alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Activity

feat: add kubelet-cerT
All checks were successful
lint-test-docker / lint-docker-compose (pull_request) Successful in 1m50s
Details
lint-test-helm / lint-helm (pull_request) Successful in 15m8s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 17m33s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-22 15:55:48 -05:00
parent f99d2e89a1
commit ea88f7bedc
5 changed files with 23 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl
View File

@@ -12,3 +12,13 @@ Selector labels
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
ClusterRole names
*/}}
{{- define "custom.certificatesName" -}}
"certificates-{{ .Release.Name }}"
{{- end -}}
{{- define "custom.eventsName" -}}
"events-{{ .Release.Name }}"
{{- end -}}

2
clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml
View File

@@ -9,7 +9,7 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "certificates-{{ .Release.Name }}"
name: {{ include "custom.certificatesName" . }}
subjects:
- kind: ServiceAccount
name: kubelet-serving-cert-approver

8
clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "certificates-{{ .Release.Name }}"
name: {{ include "custom.certificatesName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "certificates-{{ .Release.Name }}"
app.kubernetes.io/name: {{ include "custom.certificatesName" . }}
{{- include "custom.labels" . | nindent 4 }}
rules:
- apiGroups:
@@ -40,10 +40,10 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: "events-{{ .Release.Name }}"
name: {{ include "custom.eventsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "events-{{ .Release.Name }}"
app.kubernetes.io/name: {{ include "custom.eventsName" . }}
{{- include "custom.labels" . | nindent 4 }}
rules:
- apiGroups:

10
clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: Namespace
metadata:
name: kubelet-serving-cert-approver
name: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: kubelet-serving-cert-approver
app.kubernetes.io/name: {{ .Release.Namespace }}
{{- include "custom.labels" . | nindent 4 }}
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

6
clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml
View File

@@ -1,15 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "events-{{ .Release.Name }}"
name: {{ include "custom.eventsName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: "events-{{ .Release.Name }}"
app.kubernetes.io/name: {{ include "custom.eventsName" . }}
{{- include "custom.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "events-{{ .Release.Name }}"
name: {{ include "custom.eventsName" . }}
subjects:
- kind: ServiceAccount
name: kubelet-serving-cert-approver