✨ Add deployment overrides to templates

[omerap12]

What this PR does / why we need it: Adding option to override certain configuration in the following resources: addon bootstrap control-plane core-conditions core infra-conditions infra

Example of values.yaml snippet:

---
# ---
# Cluster API provider options
core: override-test-core
bootstrap: override-test-core
controlPlane: override-test-core
infrastructure: override-test-core
addon: override-test-core
manager.featureGates: {}
# ---
# Common configuration secret options
configSecret: {}
# ---
# CAPI operator deployment options
logLevel: 2
replicaCount: 1
leaderElection:
  enabled: true
image:
  manager:
    repository: gcr.io/k8s-staging-capi-operator/cluster-api-operator
    tag: dev
    pullPolicy: IfNotPresent
env:
  manager: []
healthAddr: ":8081"
metricsBindAddr: "127.0.0.1:8080"
diagnosticsAddress: "8443"
insecureDiagnostics: false
imagePullSecrets: {}
resources:
  manager:
    limits:
      cpu: 100m
      memory: 150Mi
    requests:
      cpu: 100m
      memory: 100Mi
containerSecurityContext: {}
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: kubernetes.io/arch
              operator: In
              values:
                - amd64
                - arm64
                - ppc64le
            - key: kubernetes.io/os
              operator: In
              values:
                - linux
tolerations:
  - effect: NoSchedule
    key: node-role.kubernetes.io/master
  - effect: NoSchedule
    key: node-role.kubernetes.io/control-plane
volumes:
  - name: cert
    secret:
      defaultMode: 420
      secretName: capi-operator-webhook-service-cert
volumeMounts:
  manager:
    - mountPath: /tmp/k8s-webhook-server/serving-certs
      name: cert
      readOnly: true

deploymentOverride:
  addon:
    containers:
    - name: manager
      imageUrl: "test.org/cluster-api-provider-aws/cluster-api-provider-aws-controller:v0.6.0"
  core:
    containers:
    - name: manager
      imageUrl: "test.org/cluster-api/cluster-api-controller:v1.7.1"
  infrastructure:
    deployment:
      containers:
      - name: manager
        imageUrl: "test.org/cluster-api-vsphere/cluster-api-vsphere-controller:v1.10.0"
  bootstrap:
    deployment:
      containers:
      - name: manager
        imageUrl: "test.org/cluster-api-bootstrap-provider-kubeadm/cluster-api-kubeadm-controller:v0.4.0"
  controlPlane:
    deployment:
      containers:
      - name: manager
        imageUrl: "test.org/cluster-api-control-plane/cluster-api-control-plane-controller:v0.4.0"
  coreConditions:
    containers:
    - name: manager
      imageUrl: "test.org/cluster-api/cluster-api-controller:v1.7.1"
  infraConditions:
    containers:
    - name: manager
      imageUrl: "test.org/cluster-api/cluster-api-controller:v1.7.1"

Output be like:

---
# Source: cluster-api-operator/charts/cert-manager/templates/cainjector-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
  name: release-name-cert-manager-cainjector
  namespace: default
  labels:
    app: cainjector
    app.kubernetes.io/name: cainjector
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cainjector"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
---
# Source: cluster-api-operator/charts/cert-manager/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
  name: release-name-cert-manager
  namespace: default
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
---
# Source: cluster-api-operator/charts/cert-manager/templates/webhook-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
  name: release-name-cert-manager-webhook
  namespace: default
  labels:
    app: webhook
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
---
# Source: cluster-api-operator/charts/cert-manager/templates/cainjector-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-cainjector
  labels:
    app: cainjector
    app.kubernetes.io/name: cainjector
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cainjector"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["get", "create", "update", "patch"]
  - apiGroups: ["admissionregistration.k8s.io"]
    resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
    verbs: ["get", "list", "watch", "update", "patch"]
  - apiGroups: ["apiregistration.k8s.io"]
    resources: ["apiservices"]
    verbs: ["get", "list", "watch", "update", "patch"]
  - apiGroups: ["apiextensions.k8s.io"]
    resources: ["customresourcedefinitions"]
    verbs: ["get", "list", "watch", "update", "patch"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
# Issuer controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-controller-issuers
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["issuers", "issuers/status"]
    verbs: ["update", "patch"]
  - apiGroups: ["cert-manager.io"]
    resources: ["issuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch", "create", "update", "delete"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
# ClusterIssuer controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-controller-clusterissuers
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["clusterissuers", "clusterissuers/status"]
    verbs: ["update", "patch"]
  - apiGroups: ["cert-manager.io"]
    resources: ["clusterissuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch", "create", "update", "delete"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
# Certificates controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-controller-certificates
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
    verbs: ["update", "patch"]
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"]
    verbs: ["get", "list", "watch"]
  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
  # admission controller enabled:
  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates/finalizers", "certificaterequests/finalizers"]
    verbs: ["update"]
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["orders"]
    verbs: ["create", "delete", "get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
# Orders controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-controller-orders
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["orders", "orders/status"]
    verbs: ["update", "patch"]
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["orders", "challenges"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["cert-manager.io"]
    resources: ["clusterissuers", "issuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges"]
    verbs: ["create", "delete"]
  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
  # admission controller enabled:
  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["orders/finalizers"]
    verbs: ["update"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
# Challenges controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-controller-challenges
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  # Use to update challenge resource status
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges", "challenges/status"]
    verbs: ["update", "patch"]
  # Used to watch challenge resources
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges"]
    verbs: ["get", "list", "watch"]
  # Used to watch challenges, issuer and clusterissuer resources
  - apiGroups: ["cert-manager.io"]
    resources: ["issuers", "clusterissuers"]
    verbs: ["get", "list", "watch"]
  # Need to be able to retrieve ACME account private key to complete challenges
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
  # Used to create events
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch"]
  # HTTP01 rules
  - apiGroups: [""]
    resources: ["pods", "services"]
    verbs: ["get", "list", "watch", "create", "delete"]
  - apiGroups: ["networking.k8s.io"]
    resources: ["ingresses"]
    verbs: ["get", "list", "watch", "create", "delete", "update"]
  - apiGroups: [ "gateway.networking.k8s.io" ]
    resources: [ "httproutes" ]
    verbs: ["get", "list", "watch", "create", "delete", "update"]
  # We require the ability to specify a custom hostname when we are creating
  # new ingress resources.
  # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148
  - apiGroups: ["route.openshift.io"]
    resources: ["routes/custom-host"]
    verbs: ["create"]
  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
  # admission controller enabled:
  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges/finalizers"]
    verbs: ["update"]
  # DNS01 rules (duplicated above)
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
# ingress-shim controller role
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-controller-ingress-shim
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests"]
    verbs: ["create", "update", "delete"]
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["networking.k8s.io"]
    resources: ["ingresses"]
    verbs: ["get", "list", "watch"]
  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
  # admission controller enabled:
  # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
  - apiGroups: ["networking.k8s.io"]
    resources: ["ingresses/finalizers"]
    verbs: ["update"]
  - apiGroups: ["gateway.networking.k8s.io"]
    resources: ["gateways", "httproutes"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["gateway.networking.k8s.io"]
    resources: ["gateways/finalizers", "httproutes/finalizers"]
    verbs: ["update"]
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["create", "patch"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-cluster-view
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
    rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["clusterissuers"]
    verbs: ["get", "list", "watch"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-view
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
    rbac.authorization.k8s.io/aggregate-to-view: "true"
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
    rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests", "issuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges", "orders"]
    verbs: ["get", "list", "watch"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-edit
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
    rbac.authorization.k8s.io/aggregate-to-edit: "true"
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates", "certificaterequests", "issuers"]
    verbs: ["create", "delete", "deletecollection", "patch", "update"]
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates/status"]
    verbs: ["update"]
  - apiGroups: ["acme.cert-manager.io"]
    resources: ["challenges", "orders"]
    verbs: ["create", "delete", "deletecollection", "patch", "update"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
# Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-controller-approve:cert-manager-io
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cert-manager"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["signers"]
    verbs: ["approve"]
    resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
# Permission to:
# - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers
# - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-controller-certificatesigningrequests
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cert-manager"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  - apiGroups: ["certificates.k8s.io"]
    resources: ["certificatesigningrequests"]
    verbs: ["get", "list", "watch", "update"]
  - apiGroups: ["certificates.k8s.io"]
    resources: ["certificatesigningrequests/status"]
    verbs: ["update", "patch"]
  - apiGroups: ["certificates.k8s.io"]
    resources: ["signers"]
    resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
    verbs: ["sign"]
  - apiGroups: ["authorization.k8s.io"]
    resources: ["subjectaccessreviews"]
    verbs: ["create"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/webhook-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: release-name-cert-manager-webhook:subjectaccessreviews
  labels:
    app: webhook
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
- apiGroups: ["authorization.k8s.io"]
  resources: ["subjectaccessreviews"]
  verbs: ["create"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/cainjector-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-cainjector
  labels:
    app: cainjector
    app.kubernetes.io/name: cainjector
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cainjector"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-cainjector
subjects:
  - name: release-name-cert-manager-cainjector
    namespace: default
    kind: ServiceAccount
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-controller-issuers
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-controller-issuers
subjects:
  - name: release-name-cert-manager
    namespace: default
    kind: ServiceAccount
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-controller-clusterissuers
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-controller-clusterissuers
subjects:
  - name: release-name-cert-manager
    namespace: default
    kind: ServiceAccount
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-controller-certificates
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-controller-certificates
subjects:
  - name: release-name-cert-manager
    namespace: default
    kind: ServiceAccount
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-controller-orders
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-controller-orders
subjects:
  - name: release-name-cert-manager
    namespace: default
    kind: ServiceAccount
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-controller-challenges
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-controller-challenges
subjects:
  - name: release-name-cert-manager
    namespace: default
    kind: ServiceAccount
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-controller-ingress-shim
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-controller-ingress-shim
subjects:
  - name: release-name-cert-manager
    namespace: default
    kind: ServiceAccount
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-controller-approve:cert-manager-io
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cert-manager"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-controller-approve:cert-manager-io
subjects:
  - name: release-name-cert-manager
    namespace: default
    kind: ServiceAccount
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-controller-certificatesigningrequests
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cert-manager"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-controller-certificatesigningrequests
subjects:
  - name: release-name-cert-manager
    namespace: default
    kind: ServiceAccount
---
# Source: cluster-api-operator/charts/cert-manager/templates/webhook-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: release-name-cert-manager-webhook:subjectaccessreviews
  labels:
    app: webhook
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: release-name-cert-manager-webhook:subjectaccessreviews
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: release-name-cert-manager-webhook
  namespace: default
---
# Source: cluster-api-operator/charts/cert-manager/templates/cainjector-rbac.yaml
# leader election rules
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: release-name-cert-manager-cainjector:leaderelection
  namespace: kube-system
  labels:
    app: cainjector
    app.kubernetes.io/name: cainjector
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cainjector"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  # Used for leader election by the controller
  # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller
  #   see cmd/cainjector/start.go#L113
  # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller
  #   see cmd/cainjector/start.go#L137
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
    verbs: ["get", "update", "patch"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["create"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: release-name-cert-manager:leaderelection
  namespace: kube-system
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    resourceNames: ["cert-manager-controller"]
    verbs: ["get", "update", "patch"]
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["create"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/webhook-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: release-name-cert-manager-webhook:dynamic-serving
  namespace: default
  labels:
    app: webhook
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
rules:
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames:
  - 'release-name-cert-manager-webhook-ca'
  verbs: ["get", "list", "watch", "update"]
# It's not possible to grant CREATE permission on a single resourceName.
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["create"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/cainjector-rbac.yaml
# grant cert-manager permission to manage the leaderelection configmap in the
# leader election namespace
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: release-name-cert-manager-cainjector:leaderelection
  namespace: kube-system
  labels:
    app: cainjector
    app.kubernetes.io/name: cainjector
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cainjector"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: release-name-cert-manager-cainjector:leaderelection
subjects:
  - kind: ServiceAccount
    name: release-name-cert-manager-cainjector
    namespace: default
---
# Source: cluster-api-operator/charts/cert-manager/templates/rbac.yaml
# grant cert-manager permission to manage the leaderelection configmap in the
# leader election namespace
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: release-name-cert-manager:leaderelection
  namespace: kube-system
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: release-name-cert-manager:leaderelection
subjects:
  - apiGroup: ""
    kind: ServiceAccount
    name: release-name-cert-manager
    namespace: default
---
# Source: cluster-api-operator/charts/cert-manager/templates/webhook-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: release-name-cert-manager-webhook:dynamic-serving
  namespace: default
  labels:
    app: webhook
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: release-name-cert-manager-webhook:dynamic-serving
subjects:
- apiGroup: ""
  kind: ServiceAccount
  name: release-name-cert-manager-webhook
  namespace: default
---
# Source: cluster-api-operator/charts/cert-manager/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: release-name-cert-manager
  namespace: default
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
spec:
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 9402
    name: tcp-prometheus-servicemonitor
    targetPort: 9402
  selector:
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
---
# Source: cluster-api-operator/charts/cert-manager/templates/webhook-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: release-name-cert-manager-webhook
  namespace: default
  labels:
    app: webhook
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
spec:
  type: ClusterIP
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: "https"
  selector:
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
---
# Source: cluster-api-operator/charts/cert-manager/templates/cainjector-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: release-name-cert-manager-cainjector
  namespace: default
  labels:
    app: cainjector
    app.kubernetes.io/name: cainjector
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "cainjector"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: cainjector
      app.kubernetes.io/instance: release-name
      app.kubernetes.io/component: "cainjector"
  template:
    metadata:
      labels:
        app: cainjector
        app.kubernetes.io/name: cainjector
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/component: "cainjector"
        app.kubernetes.io/version: "v1.14.5"
        app.kubernetes.io/managed-by: Helm
        helm.sh/chart: cert-manager-v1.14.5
    spec:
      serviceAccountName: release-name-cert-manager-cainjector
      enableServiceLinks: false
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: cert-manager-cainjector
          image: "quay.io/jetstack/cert-manager-cainjector:v1.14.5"
          imagePullPolicy: IfNotPresent
          args:
          - --v=2
          - --leader-election-namespace=kube-system
          env:
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
      nodeSelector:
        kubernetes.io/os: linux
---
# Source: cluster-api-operator/charts/cert-manager/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: release-name-cert-manager
  namespace: default
  labels:
    app: cert-manager
    app.kubernetes.io/name: cert-manager
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: cert-manager
      app.kubernetes.io/instance: release-name
      app.kubernetes.io/component: "controller"
  template:
    metadata:
      labels:
        app: cert-manager
        app.kubernetes.io/name: cert-manager
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/component: "controller"
        app.kubernetes.io/version: "v1.14.5"
        app.kubernetes.io/managed-by: Helm
        helm.sh/chart: cert-manager-v1.14.5
      annotations:
        prometheus.io/path: "/metrics"
        prometheus.io/scrape: 'true'
        prometheus.io/port: '9402'
    spec:
      serviceAccountName: release-name-cert-manager
      enableServiceLinks: false
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: cert-manager-controller
          image: "quay.io/jetstack/cert-manager-controller:v1.14.5"
          imagePullPolicy: IfNotPresent
          args:
          - --v=2
          - --cluster-resource-namespace=$(POD_NAMESPACE)
          - --leader-election-namespace=kube-system
          - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.14.5
          - --max-concurrent-challenges=60
          ports:
          - containerPort: 9402
            name: http-metrics
            protocol: TCP
          - containerPort: 9403
            name: http-healthz
            protocol: TCP
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          env:
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          # LivenessProbe settings are based on those used for the Kubernetes
          # controller-manager. See:
          # https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245
          livenessProbe:
            httpGet:
              port: http-healthz
              path: /livez
              scheme: HTTP
            initialDelaySeconds: 10
            periodSeconds: 10
            timeoutSeconds: 15
            successThreshold: 1
            failureThreshold: 8
      nodeSelector:
        kubernetes.io/os: linux
---
# Source: cluster-api-operator/charts/cert-manager/templates/webhook-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: release-name-cert-manager-webhook
  namespace: default
  labels:
    app: webhook
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: webhook
      app.kubernetes.io/instance: release-name
      app.kubernetes.io/component: "webhook"
  template:
    metadata:
      labels:
        app: webhook
        app.kubernetes.io/name: webhook
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/component: "webhook"
        app.kubernetes.io/version: "v1.14.5"
        app.kubernetes.io/managed-by: Helm
        helm.sh/chart: cert-manager-v1.14.5
    spec:
      serviceAccountName: release-name-cert-manager-webhook
      enableServiceLinks: false
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: cert-manager-webhook
          image: "quay.io/jetstack/cert-manager-webhook:v1.14.5"
          imagePullPolicy: IfNotPresent
          args:
          - --v=2
          - --secure-port=10250
          - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
          - --dynamic-serving-ca-secret-name=release-name-cert-manager-webhook-ca
          - --dynamic-serving-dns-names=release-name-cert-manager-webhook
          - --dynamic-serving-dns-names=release-name-cert-manager-webhook.$(POD_NAMESPACE)
          - --dynamic-serving-dns-names=release-name-cert-manager-webhook.$(POD_NAMESPACE).svc

          ports:
          - name: https
            protocol: TCP
            containerPort: 10250
          - name: healthcheck
            protocol: TCP
            containerPort: 6080
          livenessProbe:
            httpGet:
              path: /livez
              port: 6080
              scheme: HTTP
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /healthz
              port: 6080
              scheme: HTTP
            initialDelaySeconds: 5
            periodSeconds: 5
            timeoutSeconds: 1
            successThreshold: 1
            failureThreshold: 3
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          env:
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
      nodeSelector:
        kubernetes.io/os: linux
---
# Source: cluster-api-operator/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: release-name-cluster-api-operator
  namespace: 'default'
  labels:
    app: cluster-api-operator
    app.kubernetes.io/name: cluster-api-operator
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "controller"
    control-plane: controller-manager
    clusterctl.cluster.x-k8s.io/core: capi-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: cluster-api-operator
      app.kubernetes.io/instance: release-name
      app.kubernetes.io/component: "controller"
      control-plane: controller-manager
      clusterctl.cluster.x-k8s.io/core: capi-operator
  template:
    metadata:
      labels:
        app: cluster-api-operator
        app.kubernetes.io/name: cluster-api-operator
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/component: "controller"
        control-plane: controller-manager
        clusterctl.cluster.x-k8s.io/core: capi-operator
    spec:
      containers:
      - args:
        - --v=2
        - --health-addr=:8081
        - --metrics-bind-addr=127.0.0.1:8080
        - --diagnostics-address=8443
        - --leader-elect=true
        command:
        - /manager
        image: "gcr.io/k8s-staging-capi-operator/cluster-api-operator:dev"
        imagePullPolicy: IfNotPresent
        name: manager
        ports:
        - containerPort: 9443
          name: webhook-server
          protocol: TCP
        - containerPort: 8080
          name: metrics
          protocol: TCP
        resources:
            limits:
              cpu: 100m
              memory: 150Mi
            requests:
              cpu: 100m
              memory: 100Mi
        volumeMounts:
            - mountPath: /tmp/k8s-webhook-server/serving-certs
              name: cert
              readOnly: true
      terminationGracePeriodSeconds: 10
      volumes:
        - name: cert
          secret:
            defaultMode: 420
            secretName: capi-operator-webhook-service-cert
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - amd64
                - arm64
                - ppc64le
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
      tolerations:
        - effect: NoSchedule
          key: node-role.kubernetes.io/master
        - effect: NoSchedule
          key: node-role.kubernetes.io/control-plane
---
# Source: cluster-api-operator/templates/addon.yaml
# Addon provider
---
# Source: cluster-api-operator/templates/bootstrap.yaml
# Bootstrap provider
---
# Source: cluster-api-operator/templates/control-plane.yaml
# Control plane provider
---
# Source: cluster-api-operator/templates/core-conditions.yaml
# Deploy core components if not specified
---
# Source: cluster-api-operator/templates/core.yaml
# Core provider
---
# Source: cluster-api-operator/templates/infra-conditions.yaml
# Deploy bootstrap, and infrastructure components if not specified
---
# Source: cluster-api-operator/templates/infra.yaml
# Infrastructure providers
---
# Source: cluster-api-operator/charts/cert-manager/templates/webhook-mutating-webhook.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: release-name-cert-manager-webhook
  labels:
    app: webhook
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
  annotations:
    cert-manager.io/inject-ca-from-secret: "default/release-name-cert-manager-webhook-ca"
webhooks:
  - name: webhook.cert-manager.io
    rules:
      - apiGroups:
          - "cert-manager.io"
        apiVersions:
          - "v1"
        operations:
          - CREATE
        resources:
          - "certificaterequests"
    admissionReviewVersions: ["v1"]
    # This webhook only accepts v1 cert-manager resources.
    # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
    # this webhook (after the resources have been converted to v1).
    matchPolicy: Equivalent
    timeoutSeconds: 30
    failurePolicy: Fail
    # Only include 'sideEffects' field in Kubernetes 1.12+
    sideEffects: None
    clientConfig:
      service:
        name: release-name-cert-manager-webhook
        namespace: default
        path: /mutate
---
# Source: cluster-api-operator/charts/cert-manager/templates/webhook-validating-webhook.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: release-name-cert-manager-webhook
  labels:
    app: webhook
    app.kubernetes.io/name: webhook
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "webhook"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
  annotations:
    cert-manager.io/inject-ca-from-secret: "default/release-name-cert-manager-webhook-ca"
webhooks:
  - name: webhook.cert-manager.io
    namespaceSelector:
      matchExpressions:
      - key: cert-manager.io/disable-validation
        operator: NotIn
        values:
        - "true"
    rules:
      - apiGroups:
          - "cert-manager.io"
          - "acme.cert-manager.io"
        apiVersions:
          - "v1"
        operations:
          - CREATE
          - UPDATE
        resources:
          - "*/*"
    admissionReviewVersions: ["v1"]
    # This webhook only accepts v1 cert-manager resources.
    # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
    # this webhook (after the resources have been converted to v1).
    matchPolicy: Equivalent
    timeoutSeconds: 30
    failurePolicy: Fail
    sideEffects: None
    clientConfig:
      service:
        name: release-name-cert-manager-webhook
        namespace: default
        path: /validate
---
# Source: cluster-api-operator/templates/addon.yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "1"
  name: override-test-core-addon-system
---
# Source: cluster-api-operator/templates/bootstrap.yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "1"
  name: override-test-core-bootstrap-system
---
# Source: cluster-api-operator/templates/control-plane.yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "1"
  name: override-test-core-control-plane-system
---
# Source: cluster-api-operator/templates/core.yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "1"
  name: capi-system
---
# Source: cluster-api-operator/templates/infra.yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "1"
  name: override-test-core-infrastructure-system
---
# Source: cluster-api-operator/charts/cert-manager/templates/startupapicheck-serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
automountServiceAccountToken: true
metadata:
  name: release-name-cert-manager-startupapicheck
  namespace: default
  annotations:
    helm.sh/hook: post-install
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    helm.sh/hook-weight: "-5"
  labels:
    app: startupapicheck
    app.kubernetes.io/name: startupapicheck
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "startupapicheck"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
---
# Source: cluster-api-operator/charts/cert-manager/templates/startupapicheck-rbac.yaml
# create certificate role
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: release-name-cert-manager-startupapicheck:create-cert
  namespace: default
  labels:
    app: startupapicheck
    app.kubernetes.io/name: startupapicheck
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "startupapicheck"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
  annotations:
    helm.sh/hook: post-install
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    helm.sh/hook-weight: "-5"
rules:
  - apiGroups: ["cert-manager.io"]
    resources: ["certificates"]
    verbs: ["create"]
---
# Source: cluster-api-operator/charts/cert-manager/templates/startupapicheck-rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: release-name-cert-manager-startupapicheck:create-cert
  namespace: default
  labels:
    app: startupapicheck
    app.kubernetes.io/name: startupapicheck
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "startupapicheck"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
  annotations:
    helm.sh/hook: post-install
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    helm.sh/hook-weight: "-5"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: release-name-cert-manager-startupapicheck:create-cert
subjects:
  - kind: ServiceAccount
    name: release-name-cert-manager-startupapicheck
    namespace: default
---
# Source: cluster-api-operator/charts/cert-manager/templates/startupapicheck-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
  name: release-name-cert-manager-startupapicheck
  namespace: default
  labels:
    app: startupapicheck
    app.kubernetes.io/name: startupapicheck
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/component: "startupapicheck"
    app.kubernetes.io/version: "v1.14.5"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: cert-manager-v1.14.5
  annotations:
    helm.sh/hook: post-install
    helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
    helm.sh/hook-weight: "1"
spec:
  backoffLimit: 4
  template:
    metadata:
      labels:
        app: startupapicheck
        app.kubernetes.io/name: startupapicheck
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/component: "startupapicheck"
        app.kubernetes.io/version: "v1.14.5"
        app.kubernetes.io/managed-by: Helm
        helm.sh/chart: cert-manager-v1.14.5
    spec:
      restartPolicy: OnFailure
      serviceAccountName: release-name-cert-manager-startupapicheck
      enableServiceLinks: false
      securityContext:
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: cert-manager-startupapicheck
          image: "quay.io/jetstack/cert-manager-startupapicheck:v1.14.5"
          imagePullPolicy: IfNotPresent
          args:
          - check
          - api
          - --wait=1m
          - -v
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
      nodeSelector:
        kubernetes.io/os: linux
---
# Source: cluster-api-operator/templates/addon.yaml
apiVersion: operator.cluster.x-k8s.io/v1alpha2
kind: AddonProvider
metadata:
  name: override-test-core
  namespace: override-test-core-addon-system
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "2"

  containers:
  - imageUrl: test.org/cluster-api-provider-aws/cluster-api-provider-aws-controller:v0.6.0
    name: manager
---
# Source: cluster-api-operator/templates/bootstrap.yaml
apiVersion: operator.cluster.x-k8s.io/v1alpha2
kind: BootstrapProvider
metadata:
  name: override-test-core
  namespace: override-test-core-bootstrap-system
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "2"

  deployment:
    containers:
    - imageUrl: test.org/cluster-api-bootstrap-provider-kubeadm/cluster-api-kubeadm-controller:v0.4.0
      name: manager
---
# Source: cluster-api-operator/templates/control-plane.yaml
apiVersion: operator.cluster.x-k8s.io/v1alpha2
kind: ControlPlaneProvider
metadata:
  name: override-test-core
  namespace: override-test-core-control-plane-system
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "2"

  deployment:
    containers:
    - imageUrl: test.org/cluster-api-control-plane/cluster-api-control-plane-controller:v0.4.0
      name: manager
---
# Source: cluster-api-operator/templates/core.yaml
apiVersion: operator.cluster.x-k8s.io/v1alpha2
kind: CoreProvider
metadata:
  name: override-test-core
  namespace: capi-system
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "2"

  containers:
  - imageUrl: test.org/cluster-api/cluster-api-controller:v1.7.1
    name: manager
---
# Source: cluster-api-operator/templates/infra.yaml
apiVersion: operator.cluster.x-k8s.io/v1alpha2
kind: InfrastructureProvider
metadata:
  name: override-test-core
  namespace: override-test-core-infrastructure-system
  annotations:
    "helm.sh/hook": "post-install"
    "helm.sh/hook-weight": "2"

  deployment:
    containers:
    - imageUrl: test.org/cluster-api-vsphere/cluster-api-vsphere-controller:v1.10.0
      name: manager

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged): Fixes #516

[linux-foundation-easycla[bot]]

The committers listed above are authorized under a signed CLA.

• :white_check_mark: login: omerap12 / name: Omer Aplatony (a51d44e2c37e00b301371aad198417f554723e25, 81527ae2f69c0fd263950a9f011c8c8c8237f288, 1a4e7fd84a1882957776adbaee56d125696f91cb, 45d8d6b5a28528859dafc417c1e30ab2d8784378)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please assign danil-grigorev for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/kubernetes-sigs/cluster-api-operator/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[k8s-ci-robot]

Welcome @omerap12!

It looks like this is your first PR to kubernetes-sigs/cluster-api-operator 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/cluster-api-operator has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. :smiley:

[k8s-ci-robot]

Hi @omerap12. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[netlify[bot]]

✅ Deploy Preview for kubernetes-sigs-cluster-api-operator ready!

Name	Link
🔨 Latest commit	45d8d6b5a28528859dafc417c1e30ab2d8784378
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cluster-api-operator/deploys/66c8699b88f4e60008b81933
😎 Deploy Preview	https://deploy-preview-525--kubernetes-sigs-cluster-api-operator.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[alexander-demicev]

/ok-to-test

[omerap12]

Of course, Ill try to do it on this weekend @alexander-demicev

[omerap12]

Hey @alexander-demicev , any update on this? should I close the PR?

[furkatgofurov7]

/retest

[furkatgofurov7]

@omerap12 hey, thanks for the PR. Can you please rebase it first, so we can then take a closer look? Thanks

[omerap12]

@omerap12 hey, thanks for the PR. Can you please rebase it first, so we can then take a closer look? Thanks

Done

[furkatgofurov7]

/retest

[furkatgofurov7]

@omerap12 hey, thanks for the PR. Can you please rebase it first, so we can then take a closer look? Thanks

Done

Looks like something went wrong with rebase, I see your branch is still behind by 32 commits. I was suspecting the rebase being the initial root cause of CI failure

[omerap12]

@omerap12 hey, thanks for the PR. Can you please rebase it first, so we can then take a closer look? Thanks

Done

Looks like something went wrong with rebase, I see your branch is still behind by 32 commits. I was suspecting the rebase being the initial root cause of CI failure

Merged master

[furkatgofurov7]

By checking the CI logs, e2e tests are not compiling properly

[omerap12]

By checking the CI logs, e2e tests are not compiling properly

When I first submitted the PR they seemed to wok lol. Ill take a look later and get this fixed

[omerap12]

@furkatgofurov7 Fixed :)

[omerap12]

btw, can I set deploymentOverride in the values file to a default of empty dict?

deploymentOverride: {}

[furkatgofurov7]

Hey, thanks. Can we also add tests for other provider types (currently, only infra provider is being added)?

[omerap12]

Hey, thanks. Can we also add tests for other provider types (currently, only infra provider is being added)?

Added another test.

[omerap12]

Please, let me rebase my changes when approved.