Skip to content

Commit cca7e1c

Browse files
author
Mladen Rusev
committed
Revert "change to CertificatePolicy in application-team-1.yaml"
This reverts commit 2c979b8.
1 parent 2c979b8 commit cca7e1c

File tree

1 file changed

+79
-19
lines changed

1 file changed

+79
-19
lines changed

hack/e2e/application-team-1.yaml

Lines changed: 79 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,33 +1,69 @@
1+
apiVersion: v1
2+
kind: Namespace
3+
metadata:
4+
name: team-1
5+
---
16
apiVersion: policy.cert-manager.io/v1alpha1
2-
kind: CertificatePolicy
7+
kind: CertificateRequestPolicy
38
metadata:
4-
name: allow-team-1-certs
5-
namespace: venafi
9+
name: team-1
610
spec:
711
allowed:
8-
commonNames: ["*"]
9-
dnsNames: ["*"]
12+
commonName:
13+
value: '*'
14+
dnsNames:
15+
values:
16+
- '*'
17+
subject:
18+
countries:
19+
values:
20+
- '*'
21+
localities:
22+
values:
23+
- '*'
24+
organizationalUnits:
25+
values:
26+
- '*'
27+
organizations:
28+
values:
29+
- '*'
30+
postalCodes:
31+
values:
32+
- '*'
33+
provinces:
34+
values:
35+
- '*'
36+
serialNumber:
37+
value: '*'
38+
streetAddresses:
39+
values:
40+
- '*'
1041
usages:
11-
- "digital signature"
12-
- "key encipherment"
13-
- "server auth"
14-
issuerSelector:
15-
matchNames: ["venafi-cloud"]
16-
namespaceSelector:
17-
matchNames: ["team-1"]
18-
19-
---
20-
apiVersion: v1
21-
kind: Namespace
22-
metadata:
23-
name: team-1
42+
- digital signature
43+
- key encipherment
44+
- server auth
45+
- client auth
46+
plugins:
47+
venafi:
48+
values:
49+
venafiConnectionName: venafi-components
50+
zone: ${VEN_ZONE}
51+
selector:
52+
issuerRef:
53+
group: jetstack.io
54+
kind: VenafiIssuer
55+
name: venafi-cloud
56+
namespace:
57+
matchNames:
58+
- team-1
2459
---
2560
apiVersion: jetstack.io/v1alpha1
2661
kind: VenafiIssuer
2762
metadata:
2863
name: venafi-cloud
2964
namespace: team-1
3065
spec:
66+
certificateNameExpression: request.namespace + "_" + request.name
3167
venafiConnectionName: venafi-components
3268
venafiConnectionNamespace: venafi
3369
zone: ${VEN_ZONE}
@@ -50,4 +86,28 @@ spec:
5086
rotationPolicy: Always
5187
size: 2048
5288
revisionHistoryLimit: 1
53-
secretName: app-0
89+
secretName: app-0
90+
---
91+
apiVersion: rbac.authorization.k8s.io/v1
92+
kind: Role
93+
metadata:
94+
name: cert-manager-policy:allow
95+
namespace: team-1
96+
rules:
97+
- apiGroups: ["policy.cert-manager.io"]
98+
resources: ["certificaterequestpolicies"]
99+
verbs: ["use"]
100+
---
101+
apiVersion: rbac.authorization.k8s.io/v1
102+
kind: RoleBinding
103+
metadata:
104+
name: cert-manager-policy:allow
105+
namespace: team-1
106+
roleRef:
107+
apiGroup: rbac.authorization.k8s.io
108+
kind: Role
109+
name: cert-manager-policy:allow
110+
subjects:
111+
- kind: Group
112+
name: system:authenticated
113+
apiGroup: rbac.authorization.k8s.io

0 commit comments

Comments
 (0)