129 lines
2.9 KiB
YAML
129 lines
2.9 KiB
YAML
# Adds namespace to all resources.
|
|
namespace: rke2-control-plane-system
|
|
|
|
# Value of this field is prepended to the
|
|
# names of all resources, e.g. a deployment named
|
|
# "wordpress" becomes "alices-wordpress".
|
|
# Note that it should also match with the prefix (text before '-') of the namespace
|
|
# field above.
|
|
namePrefix: rke2-control-plane-
|
|
|
|
# Labels to add to all resources and selectors.
|
|
labels:
|
|
- includeSelectors: true
|
|
pairs:
|
|
cluster.x-k8s.io/provider: control-plane-rke2
|
|
|
|
resources:
|
|
- namespace.yaml
|
|
- ../crd
|
|
- ../rbac
|
|
- ../manager
|
|
- ../webhook
|
|
- ../certmanager
|
|
|
|
patches:
|
|
# Provide customizable hook for make targets.
|
|
- path: manager_image_patch.yaml
|
|
- path: manager_pull_policy.yaml
|
|
# Enable webhook.
|
|
- path: manager_webhook_patch.yaml
|
|
# Inject certificate in the webhook definition.
|
|
- path: webhookcainjection_patch.yaml
|
|
# Enable aggregated ClusterRole aggregation
|
|
- path: manager_role_aggregation_patch.yaml
|
|
|
|
replacements:
|
|
- source:
|
|
fieldPath: .metadata.namespace
|
|
group: cert-manager.io
|
|
kind: Certificate
|
|
name: serving-cert
|
|
version: v1
|
|
targets:
|
|
- fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
create: true
|
|
delimiter: /
|
|
select:
|
|
kind: ValidatingWebhookConfiguration
|
|
- fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
create: true
|
|
delimiter: /
|
|
select:
|
|
kind: MutatingWebhookConfiguration
|
|
- fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
create: true
|
|
delimiter: /
|
|
select:
|
|
kind: CustomResourceDefinition
|
|
- source:
|
|
fieldPath: .metadata.name
|
|
group: cert-manager.io
|
|
kind: Certificate
|
|
name: serving-cert
|
|
version: v1
|
|
targets:
|
|
- fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
create: true
|
|
delimiter: /
|
|
index: 1
|
|
select:
|
|
kind: ValidatingWebhookConfiguration
|
|
- fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
create: true
|
|
delimiter: /
|
|
index: 1
|
|
select:
|
|
kind: MutatingWebhookConfiguration
|
|
- fieldPaths:
|
|
- .metadata.annotations.[cert-manager.io/inject-ca-from]
|
|
options:
|
|
create: true
|
|
delimiter: /
|
|
index: 1
|
|
select:
|
|
kind: CustomResourceDefinition
|
|
- source:
|
|
fieldPath: .metadata.name
|
|
kind: Service
|
|
name: webhook-service
|
|
version: v1
|
|
targets:
|
|
- fieldPaths:
|
|
- .spec.dnsNames.0
|
|
- .spec.dnsNames.1
|
|
options:
|
|
create: true
|
|
delimiter: .
|
|
select:
|
|
group: cert-manager.io
|
|
kind: Certificate
|
|
version: v1
|
|
- source:
|
|
fieldPath: .metadata.namespace
|
|
kind: Service
|
|
name: webhook-service
|
|
version: v1
|
|
targets:
|
|
- fieldPaths:
|
|
- .spec.dnsNames.0
|
|
- .spec.dnsNames.1
|
|
options:
|
|
create: true
|
|
delimiter: .
|
|
index: 1
|
|
select:
|
|
group: cert-manager.io
|
|
kind: Certificate
|
|
version: v1
|