cluster/kube/cert-manager: don't add APIService when webhooks are disabled
diff --git a/cluster/kube/lib/cert-manager.libsonnet b/cluster/kube/lib/cert-manager.libsonnet
index 8ec72fd..2598798 100644
--- a/cluster/kube/lib/cert-manager.libsonnet
+++ b/cluster/kube/lib/cert-manager.libsonnet
@@ -486,7 +486,7 @@
],
},
},
- apiservice: kube._Object("apiregistration.k8s.io/v1beta1", "APIService", "v1beta1.admission.certmanager.k8s.io") {
+ apiservice: if cfg.enableWebhook then kube._Object("apiregistration.k8s.io/v1beta1", "APIService", "v1beta1.admission.certmanager.k8s.io") {
spec+: {
version: "v1beta1",
group: "admission.certmanager.k8s.io",
@@ -498,6 +498,7 @@
},
},
},
+
issuers: {
webhookSelfsign: cm.Issuer("cert-manager-webhook-selfsign") {
metadata+: env.metadata,
@@ -543,13 +544,13 @@
},
},
},
- admission: kube._Object("admissionregistration.k8s.io/v1beta1", "ValidatingWebhookConfiguration", "cert-manager-webhook") {
+ admission: if cfg.enableWebhook then kube._Object("admissionregistration.k8s.io/v1beta1", "ValidatingWebhookConfiguration", "cert-manager-webhook") {
metadata+: {
annotations: {
},
},
// Copied from official yaml
- webhooks: if cfg.enableWebhook then [
+ webhooks: [
{
"name": "certificates.admission.certmanager.k8s.io",
"namespaceSelector": {
@@ -691,7 +692,7 @@
"caBundle": "",
}
}
- ] else [],
+ ],
},
},