Use cert-manager to secure APIService resource

Signed-off-by: James Munnelly <james@munnelly.eu>
2025-12-25 10:12:38 +01:00 · 2019-04-29 18:09:16 +01:00
parent 3935fd70e7
commit 2c01592255
4 changed files with 105 additions and 1 deletions
--- a/deploy/example-webhook/templates/deployment.yaml
+++ b/deploy/example-webhook/templates/deployment.yaml
@@ -24,6 +24,9 @@ spec:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - --tls-cert-file=/tls/tls.crt
+            - --tls-private-key-file=/tls/tls.key
          env:
            - name: GROUP_NAME
              value: {{ .Values.groupName | quote }}
@@ -41,8 +44,16 @@ spec:
              scheme: HTTPS
              path: /healthz
              port: https
+          volumeMounts:
+            - name: certs
+              mountPath: /tls
+              readOnly: true
          resources:
 {{ toYaml .Values.resources | indent 12 }}
+      volumes:
+        - name: certs
+          secret:
+            secretName: {{ include "example-webhook.servingCertificate" . }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
 {{ toYaml . | indent 8 }}