From ed9e1d4c47087c35f9d7fc97a59072ff08113cf9 Mon Sep 17 00:00:00 2001 From: Travis Holton Date: Tue, 24 Dec 2024 20:05:20 +1300 Subject: [PATCH] feat: Allow additional SANS for web certificate (#1303) This makes it possible to include extra variants of the service-name that aren't captured by the {{ include "capsule.fullname" }} macro Co-authored-by: Travis Holton Co-authored-by: Dario Tranchitella --- charts/capsule/README.md | 1 + charts/capsule/templates/certificate.yaml | 3 +++ charts/capsule/values.yaml | 3 ++- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/charts/capsule/README.md b/charts/capsule/README.md index f39e38f5..32e5ffa3 100644 --- a/charts/capsule/README.md +++ b/charts/capsule/README.md @@ -98,6 +98,7 @@ Here the values you can override: | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Set affinity rules for the Capsule pod | +| certManager.additionalSANS | list | `[]` | Specify additional SANS to add to the certificate | | certManager.generateCertificates | bool | `false` | Specifies whether capsule webhooks certificates should be generated using cert-manager | | customAnnotations | object | `{}` | Additional annotations which will be added to all resources created by Capsule helm chart | | customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart | diff --git a/charts/capsule/templates/certificate.yaml b/charts/capsule/templates/certificate.yaml index 29d6ff4d..9ad96f05 100644 --- a/charts/capsule/templates/certificate.yaml +++ b/charts/capsule/templates/certificate.yaml @@ -27,6 +27,9 @@ spec: dnsNames: - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.cluster.local + {{- range .Values.certManager.additionalSANS }} + - {{ toYaml . }} + {{- end }} issuerRef: kind: Issuer name: {{ include "capsule.fullname" . }}-webhook-selfsigned diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml index 5d486395..061f8d58 100644 --- a/charts/capsule/values.yaml +++ b/charts/capsule/values.yaml @@ -212,7 +212,8 @@ serviceAccount: certManager: # -- Specifies whether capsule webhooks certificates should be generated using cert-manager generateCertificates: false - + # -- Specify additional SANS to add to the certificate + additionalSANS: [] # -- Additional labels which will be added to all resources created by Capsule helm chart customLabels: {}