kube: move cert-manager resources to kube.local.libsonnet
This way kubernetes consumers don't have to import anything from
cluster/, hopefully.
We also create a small abstraction for local additions for
kube.libsonnet without having to modify upstream.
Change-Id: I209095781f91c8867250a647fe944370cddd67d0
diff --git a/cluster/kube/lib/cert-manager.libsonnet b/cluster/kube/lib/cert-manager.libsonnet
index e9e4a4b..93b9357 100644
--- a/cluster/kube/lib/cert-manager.libsonnet
+++ b/cluster/kube/lib/cert-manager.libsonnet
@@ -501,13 +501,13 @@
},
issuers: {
- webhookSelfsign: cm.Issuer("cert-manager-webhook-selfsign") {
+ webhookSelfsign: kube.Issuer("cert-manager-webhook-selfsign") {
metadata+: env.metadata,
spec: {
selfSigned: {},
},
},
- webhookCA: cm.Issuer("cert-manager-webhook-ca") {
+ webhookCA: kube.Issuer("cert-manager-webhook-ca") {
metadata+: env.metadata,
spec: {
ca: {
@@ -517,7 +517,7 @@
},
},
certificates: {
- webhookCA: cm.Certificate("cert-manager-webhook-ca") {
+ webhookCA: kube.Certificate("cert-manager-webhook-ca") {
metadata+: env.metadata,
spec: {
secretName: "cert-manager-webhook-ca",
@@ -529,7 +529,7 @@
isCA: true,
},
},
- webhookTLS: cm.Certificate("cert-manager-webhook-webhook-tls") {
+ webhookTLS: kube.Certificate("cert-manager-webhook-webhook-tls") {
metadata+: env.metadata,
spec: {
secretName: "cert-manager-webhook-webhook-tls",
@@ -696,16 +696,4 @@
],
},
},
-
- Issuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "Issuer", name) {
- spec: error "spec must be specified",
- },
-
- ClusterIssuer(name): kube._Object("certmanager.k8s.io/v1alpha1", "ClusterIssuer", name) {
- spec: error "spec must be specified",
- },
-
- Certificate(name): kube._Object("certmanager.k8s.io/v1alpha1", "Certificate", name) {
- spec: error "spec must be specified",
- },
}