Skip to content
This repository was archived by the owner on Sep 26, 2022. It is now read-only.

feat: ✨ added helm ci/cd workflow #5

Merged
merged 7 commits into from
Nov 20, 2021
Merged

feat: ✨ added helm ci/cd workflow #5

merged 7 commits into from
Nov 20, 2021

Conversation

@dannylongeuay
Copy link
Owner

@dannylongeuay dannylongeuay commented Nov 20, 2021

Notes:

  • added helm ci/cd workflow

@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions

This comment has been minimized.

Sign in to view
@github-actions
Copy link

github-actions bot commented Nov 20, 2021 

********************

	Release was not present in Helm.  Diff will show entire contents as new.

********************
core, core-cert-manager, Deployment (apps) has been added:
- 
+ # Source: core/charts/cert-manager/templates/deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   name: core-cert-manager
+   namespace: "core"
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ spec:
+   replicas: 1
+   selector:
+     matchLabels:
+       app.kubernetes.io/name: cert-manager
+       app.kubernetes.io/instance: core
+       app.kubernetes.io/component: "controller"
+   template:
+     metadata:
+       labels:
+         app: cert-manager
+         app.kubernetes.io/name: cert-manager
+         app.kubernetes.io/instance: core
+         app.kubernetes.io/component: "controller"
+         app.kubernetes.io/version: "v1.6.1"
+         app.kubernetes.io/managed-by: Helm
+         helm.sh/chart: cert-manager-v1.6.1
+       annotations:
+         prometheus.io/path: "/metrics"
+         prometheus.io/scrape: 'true'
+         prometheus.io/port: '9402'
+     spec:
+       serviceAccountName: core-cert-manager
+       securityContext:
+         runAsNonRoot: true
+       containers:
+         - name: cert-manager
+           image: "quay.io/jetstack/cert-manager-controller:v1.6.1"
+           imagePullPolicy: IfNotPresent
+           args:
+           - --v=2
+           - --cluster-resource-namespace=$(POD_NAMESPACE)
+           - --leader-election-namespace=kube-system
+           ports:
+           - containerPort: 9402
+             protocol: TCP
+           env:
+           - name: POD_NAMESPACE
+             valueFrom:
+               fieldRef:
+                 fieldPath: metadata.namespace
+           resources:
+             {}
core, core-cert-manager, Service (v1) has been added:
- 
+ # Source: core/charts/cert-manager/templates/service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+   name: core-cert-manager
+   namespace: "core"
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ spec:
+   type: ClusterIP
+   ports:
+     - protocol: TCP
+       port: 9402
+       name: tcp-prometheus-servicemonitor
+       targetPort: 9402
+   selector:
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
core, core-cert-manager, ServiceAccount (v1) has been added:
- 
+ # Source: core/charts/cert-manager/templates/serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ automountServiceAccountToken: true
+ metadata:
+   name: core-cert-manager
+   namespace: "core"
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
core, core-cert-manager-cainjector, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/cainjector-rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-cainjector
+   labels:
+     app: cainjector
+     app.kubernetes.io/name: cainjector
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cainjector"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   - apiGroups: ["cert-manager.io"]
+     resources: ["certificates"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: [""]
+     resources: ["secrets"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: [""]
+     resources: ["events"]
+     verbs: ["get", "create", "update", "patch"]
+   - apiGroups: ["admissionregistration.k8s.io"]
+     resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
+     verbs: ["get", "list", "watch", "update"]
+   - apiGroups: ["apiregistration.k8s.io"]
+     resources: ["apiservices"]
+     verbs: ["get", "list", "watch", "update"]
+   - apiGroups: ["apiextensions.k8s.io"]
+     resources: ["customresourcedefinitions"]
+     verbs: ["get", "list", "watch", "update"]
+   - apiGroups: ["auditregistration.k8s.io"]
+     resources: ["auditsinks"]
+     verbs: ["get", "list", "watch", "update"]
core, core-cert-manager-cainjector, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/cainjector-rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-cainjector
+   labels:
+     app: cainjector
+     app.kubernetes.io/name: cainjector
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cainjector"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-cainjector
+ subjects:
+   - name: core-cert-manager-cainjector
+     namespace: "core"
+     kind: ServiceAccount
core, core-cert-manager-cainjector, Deployment (apps) has been added:
- 
+ # Source: core/charts/cert-manager/templates/cainjector-deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   name: core-cert-manager-cainjector
+   namespace: "core"
+   labels:
+     app: cainjector
+     app.kubernetes.io/name: cainjector
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cainjector"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ spec:
+   replicas: 1
+   selector:
+     matchLabels:
+       app.kubernetes.io/name: cainjector
+       app.kubernetes.io/instance: core
+       app.kubernetes.io/component: "cainjector"
+   template:
+     metadata:
+       labels:
+         app: cainjector
+         app.kubernetes.io/name: cainjector
+         app.kubernetes.io/instance: core
+         app.kubernetes.io/component: "cainjector"
+         app.kubernetes.io/version: "v1.6.1"
+         app.kubernetes.io/managed-by: Helm
+         helm.sh/chart: cert-manager-v1.6.1
+     spec:
+       serviceAccountName: core-cert-manager-cainjector
+       securityContext:
+         runAsNonRoot: true
+       containers:
+         - name: cert-manager
+           image: "quay.io/jetstack/cert-manager-cainjector:v1.6.1"
+           imagePullPolicy: IfNotPresent
+           args:
+           - --v=2
+           - --leader-election-namespace=kube-system
+           env:
+           - name: POD_NAMESPACE
+             valueFrom:
+               fieldRef:
+                 fieldPath: metadata.namespace
+           resources:
+             {}
core, core-cert-manager-cainjector, ServiceAccount (v1) has been added:
- 
+ # Source: core/charts/cert-manager/templates/cainjector-serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ automountServiceAccountToken: true
+ metadata:
+   name: core-cert-manager-cainjector
+   namespace: "core"
+   labels:
+     app: cainjector
+     app.kubernetes.io/name: cainjector
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cainjector"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
core, core-cert-manager-controller-approve:cert-manager-io, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ # Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-controller-approve:cert-manager-io
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cert-manager"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   - apiGroups: ["cert-manager.io"]
+     resources: ["signers"]
+     verbs: ["approve"]
+     resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
core, core-cert-manager-controller-approve:cert-manager-io, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-controller-approve:cert-manager-io
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cert-manager"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-controller-approve:cert-manager-io
+ subjects:
+   - name: core-cert-manager
+     namespace: "core"
+     kind: ServiceAccount
core, core-cert-manager-controller-certificates, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ # Certificates controller role
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-controller-certificates
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   - apiGroups: ["cert-manager.io"]
+     resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
+     verbs: ["update"]
+   - apiGroups: ["cert-manager.io"]
+     resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"]
+     verbs: ["get", "list", "watch"]
+   # We require these rules to support users with the OwnerReferencesPermissionEnforcement
+   # admission controller enabled:
+   # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+   - apiGroups: ["cert-manager.io"]
+     resources: ["certificates/finalizers", "certificaterequests/finalizers"]
+     verbs: ["update"]
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["orders"]
+     verbs: ["create", "delete", "get", "list", "watch"]
+   - apiGroups: [""]
+     resources: ["secrets"]
+     verbs: ["get", "list", "watch", "create", "update", "delete"]
+   - apiGroups: [""]
+     resources: ["events"]
+     verbs: ["create", "patch"]
core, core-cert-manager-controller-certificates, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-controller-certificates
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-controller-certificates
+ subjects:
+   - name: core-cert-manager
+     namespace: "core"
+     kind: ServiceAccount
core, core-cert-manager-controller-certificatesigningrequests, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ # Permission to:
+ # - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers
+ # - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-controller-certificatesigningrequests
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cert-manager"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   - apiGroups: ["certificates.k8s.io"]
+     resources: ["certificatesigningrequests"]
+     verbs: ["get", "list", "watch", "update"]
+   - apiGroups: ["certificates.k8s.io"]
+     resources: ["certificatesigningrequests/status"]
+     verbs: ["update"]
+   - apiGroups: ["certificates.k8s.io"]
+     resources: ["signers"]
+     resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
+     verbs: ["sign"]
+   - apiGroups: ["authorization.k8s.io"]
+     resources: ["subjectaccessreviews"]
+     verbs: ["create"]
core, core-cert-manager-controller-certificatesigningrequests, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-controller-certificatesigningrequests
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cert-manager"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-controller-certificatesigningrequests
+ subjects:
+   - name: core-cert-manager
+     namespace: "core"
+     kind: ServiceAccount
core, core-cert-manager-controller-challenges, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ # Challenges controller role
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-controller-challenges
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   # Use to update challenge resource status
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["challenges", "challenges/status"]
+     verbs: ["update"]
+   # Used to watch challenge resources
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["challenges"]
+     verbs: ["get", "list", "watch"]
+   # Used to watch challenges, issuer and clusterissuer resources
+   - apiGroups: ["cert-manager.io"]
+     resources: ["issuers", "clusterissuers"]
+     verbs: ["get", "list", "watch"]
+   # Need to be able to retrieve ACME account private key to complete challenges
+   - apiGroups: [""]
+     resources: ["secrets"]
+     verbs: ["get", "list", "watch"]
+   # Used to create events
+   - apiGroups: [""]
+     resources: ["events"]
+     verbs: ["create", "patch"]
+   # HTTP01 rules
+   - apiGroups: [""]
+     resources: ["pods", "services"]
+     verbs: ["get", "list", "watch", "create", "delete"]
+   - apiGroups: ["networking.k8s.io"]
+     resources: ["ingresses"]
+     verbs: ["get", "list", "watch", "create", "delete", "update"]
+   - apiGroups: [ "networking.x-k8s.io" ]
+     resources: [ "httproutes" ]
+     verbs: ["get", "list", "watch", "create", "delete", "update"]
+   # We require the ability to specify a custom hostname when we are creating
+   # new ingress resources.
+   # See: https://github.com/openshift/origin/blob/21f191775636f9acadb44fa42beeb4f75b255532/pkg/route/apiserver/admission/ingress_admission.go#L84-L148
+   - apiGroups: ["route.openshift.io"]
+     resources: ["routes/custom-host"]
+     verbs: ["create"]
+   # We require these rules to support users with the OwnerReferencesPermissionEnforcement
+   # admission controller enabled:
+   # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["challenges/finalizers"]
+     verbs: ["update"]
+   # DNS01 rules (duplicated above)
+   - apiGroups: [""]
+     resources: ["secrets"]
+     verbs: ["get", "list", "watch"]
core, core-cert-manager-controller-challenges, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-controller-challenges
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-controller-challenges
+ subjects:
+   - name: core-cert-manager
+     namespace: "core"
+     kind: ServiceAccount
core, core-cert-manager-controller-clusterissuers, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ # ClusterIssuer controller role
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-controller-clusterissuers
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   - apiGroups: ["cert-manager.io"]
+     resources: ["clusterissuers", "clusterissuers/status"]
+     verbs: ["update"]
+   - apiGroups: ["cert-manager.io"]
+     resources: ["clusterissuers"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: [""]
+     resources: ["secrets"]
+     verbs: ["get", "list", "watch", "create", "update", "delete"]
+   - apiGroups: [""]
+     resources: ["events"]
+     verbs: ["create", "patch"]
core, core-cert-manager-controller-clusterissuers, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-controller-clusterissuers
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-controller-clusterissuers
+ subjects:
+   - name: core-cert-manager
+     namespace: "core"
+     kind: ServiceAccount
core, core-cert-manager-controller-ingress-shim, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ # ingress-shim controller role
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-controller-ingress-shim
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   - apiGroups: ["cert-manager.io"]
+     resources: ["certificates", "certificaterequests"]
+     verbs: ["create", "update", "delete"]
+   - apiGroups: ["cert-manager.io"]
+     resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: ["networking.k8s.io"]
+     resources: ["ingresses"]
+     verbs: ["get", "list", "watch"]
+   # We require these rules to support users with the OwnerReferencesPermissionEnforcement
+   # admission controller enabled:
+   # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+   - apiGroups: ["networking.k8s.io"]
+     resources: ["ingresses/finalizers"]
+     verbs: ["update"]
+   - apiGroups: ["networking.x-k8s.io"]
+     resources: ["gateways", "httproutes"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: ["networking.x-k8s.io"]
+     resources: ["gateways/finalizers", "httproutes/finalizers"]
+     verbs: ["update"]
+   - apiGroups: [""]
+     resources: ["events"]
+     verbs: ["create", "patch"]
core, core-cert-manager-controller-ingress-shim, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-controller-ingress-shim
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-controller-ingress-shim
+ subjects:
+   - name: core-cert-manager
+     namespace: "core"
+     kind: ServiceAccount
core, core-cert-manager-controller-issuers, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ # Issuer controller role
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-controller-issuers
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   - apiGroups: ["cert-manager.io"]
+     resources: ["issuers", "issuers/status"]
+     verbs: ["update"]
+   - apiGroups: ["cert-manager.io"]
+     resources: ["issuers"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: [""]
+     resources: ["secrets"]
+     verbs: ["get", "list", "watch", "create", "update", "delete"]
+   - apiGroups: [""]
+     resources: ["events"]
+     verbs: ["create", "patch"]
core, core-cert-manager-controller-issuers, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-controller-issuers
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-controller-issuers
+ subjects:
+   - name: core-cert-manager
+     namespace: "core"
+     kind: ServiceAccount
core, core-cert-manager-controller-orders, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ # Orders controller role
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-controller-orders
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["orders", "orders/status"]
+     verbs: ["update"]
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["orders", "challenges"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: ["cert-manager.io"]
+     resources: ["clusterissuers", "issuers"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["challenges"]
+     verbs: ["create", "delete"]
+   # We require these rules to support users with the OwnerReferencesPermissionEnforcement
+   # admission controller enabled:
+   # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["orders/finalizers"]
+     verbs: ["update"]
+   - apiGroups: [""]
+     resources: ["secrets"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: [""]
+     resources: ["events"]
+     verbs: ["create", "patch"]
core, core-cert-manager-controller-orders, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-controller-orders
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-controller-orders
+ subjects:
+   - name: core-cert-manager
+     namespace: "core"
+     kind: ServiceAccount
core, core-cert-manager-edit, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-edit
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+     rbac.authorization.k8s.io/aggregate-to-edit: "true"
+     rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rules:
+   - apiGroups: ["cert-manager.io"]
+     resources: ["certificates", "certificaterequests", "issuers"]
+     verbs: ["create", "delete", "deletecollection", "patch", "update"]
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["challenges", "orders"]
+     verbs: ["create", "delete", "deletecollection", "patch", "update"]
core, core-cert-manager-startupapicheck, Job (batch) has been added:
- 
+ # Source: core/charts/cert-manager/templates/startupapicheck-job.yaml
+ apiVersion: batch/v1
+ kind: Job
+ metadata:
+   name: core-cert-manager-startupapicheck
+   namespace: "core"
+   labels:
+     app: startupapicheck
+     app.kubernetes.io/name: startupapicheck
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "startupapicheck"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+   annotations:
+     helm.sh/hook: post-install
+     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+     helm.sh/hook-weight: "1"
+ spec:
+   backoffLimit: 4
+   template:
+     metadata:
+       labels:
+         app: startupapicheck
+         app.kubernetes.io/name: startupapicheck
+         app.kubernetes.io/instance: core
+         app.kubernetes.io/component: "startupapicheck"
+         app.kubernetes.io/version: "v1.6.1"
+         app.kubernetes.io/managed-by: Helm
+         helm.sh/chart: cert-manager-v1.6.1
+     spec:
+       restartPolicy: OnFailure
+       serviceAccountName: core-cert-manager-startupapicheck
+       securityContext:
+         runAsNonRoot: true
+       containers:
+         - name: cert-manager
+           image: "quay.io/jetstack/cert-manager-ctl:v1.6.1"
+           imagePullPolicy: IfNotPresent
+           args:
+           - check
+           - api
+           - --wait=1m
+           resources:
+             {}
core, core-cert-manager-startupapicheck, ServiceAccount (v1) has been added:
- 
+ # Source: core/charts/cert-manager/templates/startupapicheck-serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ automountServiceAccountToken: true
+ metadata:
+   name: core-cert-manager-startupapicheck
+   namespace: "core"
+   annotations:
+     helm.sh/hook: post-install
+     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+     helm.sh/hook-weight: "-5"
+   labels:
+     app: startupapicheck
+     app.kubernetes.io/name: startupapicheck
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "startupapicheck"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
core, core-cert-manager-startupapicheck:create-cert, Role (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/startupapicheck-rbac.yaml
+ # create certificate role
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: core-cert-manager-startupapicheck:create-cert
+   namespace: "core"
+   labels:
+     app: startupapicheck
+     app.kubernetes.io/name: startupapicheck
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "startupapicheck"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+   annotations:
+     helm.sh/hook: post-install
+     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+     helm.sh/hook-weight: "-5"
+ rules:
+   - apiGroups: ["cert-manager.io"]
+     resources: ["certificates"]
+     verbs: ["create"]
core, core-cert-manager-startupapicheck:create-cert, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/startupapicheck-rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: core-cert-manager-startupapicheck:create-cert
+   namespace: "core"
+   labels:
+     app: startupapicheck
+     app.kubernetes.io/name: startupapicheck
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "startupapicheck"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+   annotations:
+     helm.sh/hook: post-install
+     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
+     helm.sh/hook-weight: "-5"
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+   name: core-cert-manager-startupapicheck:create-cert
+ subjects:
+   - kind: ServiceAccount
+     name: core-cert-manager-startupapicheck
+     namespace: core
core, core-cert-manager-view, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-view
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+     rbac.authorization.k8s.io/aggregate-to-view: "true"
+     rbac.authorization.k8s.io/aggregate-to-edit: "true"
+     rbac.authorization.k8s.io/aggregate-to-admin: "true"
+ rules:
+   - apiGroups: ["cert-manager.io"]
+     resources: ["certificates", "certificaterequests", "issuers"]
+     verbs: ["get", "list", "watch"]
+   - apiGroups: ["acme.cert-manager.io"]
+     resources: ["challenges", "orders"]
+     verbs: ["get", "list", "watch"]
core, core-cert-manager-webhook, Deployment (apps) has been added:
- 
+ # Source: core/charts/cert-manager/templates/webhook-deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   name: core-cert-manager-webhook
+   namespace: "core"
+   labels:
+     app: webhook
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ spec:
+   replicas: 1
+   selector:
+     matchLabels:
+       app.kubernetes.io/name: webhook
+       app.kubernetes.io/instance: core
+       app.kubernetes.io/component: "webhook"
+   template:
+     metadata:
+       labels:
+         app: webhook
+         app.kubernetes.io/name: webhook
+         app.kubernetes.io/instance: core
+         app.kubernetes.io/component: "webhook"
+         app.kubernetes.io/version: "v1.6.1"
+         app.kubernetes.io/managed-by: Helm
+         helm.sh/chart: cert-manager-v1.6.1
+     spec:
+       serviceAccountName: core-cert-manager-webhook
+       securityContext:
+         runAsNonRoot: true
+       containers:
+         - name: cert-manager
+           image: "quay.io/jetstack/cert-manager-webhook:v1.6.1"
+           imagePullPolicy: IfNotPresent
+           args:
+           - --v=2
+           - --secure-port=10250
+           - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
+           - --dynamic-serving-ca-secret-name=core-cert-manager-webhook-ca
+           - --dynamic-serving-dns-names=core-cert-manager-webhook,core-cert-manager-webhook.core,core-cert-manager-webhook.core.svc
+           ports:
+           - name: https
+             protocol: TCP
+             containerPort: 10250
+           livenessProbe:
+             httpGet:
+               path: /livez
+               port: 6080
+               scheme: HTTP
+             initialDelaySeconds: 60
+             periodSeconds: 10
+             timeoutSeconds: 1
+             successThreshold: 1
+             failureThreshold: 3
+           readinessProbe:
+             httpGet:
+               path: /healthz
+               port: 6080
+               scheme: HTTP
+             initialDelaySeconds: 5
+             periodSeconds: 5
+             timeoutSeconds: 1
+             successThreshold: 1
+             failureThreshold: 3
+           env:
+           - name: POD_NAMESPACE
+             valueFrom:
+               fieldRef:
+                 fieldPath: metadata.namespace
+           resources:
+             {}
core, core-cert-manager-webhook, MutatingWebhookConfiguration (admissionregistration.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/webhook-mutating-webhook.yaml
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: MutatingWebhookConfiguration
+ metadata:
+   name: core-cert-manager-webhook
+   labels:
+     app: webhook
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+   annotations:
+     cert-manager.io/inject-ca-from-secret: "core/core-cert-manager-webhook-ca"
+ webhooks:
+   - name: webhook.cert-manager.io
+     rules:
+       - apiGroups:
+           - "cert-manager.io"
+           - "acme.cert-manager.io"
+         apiVersions:
+           - "v1"
+         operations:
+           - CREATE
+           - UPDATE
+         resources:
+           - "*/*"
+     # We don't actually support `v1beta1` but is listed here as it is a
+     # required value for
+     # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025).
+     # The API server reads the supported versions in order, so _should always_
+     # attempt a `v1` request which is understood by the cert-manager webhook.
+     # Any `v1beta1` request will return an error and fail closed for that
+     # resource (the whole object request is rejected). When we no longer
+     # support v1.16 we can remove `v1beta1` from this list.
+     admissionReviewVersions: ["v1", "v1beta1"]
+     # This webhook only accepts v1 cert-manager resources.
+     # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
+     # this webhook (after the resources have been converted to v1).
+     matchPolicy: Equivalent
+     timeoutSeconds: 10
+     failurePolicy: Fail
+     # Only include 'sideEffects' field in Kubernetes 1.12+
+     sideEffects: None
+     clientConfig:
+       service:
+         name: core-cert-manager-webhook
+         namespace: "core"
+         path: /mutate
core, core-cert-manager-webhook, Service (v1) has been added:
- 
+ # Source: core/charts/cert-manager/templates/webhook-service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+   name: core-cert-manager-webhook
+   namespace: "core"
+   labels:
+     app: webhook
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ spec:
+   type: ClusterIP
+   ports:
+   - name: https
+     port: 443
+     protocol: TCP
+     targetPort: 10250
+   selector:
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
core, core-cert-manager-webhook, ServiceAccount (v1) has been added:
- 
+ # Source: core/charts/cert-manager/templates/webhook-serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ automountServiceAccountToken: true
+ metadata:
+   name: core-cert-manager-webhook
+   namespace: "core"
+   labels:
+     app: webhook
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
core, core-cert-manager-webhook, ValidatingWebhookConfiguration (admissionregistration.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/webhook-validating-webhook.yaml
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: ValidatingWebhookConfiguration
+ metadata:
+   name: core-cert-manager-webhook
+   labels:
+     app: webhook
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+   annotations:
+     cert-manager.io/inject-ca-from-secret: "core/core-cert-manager-webhook-ca"
+ webhooks:
+   - name: webhook.cert-manager.io
+     namespaceSelector:
+       matchExpressions:
+       - key: "cert-manager.io/disable-validation"
+         operator: "NotIn"
+         values:
+         - "true"
+       - key: "name"
+         operator: "NotIn"
+         values:
+         - core
+     rules:
+       - apiGroups:
+           - "cert-manager.io"
+           - "acme.cert-manager.io"
+         apiVersions:
+           - "v1"
+         operations:
+           - CREATE
+           - UPDATE
+         resources:
+           - "*/*"
+     # We don't actually support `v1beta1` but is listed here as it is a
+     # required value for
+     # [Kubernetes v1.16](https://github.com/kubernetes/kubernetes/issues/82025).
+     # The API server reads the supported versions in order, so _should always_
+     # attempt a `v1` request which is understood by the cert-manager webhook.
+     # Any `v1beta1` request will return an error and fail closed for that
+     # resource (the whole object request is rejected). When we no longer
+     # support v1.16 we can remove `v1beta1` from this list.
+     admissionReviewVersions: ["v1", "v1beta1"]
+     # This webhook only accepts v1 cert-manager resources.
+     # Equivalent matchPolicy ensures that non-v1 resource requests are sent to
+     # this webhook (after the resources have been converted to v1).
+     matchPolicy: Equivalent
+     timeoutSeconds: 10
+     failurePolicy: Fail
+     sideEffects: None
+     clientConfig:
+       service:
+         name: core-cert-manager-webhook
+         namespace: "core"
+         path: /validate
core, core-cert-manager-webhook:dynamic-serving, Role (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/webhook-rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: core-cert-manager-webhook:dynamic-serving
+   namespace: "core"
+   labels:
+     app: webhook
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+ - apiGroups: [""]
+   resources: ["secrets"]
+   resourceNames:
+   - 'core-cert-manager-webhook-ca'
+   verbs: ["get", "list", "watch", "update"]
+ # It's not possible to grant CREATE permission on a single resourceName.
+ - apiGroups: [""]
+   resources: ["secrets"]
+   verbs: ["create"]
core, core-cert-manager-webhook:dynamic-serving, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/webhook-rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: core-cert-manager-webhook:dynamic-serving
+   namespace: "core"
+   labels:
+     app: webhook
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+   name: core-cert-manager-webhook:dynamic-serving
+ subjects:
+ - apiGroup: ""
+   kind: ServiceAccount
+   name: core-cert-manager-webhook
+   namespace: core
core, core-cert-manager-webhook:subjectaccessreviews, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/webhook-rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-cert-manager-webhook:subjectaccessreviews
+   labels:
+     app: webhook
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+ - apiGroups: ["authorization.k8s.io"]
+   resources: ["subjectaccessreviews"]
+   verbs: ["create"]
core, core-cert-manager-webhook:subjectaccessreviews, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/webhook-rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-cert-manager-webhook:subjectaccessreviews
+   labels:
+     app: webhook
+     app.kubernetes.io/name: webhook
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "webhook"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-cert-manager-webhook:subjectaccessreviews
+ subjects:
+ - apiGroup: ""
+   kind: ServiceAccount
+   name: core-cert-manager-webhook
+   namespace: core
core, core-external-dns, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/external-dns/templates/clusterrole.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-external-dns
+   labels:
+     helm.sh/chart: external-dns-1.6.0
+     app.kubernetes.io/name: external-dns
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "0.10.1"
+     app.kubernetes.io/managed-by: Helm
+ rules:
+   - apiGroups: [""]
+     resources: ["nodes"]
+     verbs: ["list","watch"]
+   - apiGroups: [""]
+     resources: ["pods"]
+     verbs: ["get","watch","list"]
+   - apiGroups: [""]
+     resources: ["services","endpoints"]
+     verbs: ["get","watch","list"]
+   - apiGroups: ["extensions","networking.k8s.io"]
+     resources: ["ingresses"]
+     verbs: ["get","watch","list"]
core, core-external-dns, Deployment (apps) has been added:
- 
+ # Source: core/charts/external-dns/templates/deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   name: core-external-dns
+   labels:
+     helm.sh/chart: external-dns-1.6.0
+     app.kubernetes.io/name: external-dns
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "0.10.1"
+     app.kubernetes.io/managed-by: Helm
+ spec:
+   replicas: 1
+   selector:
+     matchLabels:
+       app.kubernetes.io/name: external-dns
+       app.kubernetes.io/instance: core
+   template:
+     metadata:
+       labels:
+         app.kubernetes.io/name: external-dns
+         app.kubernetes.io/instance: core
+     spec:
+       serviceAccountName: core-external-dns
+       securityContext:
+         fsGroup: 65534
+       containers:
+         - name: external-dns
+           securityContext:
+             capabilities:
+               drop:
+               - ALL
+             readOnlyRootFilesystem: true
+             runAsNonRoot: true
+             runAsUser: 65534
+           image: k8s.gcr.io/external-dns/external-dns:v0.10.1
+           imagePullPolicy: IfNotPresent
+           args:
+             - --log-level=info
+             - --log-format=text
+             - --interval=1m
+             - --source=service
+             - --source=ingress
+             - --policy=sync
+             - --registry=txt
+             - --provider=digitalocean
+           ports:
+             - name: http
+               protocol: TCP
+               containerPort: 7979
+           livenessProbe:
+             failureThreshold: 2
+             httpGet:
+               path: /healthz
+               port: http
+             initialDelaySeconds: 10
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 5
+           readinessProbe:
+             failureThreshold: 6
+             httpGet:
+               path: /healthz
+               port: http
+             initialDelaySeconds: 5
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 5
core, core-external-dns, Service (v1) has been added:
- 
+ # Source: core/charts/external-dns/templates/service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+   name: core-external-dns
+   labels:
+     helm.sh/chart: external-dns-1.6.0
+     app.kubernetes.io/name: external-dns
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "0.10.1"
+     app.kubernetes.io/managed-by: Helm
+ spec:
+   type: ClusterIP
+   selector:
+     app.kubernetes.io/name: external-dns
+     app.kubernetes.io/instance: core
+   ports:
+     - name: http
+       port: 7979
+       targetPort: http
+       protocol: TCP
core, core-external-dns, ServiceAccount (v1) has been added:
- 
+ # Source: core/charts/external-dns/templates/serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: core-external-dns
+   labels:
+     helm.sh/chart: external-dns-1.6.0
+     app.kubernetes.io/name: external-dns
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "0.10.1"
+     app.kubernetes.io/managed-by: Helm
core, core-external-dns-viewer, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/external-dns/templates/clusterrolebinding.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name: core-external-dns-viewer
+   labels:
+     helm.sh/chart: external-dns-1.6.0
+     app.kubernetes.io/name: external-dns
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "0.10.1"
+     app.kubernetes.io/managed-by: Helm
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-external-dns
+ subjects:
+   - kind: ServiceAccount
+     name: core-external-dns
+     namespace: core
core, core-ingress-nginx, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/clusterrole.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+   name: core-ingress-nginx
+ rules:
+   - apiGroups:
+       - ""
+     resources:
+       - configmaps
+       - endpoints
+       - nodes
+       - pods
+       - secrets
+     verbs:
+       - list
+       - watch
+   - apiGroups:
+       - ""
+     resources:
+       - nodes
+     verbs:
+       - get
+   - apiGroups:
+       - ""
+     resources:
+       - services
+     verbs:
+       - get
+       - list
+       - watch
+   - apiGroups:
+       - networking.k8s.io
+     resources:
+       - ingresses
+     verbs:
+       - get
+       - list
+       - watch
+   - apiGroups:
+       - ""
+     resources:
+       - events
+     verbs:
+       - create
+       - patch
+   - apiGroups:
+       - networking.k8s.io
+     resources:
+       - ingresses/status
+     verbs:
+       - update
+   - apiGroups:
+       - networking.k8s.io
+     resources:
+       - ingressclasses
+     verbs:
+       - get
+       - list
+       - watch
core, core-ingress-nginx, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/clusterrolebinding.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+   name: core-ingress-nginx
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-ingress-nginx
+ subjects:
+   - kind: ServiceAccount
+     name: core-ingress-nginx
+     namespace: "core"
core, core-ingress-nginx, Role (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/controller-role.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: controller
+   name: core-ingress-nginx
+   namespace: core
+ rules:
+   - apiGroups:
+       - ""
+     resources:
+       - namespaces
+     verbs:
+       - get
+   - apiGroups:
+       - ""
+     resources:
+       - configmaps
+       - pods
+       - secrets
+       - endpoints
+     verbs:
+       - get
+       - list
+       - watch
+   - apiGroups:
+       - ""
+     resources:
+       - services
+     verbs:
+       - get
+       - list
+       - watch
+   - apiGroups:
+       - networking.k8s.io
+     resources:
+       - ingresses
+     verbs:
+       - get
+       - list
+       - watch
+   - apiGroups:
+       - networking.k8s.io
+     resources:
+       - ingresses/status
+     verbs:
+       - update
+   - apiGroups:
+       - networking.k8s.io
+     resources:
+       - ingressclasses
+     verbs:
+       - get
+       - list
+       - watch
+   - apiGroups:
+       - ""
+     resources:
+       - configmaps
+     resourceNames:
+       - ingress-controller-leader
+     verbs:
+       - get
+       - update
+   - apiGroups:
+       - ""
+     resources:
+       - configmaps
+     verbs:
+       - create
+   - apiGroups:
+       - ""
+     resources:
+       - events
+     verbs:
+       - create
+       - patch
core, core-ingress-nginx, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/controller-rolebinding.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: controller
+   name: core-ingress-nginx
+   namespace: core
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+   name: core-ingress-nginx
+ subjects:
+   - kind: ServiceAccount
+     name: core-ingress-nginx
+     namespace: "core"
core, core-ingress-nginx, ServiceAccount (v1) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/controller-serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: controller
+   name: core-ingress-nginx
+   namespace: core
+ automountServiceAccountToken: true
core, core-ingress-nginx-admission, ClusterRole (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+   name: core-ingress-nginx-admission
+   annotations:
+     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: admission-webhook
+ rules:
+   - apiGroups:
+       - admissionregistration.k8s.io
+     resources:
+       - validatingwebhookconfigurations
+     verbs:
+       - get
+       - update
core, core-ingress-nginx-admission, ClusterRoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+   name:  core-ingress-nginx-admission
+   annotations:
+     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: admission-webhook
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: ClusterRole
+   name: core-ingress-nginx-admission
+ subjects:
+   - kind: ServiceAccount
+     name: core-ingress-nginx-admission
+     namespace: "core"
core, core-ingress-nginx-admission, Role (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/admission-webhooks/job-patch/role.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name:  core-ingress-nginx-admission
+   namespace: core
+   annotations:
+     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: admission-webhook
+ rules:
+   - apiGroups:
+       - ""
+     resources:
+       - secrets
+     verbs:
+       - get
+       - create
core, core-ingress-nginx-admission, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: core-ingress-nginx-admission
+   namespace: core
+   annotations:
+     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: admission-webhook
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+   name: core-ingress-nginx-admission
+ subjects:
+   - kind: ServiceAccount
+     name: core-ingress-nginx-admission
+     namespace: "core"
core, core-ingress-nginx-admission, ServiceAccount (v1) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: core-ingress-nginx-admission
+   namespace: core
+   annotations:
+     "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade
+     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: admission-webhook
core, core-ingress-nginx-admission, ValidatingWebhookConfiguration (admissionregistration.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/admission-webhooks/validating-webhook.yaml
+ # before changing this value, check the required kubernetes version
+ # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites
+ apiVersion: admissionregistration.k8s.io/v1
+ kind: ValidatingWebhookConfiguration
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: admission-webhook
+   name: core-ingress-nginx-admission
+ webhooks:
+   - name: validate.nginx.ingress.kubernetes.io
+     matchPolicy: Equivalent
+     rules:
+       - apiGroups:
+           - networking.k8s.io
+         apiVersions:
+           - v1
+         operations:
+           - CREATE
+           - UPDATE
+         resources:
+           - ingresses
+     failurePolicy: Fail
+     sideEffects: None
+     admissionReviewVersions:
+       - v1
+     clientConfig:
+       service:
+         namespace: "core"
+         name: core-ingress-nginx-controller-admission
+         path: /networking/v1/ingresses
core, core-ingress-nginx-admission-create, Job (batch) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml
+ apiVersion: batch/v1
+ kind: Job
+ metadata:
+   name: core-ingress-nginx-admission-create
+   namespace: core
+   annotations:
+     "helm.sh/hook": pre-install,pre-upgrade
+     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: admission-webhook
+ spec:
+   template:
+     metadata:
+       name: core-ingress-nginx-admission-create
+       labels:
+         helm.sh/chart: ingress-nginx-4.0.6
+         app.kubernetes.io/name: ingress-nginx
+         app.kubernetes.io/instance: core
+         app.kubernetes.io/version: "1.0.4"
+         app.kubernetes.io/managed-by: Helm
+         app.kubernetes.io/component: admission-webhook
+     spec:
+       containers:
+         - name: create
+           image: "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660"
+           imagePullPolicy: IfNotPresent
+           args:
+             - create
+             - --host=core-ingress-nginx-controller-admission,core-ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
+             - --namespace=$(POD_NAMESPACE)
+             - --secret-name=core-ingress-nginx-admission
+           env:
+             - name: POD_NAMESPACE
+               valueFrom:
+                 fieldRef:
+                   fieldPath: metadata.namespace
+       restartPolicy: OnFailure
+       serviceAccountName: core-ingress-nginx-admission
+       nodeSelector: 
+         kubernetes.io/os: linux
+       securityContext:
+         runAsNonRoot: true
+         runAsUser: 2000
core, core-ingress-nginx-admission-patch, Job (batch) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml
+ apiVersion: batch/v1
+ kind: Job
+ metadata:
+   name: core-ingress-nginx-admission-patch
+   namespace: core
+   annotations:
+     "helm.sh/hook": post-install,post-upgrade
+     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: admission-webhook
+ spec:
+   template:
+     metadata:
+       name: core-ingress-nginx-admission-patch
+       labels:
+         helm.sh/chart: ingress-nginx-4.0.6
+         app.kubernetes.io/name: ingress-nginx
+         app.kubernetes.io/instance: core
+         app.kubernetes.io/version: "1.0.4"
+         app.kubernetes.io/managed-by: Helm
+         app.kubernetes.io/component: admission-webhook
+     spec:
+       containers:
+         - name: patch
+           image: "k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660"
+           imagePullPolicy: IfNotPresent
+           args:
+             - patch
+             - --webhook-name=core-ingress-nginx-admission
+             - --namespace=$(POD_NAMESPACE)
+             - --patch-mutating=false
+             - --secret-name=core-ingress-nginx-admission
+             - --patch-failure-policy=Fail
+           env:
+             - name: POD_NAMESPACE
+               valueFrom:
+                 fieldRef:
+                   fieldPath: metadata.namespace
+       restartPolicy: OnFailure
+       serviceAccountName: core-ingress-nginx-admission
+       nodeSelector: 
+         kubernetes.io/os: linux
+       securityContext:
+         runAsNonRoot: true
+         runAsUser: 2000
core, core-ingress-nginx-controller, ConfigMap (v1) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/controller-configmap.yaml
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: controller
+   name: core-ingress-nginx-controller
+   namespace: core
+ data:
+   allow-snippet-annotations: "true"
core, core-ingress-nginx-controller, Deployment (apps) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/controller-deployment.yaml
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: controller
+   name: core-ingress-nginx-controller
+   namespace: core
+ spec:
+   selector:
+     matchLabels:
+       app.kubernetes.io/name: ingress-nginx
+       app.kubernetes.io/instance: core
+       app.kubernetes.io/component: controller
+   replicas: 1
+   revisionHistoryLimit: 10
+   minReadySeconds: 0
+   template:
+     metadata:
+       labels:
+         app.kubernetes.io/name: ingress-nginx
+         app.kubernetes.io/instance: core
+         app.kubernetes.io/component: controller
+     spec:
+       dnsPolicy: ClusterFirst
+       containers:
+         - name: controller
+           image: "k8s.gcr.io/ingress-nginx/controller:v1.0.4@sha256:545cff00370f28363dad31e3b59a94ba377854d3a11f18988f5f9e56841ef9ef"
+           imagePullPolicy: IfNotPresent
+           lifecycle: 
+             preStop:
+               exec:
+                 command:
+                 - /wait-shutdown
+           args:
+             - /nginx-ingress-controller
+             - --publish-service=$(POD_NAMESPACE)/core-ingress-nginx-controller
+             - --election-id=ingress-controller-leader
+             - --controller-class=k8s.io/ingress-nginx
+             - --configmap=$(POD_NAMESPACE)/core-ingress-nginx-controller
+             - --validating-webhook=:8443
+             - --validating-webhook-certificate=/usr/local/certificates/cert
+             - --validating-webhook-key=/usr/local/certificates/key
+           securityContext:
+             capabilities:
+                 drop:
+                 - ALL
+                 add:
+                 - NET_BIND_SERVICE
+             runAsUser: 101
+             allowPrivilegeEscalation: true
+           env:
+             - name: POD_NAME
+               valueFrom:
+                 fieldRef:
+                   fieldPath: metadata.name
+             - name: POD_NAMESPACE
+               valueFrom:
+                 fieldRef:
+                   fieldPath: metadata.namespace
+             - name: LD_PRELOAD
+               value: /usr/local/lib/libmimalloc.so
+           livenessProbe: 
+             failureThreshold: 5
+             httpGet:
+               path: /healthz
+               port: 10254
+               scheme: HTTP
+             initialDelaySeconds: 10
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+           readinessProbe: 
+             failureThreshold: 3
+             httpGet:
+               path: /healthz
+               port: 10254
+               scheme: HTTP
+             initialDelaySeconds: 10
+             periodSeconds: 10
+             successThreshold: 1
+             timeoutSeconds: 1
+           ports:
+             - name: http
+               containerPort: 80
+               protocol: TCP
+             - name: https
+               containerPort: 443
+               protocol: TCP
+             - name: webhook
+               containerPort: 8443
+               protocol: TCP
+           volumeMounts:
+             - name: webhook-cert
+               mountPath: /usr/local/certificates/
+               readOnly: true
+           resources: 
+             requests:
+               cpu: 100m
+               memory: 90Mi
+       nodeSelector: 
+         kubernetes.io/os: linux
+       serviceAccountName: core-ingress-nginx
+       terminationGracePeriodSeconds: 300
+       volumes:
+         - name: webhook-cert
+           secret:
+             secretName: core-ingress-nginx-admission
core, core-ingress-nginx-controller, Service (v1) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/controller-service.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+   annotations:
+     external-dns.alpha.kubernetes.io/hostname: "ndsquared.net"
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: controller
+   name: core-ingress-nginx-controller
+   namespace: core
+ spec:
+   type: LoadBalancer
+   ipFamilyPolicy: SingleStack
+   ipFamilies: 
+     - IPv4
+   ports:
+     - name: http
+       port: 80
+       protocol: TCP
+       targetPort: http
+       appProtocol: http
+     - name: https
+       port: 443
+       protocol: TCP
+       targetPort: https
+       appProtocol: https
+   selector:
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: controller
core, core-ingress-nginx-controller-admission, Service (v1) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/controller-service-webhook.yaml
+ apiVersion: v1
+ kind: Service
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: controller
+   name: core-ingress-nginx-controller-admission
+   namespace: core
+ spec:
+   type: ClusterIP
+   ports:
+     - name: https-webhook
+       port: 443
+       targetPort: webhook
+       appProtocol: https
+   selector:
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: controller
core, letsencrypt-prod, ClusterIssuer (cert-manager.io) has been added:
- 
+ # Source: core/templates/cert_issuer.yaml
+ apiVersion: cert-manager.io/v1
+ kind: ClusterIssuer
+ metadata:
+   name: letsencrypt-prod
+ spec:
+   acme:
+     email: [email protected]
+     server: https://acme-v02.api.letsencrypt.org/directory
+     privateKeySecretRef:
+       name: letsencrypt-prod-private-key
+     solvers:
+       - http01:
+           ingress:
+             class: nginx
core, nginx, IngressClass (networking.k8s.io) has been added:
- 
+ # Source: core/charts/ingress-nginx/templates/controller-ingressclass.yaml
+ # We don't support namespaced ingressClass yet
+ # So a ClusterRole and a ClusterRoleBinding is required
+ apiVersion: networking.k8s.io/v1
+ kind: IngressClass
+ metadata:
+   labels:
+     helm.sh/chart: ingress-nginx-4.0.6
+     app.kubernetes.io/name: ingress-nginx
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/version: "1.0.4"
+     app.kubernetes.io/managed-by: Helm
+     app.kubernetes.io/component: controller
+   name: nginx
+ spec:
+   controller: k8s.io/ingress-nginx
kube-system, core-cert-manager-cainjector:leaderelection, Role (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/cainjector-rbac.yaml
+ # leader election rules
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: core-cert-manager-cainjector:leaderelection
+   namespace: kube-system
+   labels:
+     app: cainjector
+     app.kubernetes.io/name: cainjector
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cainjector"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   # Used for leader election by the controller
+   # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller
+   #   see cmd/cainjector/start.go#L113
+   # cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller
+   #   see cmd/cainjector/start.go#L137
+   # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688
+   - apiGroups: [""]
+     resources: ["configmaps"]
+     resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
+     verbs: ["get", "update", "patch"]
+   - apiGroups: [""]
+     resources: ["configmaps"]
+     verbs: ["create"]
+   - apiGroups: ["coordination.k8s.io"]
+     resources: ["leases"]
+     resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
+     verbs: ["get", "update", "patch"]
+   - apiGroups: ["coordination.k8s.io"]
+     resources: ["leases"]
+     verbs: ["create"]
kube-system, core-cert-manager-cainjector:leaderelection, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/cainjector-rbac.yaml
+ # grant cert-manager permission to manage the leaderelection configmap in the
+ # leader election namespace
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: core-cert-manager-cainjector:leaderelection
+   namespace: kube-system
+   labels:
+     app: cainjector
+     app.kubernetes.io/name: cainjector
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "cainjector"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+   name: core-cert-manager-cainjector:leaderelection
+ subjects:
+   - kind: ServiceAccount
+     name: core-cert-manager-cainjector
+     namespace: core
kube-system, core-cert-manager:leaderelection, Role (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: Role
+ metadata:
+   name: core-cert-manager:leaderelection
+   namespace: kube-system
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ rules:
+   # Used for leader election by the controller
+   # See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688
+   - apiGroups: [""]
+     resources: ["configmaps"]
+     resourceNames: ["cert-manager-controller"]
+     verbs: ["get", "update", "patch"]
+   - apiGroups: [""]
+     resources: ["configmaps"]
+     verbs: ["create"]
+   - apiGroups: ["coordination.k8s.io"]
+     resources: ["leases"]
+     resourceNames: ["cert-manager-controller"]
+     verbs: ["get", "update", "patch"]
+   - apiGroups: ["coordination.k8s.io"]
+     resources: ["leases"]
+     verbs: ["create"]
kube-system, core-cert-manager:leaderelection, RoleBinding (rbac.authorization.k8s.io) has been added:
- 
+ # Source: core/charts/cert-manager/templates/rbac.yaml
+ # grant cert-manager permission to manage the leaderelection configmap in the
+ # leader election namespace
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: RoleBinding
+ metadata:
+   name: core-cert-manager:leaderelection
+   namespace: kube-system
+   labels:
+     app: cert-manager
+     app.kubernetes.io/name: cert-manager
+     app.kubernetes.io/instance: core
+     app.kubernetes.io/component: "controller"
+     app.kubernetes.io/version: "v1.6.1"
+     app.kubernetes.io/managed-by: Helm
+     helm.sh/chart: cert-manager-v1.6.1
+ roleRef:
+   apiGroup: rbac.authorization.k8s.io
+   kind: Role
+   name: core-cert-manager:leaderelection
+ subjects:
+   - apiGroup: ""
+     kind: ServiceAccount
+     name: core-cert-manager
+     namespace: core

@dannylongeuay dannylongeuay merged commit c7946b0 into main Nov 20, 2021
@dannylongeuay dannylongeuay deleted the feat-helm-ci-cd-workflow branch November 20, 2021 06:20
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dannylongeuay