fix(helm): rolebinding should use templated values

The ClusterRoleBinding created for the cert-manager service account did
not correctly use the templated values for the subject reference to the
service account.

Fixes #45

deploy/charts/origin-ca-issuer/README.md

@@ -69,6 +69,8 @@ The following table lists the configurable parameters of the origin-ca-issuer ch
 | `controller.affinity`                 | Node (anti-)affinity for pod assignemt                                                  | `{}`                             |
 | `controller.tolerations`              | Node tolerations for pod assignment                                                     | `{}`                             |
 | `controller.disableApprovedCheck`     | Disable waiting for CertificateRequests to be Approved before signing                   | `false`                          |
+| `cert-manager.namespace `             | Namespace where the cert-manager controller is running.                                 | `cert-manager`                   |
+| `cert-manager.serviceAccountName`     | The Service Account used by the cert-manager controller.                                | `cert-manager`                   |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 

deploy/charts/origin-ca-issuer/templates/issuer-rolebinding.yaml

@@ -38,6 +38,6 @@ roleRef:
   name: cert-manager-controller-approve:cert-manager-k8s-cloudflare-com
 subjects:
 - kind: ServiceAccount
-  name: cert-manager
-  namespace: cert-manager
+  name: {{ template "cert-manager.serviceAccountName" . }}
+  namespace: {{ template "cert-manager.namespace" . }}
 {{- end }}

deploy/charts/origin-ca-issuer/values.yaml

@@ -91,3 +91,7 @@ controller:
   # Optional pod tolerations.
   # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
   tolerations: {}
+
+cert-manager:
+  namespace: cert-manager
+  serviceAccountName: cert-manager