kube: move cert-manager resources to kube.local.libsonnet
This way kubernetes consumers don't have to import anything from
cluster/, hopefully.
We also create a small abstraction for local additions for
kube.libsonnet without having to modify upstream.
Change-Id: I209095781f91c8867250a647fe944370cddd67d0
diff --git a/cluster/kube/lib/registry.libsonnet b/cluster/kube/lib/registry.libsonnet
index 5272b2d..d457830 100644
--- a/cluster/kube/lib/registry.libsonnet
+++ b/cluster/kube/lib/registry.libsonnet
@@ -5,7 +5,6 @@
# kubectl get secrets rook-ceph-object-user-<ceph-pool>-object-registry -n <ceph-namespace> -o yaml --export | kubectl replace -f - -n registry
local kube = import "../../../kube/kube.libsonnet";
-local cm = import "cert-manager.libsonnet";
{
Environment: {
@@ -29,13 +28,13 @@
namespace: kube.Namespace(cfg.namespace),
- registryIssuer: cm.Issuer("registry-issuer") {
+ registryIssuer: kube.Issuer("registry-issuer") {
metadata+: env.metadata("registry-issuer"),
spec: {
selfSigned: {},
},
},
- authCertificate: cm.Certificate("auth") {
+ authCertificate: kube.Certificate("auth") {
metadata+: env.metadata("auth"),
spec: {
secretName: "auth-internal",
@@ -46,7 +45,7 @@
commonName: "auth.registry",
},
},
- registryCertificate: cm.Certificate("registry") {
+ registryCertificate: kube.Certificate("registry") {
metadata+: env.metadata("registry"),
spec: {
secretName: "registry-internal",