Skip to content

Commit f333b0b

Browse files
AranshGacko
Aransh
and
Gacko
authored
Chart: Add controller.admissionWebhooks.certManager.*.revisionHistoryLimit. (#12906)
Signed-off-by: Aran Shavit <[email protected]> Co-authored-by: Marco Ebert <[email protected]>
1 parent b37ac7e commit f333b0b

File tree

4 files changed

+48
-0
lines changed

4 files changed

+48
-0
lines changed

charts/ingress-nginx/README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -255,8 +255,10 @@ metadata:
255255
| controller.addHeaders | object | `{}` | Will add custom headers before sending response traffic to the client according to: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#add-headers |
256256
| controller.admissionWebhooks.annotations | object | `{}` | |
257257
| controller.admissionWebhooks.certManager.admissionCert.duration | string | `""` | |
258+
| controller.admissionWebhooks.certManager.admissionCert.revisionHistoryLimit | int | `0` | Revision history limit of the webhook certificate. Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec |
258259
| controller.admissionWebhooks.certManager.enabled | bool | `false` | |
259260
| controller.admissionWebhooks.certManager.rootCert.duration | string | `""` | |
261+
| controller.admissionWebhooks.certManager.rootCert.revisionHistoryLimit | int | `0` | Revision history limit of the root certificate. Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec |
260262
| controller.admissionWebhooks.certificate | string | `"/usr/local/certificates/cert"` | |
261263
| controller.admissionWebhooks.createSecretJob.name | string | `"create"` | |
262264
| controller.admissionWebhooks.createSecretJob.resources | object | `{}` | |

charts/ingress-nginx/templates/admission-webhooks/cert-manager.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,9 @@ metadata:
1919
spec:
2020
secretName: {{ include "ingress-nginx.fullname" . }}-root-cert
2121
duration: {{ .Values.controller.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }}
22+
{{- if gt (.Values.controller.admissionWebhooks.certManager.rootCert.revisionHistoryLimit | int) 0 }}
23+
revisionHistoryLimit: {{ .Values.controller.admissionWebhooks.certManager.rootCert.revisionHistoryLimit }}
24+
{{- end }}
2225
issuerRef:
2326
name: {{ include "ingress-nginx.fullname" . }}-self-signed-issuer
2427
commonName: "ca.webhook.ingress-nginx"
@@ -47,6 +50,9 @@ metadata:
4750
spec:
4851
secretName: {{ include "ingress-nginx.admissionWebhooks.fullname" . }}
4952
duration: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }}
53+
{{- if gt (.Values.controller.admissionWebhooks.certManager.admissionCert.revisionHistoryLimit | int) 0 }}
54+
revisionHistoryLimit: {{ .Values.controller.admissionWebhooks.certManager.admissionCert.revisionHistoryLimit }}
55+
{{- end }}
5056
issuerRef:
5157
{{- if .Values.controller.admissionWebhooks.certManager.issuerRef }}
5258
{{- toYaml .Values.controller.admissionWebhooks.certManager.issuerRef | nindent 4 }}

charts/ingress-nginx/tests/admission-webhooks/cert-manager_test.yaml

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
suite: Admission Webhooks > CertManager
2+
templates:
3+
- admission-webhooks/cert-manager.yaml
4+
5+
tests:
6+
- it: should not create a Certificate if `controller.admissionWebhooks.certManager.enabled` is false
7+
set:
8+
controller.admissionWebhooks.certManager.enabled: false
9+
asserts:
10+
- hasDocuments:
11+
count: 0
12+
13+
- it: should create a Certificate if `controller.admissionWebhooks.certManager.enabled` is true
14+
set:
15+
controller.admissionWebhooks.certManager.enabled: true
16+
controller.admissionWebhooks.certManager.issuerRef: ingress-nginx-issuer
17+
asserts:
18+
- hasDocuments:
19+
count: 1
20+
- isKind:
21+
of: Certificate
22+
- equal:
23+
path: metadata.name
24+
value: RELEASE-NAME-ingress-nginx-admission
25+
26+
- it: should create a Certificate with `revisionHistoryLimit` if `controller.admissionWebhooks.certManager.admissionCert.revisionHistoryLimit` is set
27+
set:
28+
controller.admissionWebhooks.certManager.enabled: true
29+
controller.admissionWebhooks.certManager.issuerRef: ingress-nginx-issuer
30+
controller.admissionWebhooks.certManager.admissionCert.revisionHistoryLimit: 3
31+
asserts:
32+
- equal:
33+
path: spec.revisionHistoryLimit
34+
value: 3

charts/ingress-nginx/values.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -853,9 +853,15 @@ controller:
853853
rootCert:
854854
# default to be 5y
855855
duration: ""
856+
# -- Revision history limit of the root certificate.
857+
# Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
858+
revisionHistoryLimit: 0
856859
admissionCert:
857860
# default to be 1y
858861
duration: ""
862+
# -- Revision history limit of the webhook certificate.
863+
# Ref.: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
864+
revisionHistoryLimit: 0
859865
# issuerRef:
860866
# name: "issuer"
861867
# kind: "ClusterIssuer"

0 commit comments

Comments
 (0)