feat: add kubelet-cerT

2026-04-22 15:55:48 -05:00
parent f99d2e89a1
commit ea88f7bedc
5 changed files with 23 additions and 13 deletions
--- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl
+++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl
@@ -12,3 +12,13 @@ Selector labels
 app.kubernetes.io/instance: {{ .Release.Name }}
 app.kubernetes.io/part-of: {{ .Release.Name }}
 {{- end }}
 {{/*
 ClusterRole names
 */}}
 {{- define "custom.certificatesName" -}}
 "certificates-{{ .Release.Name }}"
 {{- end -}}
 {{- define "custom.eventsName" -}}
 "events-{{ .Release.Name }}"
 {{- end -}}
--- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml
+++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml
@@ -9,7 +9,7 @@ metadata:
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: "certificates-{{ .Release.Name }}"
+  name: {{ include "custom.certificatesName" . }}
 subjects:
  - kind: ServiceAccount
    name: kubelet-serving-cert-approver
--- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml
+++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml
@@ -1,10 +1,10 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: "certificates-{{ .Release.Name }}"
+  name: {{ include "custom.certificatesName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: "certificates-{{ .Release.Name }}"
+    app.kubernetes.io/name: {{ include "custom.certificatesName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 rules:
  - apiGroups:
@@ -40,10 +40,10 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: "events-{{ .Release.Name }}"
+  name: {{ include "custom.eventsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: "events-{{ .Release.Name }}"
+    app.kubernetes.io/name: {{ include "custom.eventsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 rules:
  - apiGroups:
--- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml
+++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: Namespace
 metadata:
-  name: kubelet-serving-cert-approver
+  name: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: kubelet-serving-cert-approver
+    app.kubernetes.io/name: {{ .Release.Namespace }}
    {{- include "custom.labels" . | nindent 4 }}
-    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/audit: privileged
-    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/enforce: privileged
-    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/warn: privileged
--- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml
+++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml
@@ -1,15 +1,15 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: "events-{{ .Release.Name }}"
+  name: {{ include "custom.eventsName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
-    app.kubernetes.io/name: "events-{{ .Release.Name }}"
+    app.kubernetes.io/name: {{ include "custom.eventsName" . }}
    {{- include "custom.labels" . | nindent 4 }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: "events-{{ .Release.Name }}"
+  name: {{ include "custom.eventsName" . }}
 subjects:
  - kind: ServiceAccount
    name: kubelet-serving-cert-approver