Integrate helm chart with Cert-Manager CA Injector
phmcder opened this issue · comments
The current Helm chart requires the passing of TLS certificate values. Then it will create the certificate secret and hard code the caCert value for the webhook.
Other helm deployments have the option of using Cert-Manager to manage the webhook certificates using the CA Injector. This automates the updating of the webhook caCert value. https://cert-manager.io/docs/concepts/ca-injector/
External-Secrets has a helm chart that supports this:
Here the cert-manager.io/inject-ca-from
annotation is being set on line 12 (https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/validatingwebhook.yaml)
Currently, I am blocked from implementing this because
- The MutatingWebhookConfiguration yaml does not allow me to add annotations in /helm/templates/webhook.yaml
- the webhooks.clientConfig.caBundle value is not optional in /helm/templates/webhook.yaml
- The creation of the webhook-cert is not optional in /helm/templates/webhook.yaml
Can Cert-Manager support be added to the Helm?
Thanks
Hi @phmcder, thanks for opening this issue. What's in the AWS load balancer controller would adapt well to our Helm chart (webhook annotation, secret/cert, and volume).
Adding cert-manager support makes sense, though the timeline to address would likely depend on demand. Happy to review a PR as well if you'd like to accelerate this.