change to CertificatePolicy in application-team-1.yaml

Mladen Rusev · Mladen Rusev · commit 2c979b8ae492 · 2025-09-15T18:24:51.000+03:00
diff --git a/hack/e2e/application-team-1.yaml b/hack/e2e/application-team-1.yaml
@@ -1,69 +1,33 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: team-1
----
 apiVersion: policy.cert-manager.io/v1alpha1
-kind: CertificateRequestPolicy
+kind: CertificatePolicy
 metadata:
-  name: team-1
+  name: allow-team-1-certs
+  namespace: venafi
 spec:
   allowed:
-    commonName:
-      value: '*'
-    dnsNames:
-      values:
-      - '*'
-    subject:
-      countries:
-        values:
-        - '*'
-      localities:
-        values:
-        - '*'
-      organizationalUnits:
-        values:
-        - '*'
-      organizations:
-        values:
-        - '*'
-      postalCodes:
-        values:
-        - '*'
-      provinces:
-        values:
-        - '*'
-      serialNumber:
-        value: '*'
-      streetAddresses:
-        values:
-        - '*'
+    commonNames: ["*"]
+    dnsNames: ["*"]
     usages:
-    - digital signature
-    - key encipherment
-    - server auth
-    - client auth
-  plugins:
-    venafi:
-      values:
-        venafiConnectionName: venafi-components
-        zone: ${VEN_ZONE}
-  selector:
-    issuerRef:
-      group: jetstack.io
-      kind: VenafiIssuer
-      name: venafi-cloud
-    namespace:
-      matchNames:
-      - team-1
+      - "digital signature"
+      - "key encipherment"
+      - "server auth"
+  issuerSelector:
+    matchNames: ["venafi-cloud"]
+  namespaceSelector:
+    matchNames: ["team-1"]
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: team-1
 ---
 apiVersion: jetstack.io/v1alpha1
 kind: VenafiIssuer
 metadata:
   name: venafi-cloud
   namespace: team-1
 spec:
-  certificateNameExpression: request.namespace + "_" + request.name
   venafiConnectionName: venafi-components
   venafiConnectionNamespace: venafi
   zone: ${VEN_ZONE}
@@ -86,28 +50,4 @@ spec:
     rotationPolicy: Always
     size: 2048
   revisionHistoryLimit: 1
-  secretName: app-0
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: cert-manager-policy:allow
-  namespace: team-1
-rules:
-  - apiGroups: ["policy.cert-manager.io"]
-    resources: ["certificaterequestpolicies"]
-    verbs: ["use"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: cert-manager-policy:allow
-  namespace: team-1
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cert-manager-policy:allow
-subjects:
-- kind: Group
-  name: system:authenticated
-  apiGroup: rbac.authorization.k8s.io
+  secretName: app-0
