search

cert-manager / webhook-example

A cert-manager sample repository for creating an ACME DNS01 solver webhook
Apache License 2.0
107 stars 419 forks source link

Question: namespace to install the resources #8

Open cmoulliard opened 4 years ago

cmoulliard commented 4 years ago

Question

As the helm chart dont contain a namespace for several resources to be deployed excepted by example here - https://gist.github.com/cmoulliard/0aaa99004f930516c57902cefae2f89a#file-gadaddy-webhook-yaml-L1-L36, where should the resources be deployed (using default namespace, ...) ?

Examples:

What should be the namespace of the this value namespace: {{ .Release.Namespace | quote }} which is not defined within the helm values file - values.yaml for issuer, certificate

apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
  name: {{ include "example-webhook.selfSignedIssuer" . }}
  namespace: {{ .Release.Namespace | quote }}

Why this RoleBinding is installed under kube-system ?

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: {{ include "example-webhook.fullname" . }}:webhook-authentication-reader
  namespace: kube-system

Another example

apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
  name: v1alpha1.{{ .Values.groupName }}
  labels:
    app: {{ include "example-webhook.name" . }}
    chart: {{ include "example-webhook.chart" . }}
    release: {{ .Release.Name }}
    heritage: {{ .Release.Service }}
  annotations:
    certmanager.k8s.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "example-webhook.servingCertificate" . }}"
spec:
  group: {{ .Values.groupName }}
  groupPriorityMinimum: 1000
  versionPriority: 15
  service:
    name: {{ include "example-webhook.fullname" . }}
    namespace: {{ .Release.Namespace }}

Is there a reason you use sometimes | quote and sometimes not to generate the namespace name ? Can this be better documented please and helm templates updated ?