add ovh

2026-01-21 01:13:11 +01:00
parent 9f3388ee03
commit 7d9336834e
13 changed files with 496 additions and 10 deletions
--- a/helm/cert-manager-webhook-ovh/ops/templates/deployment.yaml
+++ b/helm/cert-manager-webhook-ovh/ops/templates/deployment.yaml
@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cert-manager-webhook-ovh
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: cert-manager-webhook-ovh
+    app.kubernetes.io/name: cert-manager-webhook-ovh
+    app.kubernetes.io/component: webhook
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: cert-manager-webhook-ovh
+  template:
+    metadata:
+      labels:
+        app: cert-manager-webhook-ovh
+        app.kubernetes.io/name: cert-manager-webhook-ovh
+        app.kubernetes.io/component: webhook
+    spec:
+      serviceAccountName: cert-manager-webhook-ovh
+      containers:
+      - name: webhook
+        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        args:
+        - --v=2
+        - --group-name={{ .Values.groupName }}
+        - --secure-port=10250
+        ports:
+        - name: https
+          containerPort: 10250
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 6080
+            scheme: HTTP
+          initialDelaySeconds: 60
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 6080
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          timeoutSeconds: 1
+          successThreshold: 1
+          failureThreshold: 3
+        resources:
+          {{- toYaml .Values.resources | nindent 10 }}
+      nodeSelector:
+        {{- toYaml .Values.nodeSelector | nindent 8 }}
+      tolerations:
+        {{- toYaml .Values.tolerations | nindent 8 }}
+      affinity:
+        {{- toYaml .Values.affinity | nindent 8 }}
+
--- a/helm/cert-manager-webhook-ovh/ops/templates/mutating-webhook.yaml
+++ b/helm/cert-manager-webhook-ovh/ops/templates/mutating-webhook.yaml
@@ -0,0 +1,31 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: cert-manager-webhook-ovh
+  labels:
+    app: cert-manager-webhook-ovh
+    app.kubernetes.io/name: cert-manager-webhook-ovh
+webhooks:
+- name: webhook.cert-manager.io
+  admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: cert-manager-webhook-ovh
+      namespace: {{ .Values.namespace }}
+      path: "/mutate"
+  failurePolicy: Fail
+  sideEffects: None
+  rules:
+  - apiGroups:
+    - cert-manager.io
+    - acme.cert-manager.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - "*/*"
+
--- a/helm/cert-manager-webhook-ovh/ops/templates/rbac.yaml
+++ b/helm/cert-manager-webhook-ovh/ops/templates/rbac.yaml
@@ -0,0 +1,31 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cert-manager-webhook-ovh:webhook-requester
+  labels:
+    app: cert-manager-webhook-ovh
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cert-manager-webhook-ovh:webhook-requester
+  labels:
+    app: cert-manager-webhook-ovh
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cert-manager-webhook-ovh:webhook-requester
+subjects:
+- apiGroup: ""
+  kind: ServiceAccount
+  name: cert-manager-webhook-ovh
+  namespace: {{ .Values.namespace }}
+
--- a/helm/cert-manager-webhook-ovh/ops/templates/service.yaml
+++ b/helm/cert-manager-webhook-ovh/ops/templates/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: cert-manager-webhook-ovh
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: cert-manager-webhook-ovh
+    app.kubernetes.io/name: cert-manager-webhook-ovh
+    app.kubernetes.io/component: webhook
+spec:
+  type: ClusterIP
+  ports:
+  - name: https
+    port: 443
+    targetPort: 10250
+    protocol: TCP
+  selector:
+    app: cert-manager-webhook-ovh
+
--- a/helm/cert-manager-webhook-ovh/ops/templates/serviceaccount.yaml
+++ b/helm/cert-manager-webhook-ovh/ops/templates/serviceaccount.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cert-manager-webhook-ovh
+  namespace: {{ .Values.namespace }}
+  labels:
+    app: cert-manager-webhook-ovh
+    app.kubernetes.io/name: cert-manager-webhook-ovh
+
--- a/helm/cert-manager-webhook-ovh/ops/templates/validating-webhook.yaml
+++ b/helm/cert-manager-webhook-ovh/ops/templates/validating-webhook.yaml
@@ -0,0 +1,31 @@
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: cert-manager-webhook-ovh
+  labels:
+    app: cert-manager-webhook-ovh
+    app.kubernetes.io/name: cert-manager-webhook-ovh
+webhooks:
+- name: webhook.cert-manager.io
+  admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: cert-manager-webhook-ovh
+      namespace: {{ .Values.namespace }}
+      path: "/validate"
+  failurePolicy: Fail
+  sideEffects: None
+  rules:
+  - apiGroups:
+    - cert-manager.io
+    - acme.cert-manager.io
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - "*/*"
+