: false - + # -- Specify additional SANS to add to the certificate + additionalSANS: [] # -- Additional labels which will be added to all resources created by Capsule helm chart customLabels: {}