chore(helm): update chart for v0.9.0

cloudflare · Jul 5, 2024 · bf9a61c · bf9a61c
1 parent 4a15e56
commit bf9a61c
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 7 deletions.
diff --git a/deploy/charts/origin-ca-issuer/Chart.yaml b/deploy/charts/origin-ca-issuer/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 type: application
 name: origin-ca-issuer
-version: 0.5.4
-appVersion: 0.8.0
+version: 0.5.5
+appVersion: 0.9.0
 description: A Helm chart for origin-ca-issuer
 home: https://github.com/cloudflare/origin-ca-issuer
 maintainers:

diff --git a/deploy/charts/origin-ca-issuer/README.md b/deploy/charts/origin-ca-issuer/README.md
@@ -12,14 +12,14 @@ origin-ca-issuer is a Kubernetes addon to automate issuance and renewals of Clou
 Before installing the chart, you must first install [cert-manager](https://cert-manager.io/docs/installation/), and the origin-ca-issuer CustomResourceDefinition resources.
 
 ```shell
-VERSION="v0.8.0"
+VERSION="v0.9.0"
 kubectl apply -f https://raw.githubusercontent.com/cloudflare/origin-ca-issuer/${VERSION}/deploy/crds/cert-manager.k8s.cloudflare.com_originissuers.yaml
 ```
 
 To install the chart with the release name `my-release`:
 
 ``` shell
-helm install --name my-release oci://ghcr.io/cloudflare/origin-ca-issuer-charts/origin-ca-issuer --version 0.5.2
+helm install --name my-release oci://ghcr.io/cloudflare/origin-ca-issuer-charts/origin-ca-issuer --version 0.5.5
 ```
 
 In order to begin issuing certificates from the Cloudflare Origin CA you will need to set up an OriginIssuer. For more information, see the [documentation](https://github.com/cloudflare/origin-ca-issuer/blob/trunk/README.org).
@@ -34,7 +34,7 @@ helm delete my-release
 If you want to completely uninstall origin-ca-issuer from your cluster, you also need to delete the previously installed CustomResourceDefinition resources:
 
 ``` shell
-VERSION="v0.8.0"
+VERSION="v0.9.0"
 kubectl delete -f https://raw.githubusercontent.com/cloudflare/origin-ca-issuer/${VERSION}/deploy/crds/cert-manager.k8s.cloudflare.com_originissuers.yaml
 ```
 
@@ -69,6 +69,7 @@ The following table lists the configurable parameters of the origin-ca-issuer ch
 | `controller.affinity`                 | Node (anti-)affinity for pod assignment                                                 | `{}`                                                                           |
 | `controller.tolerations`              | Node tolerations for pod assignment                                                     | `{}`                                                                           |
 | `controller.disableApprovedCheck`     | Disable waiting for CertificateRequests to be Approved before signing                   | `false`                                                                        |
+| `controller.clusterResourceNamespace` | Override the namespace used for ClusterOriginIssuer secrets                             | `""`                                                                           |
 | `controller.resources`                | The resource request and limits.                                                        | `{requests: {cpu: "1", memory: "512Mi"}, limits: {cpu: "1", memory: "512Mi"}}` |
 | `certmanager.namespace`               | Namespace where the cert-manager controller is running.                                 | `cert-manager`                                                                 |
 | `certmanager.serviceAccountName`      | The Service Account used by the cert-manager controller.                                | `cert-manager`                                                                 |

diff --git a/deploy/charts/origin-ca-issuer/templates/issuer-deployment.yaml b/deploy/charts/origin-ca-issuer/templates/issuer-deployment.yaml
@@ -64,10 +64,15 @@ spec:
           {{- if .Values.controller.volumeMounts }}
           volumeMounts: {{ toYaml .Values.controller.volumeMounts | nindent 12 }}
           {{- end }}
-          {{- if .Values.controller.disableApprovedCheck }}
           args:
+          {{- if .Values.controller.disableApprovedCheck }}
             - --disable-approved-check
           {{- end }}
+          {{- if .Values.controller.clusterResourceNamespace }}
+            - --cluster-resource-namespace={{ .Values.controller.clusterResourceNamespace }}
+          {{- else }}
+            - --cluster-resource-namespace=$(POD_NAMESPACE)
+          {{- end }}
           env:
             - name: POD_NAMESPACE
               valueFrom:

diff --git a/deploy/charts/origin-ca-issuer/values.yaml b/deploy/charts/origin-ca-issuer/values.yaml
@@ -18,7 +18,7 @@ global:
 controller:
   image:
     repository: cloudflare/origin-ca-issuer
-    tag: v0.8.0
+    tag: v0.9.0
     pullPolicy: Always
 
   replicaCount: 1
@@ -34,6 +34,10 @@ controller:
   # Disable waiting for CertificateRequests to be Approved before signing
   disableApprovedCheck: false
 
+  # Override the namespace used to resolve API tokens for OriginClusterIssuer resources.
+  # By default, the namespace of the controller is used.
+  clusterResourceNamespace: ""
+
   # Optional additional arguments
   extraArgs: []