kube: move cert-manager resources to kube.local.libsonnet
This way kubernetes consumers don't have to import anything from
cluster/, hopefully.
We also create a small abstraction for local additions for
kube.libsonnet without having to modify upstream.
Change-Id: I209095781f91c8867250a647fe944370cddd67d0
diff --git a/cluster/kube/lib/cockroachdb.libsonnet b/cluster/kube/lib/cockroachdb.libsonnet
index 212104d..0b58180 100644
--- a/cluster/kube/lib/cockroachdb.libsonnet
+++ b/cluster/kube/lib/cockroachdb.libsonnet
@@ -35,7 +35,6 @@
local kube = import "../../../kube/kube.libsonnet";
-local cm = import "cert-manager.libsonnet";
local policies = import "../../../kube/policies.libsonnet";
{
@@ -76,14 +75,14 @@
name(suffix):: if cluster.cfg.ownNamespace then suffix else name + "-" + suffix,
pki: {
- selfSignedIssuer: cm.Issuer(cluster.name("selfsigned")) {
+ selfSignedIssuer: kube.Issuer(cluster.name("selfsigned")) {
metadata+: cluster.metadata,
spec: {
selfSigned: {},
},
},
- selfSignedKeypair: cm.Certificate(cluster.name("cluster-ca")) {
+ selfSignedKeypair: kube.Certificate(cluster.name("cluster-ca")) {
metadata+: cluster.metadata,
spec: {
secretName: cluster.name("cluster-ca"),
@@ -96,7 +95,7 @@
},
},
- clusterIssuer: cm.Issuer(cluster.name("cluster-ca")) {
+ clusterIssuer: kube.Issuer(cluster.name("cluster-ca")) {
metadata+: cluster.metadata,
spec: {
ca: {
@@ -105,7 +104,7 @@
},
},
- nodeCertificate: cm.Certificate(cluster.name("node")) {
+ nodeCertificate: kube.Certificate(cluster.name("node")) {
metadata+: cluster.metadata,
spec: {
secretName: "cockroachdb-node-cert",
@@ -127,7 +126,7 @@
},
},
- clientCertificate: cm.Certificate(cluster.name("client")) {
+ clientCertificate: kube.Certificate(cluster.name("client")) {
metadata+: cluster.metadata,
spec: {
secretName: cluster.name("client-certificate"),
@@ -371,7 +370,7 @@
},
Client(name):: {
- certificate: cm.Certificate(cluster.name("client-%s" % name)) {
+ certificate: kube.Certificate(cluster.name("client-%s" % name)) {
metadata+: cluster.metadata,
spec: {
secretName: cluster.name("client-%s-certificate" % name),