Kubelet csr approver (#9877)

* chore(helm-apps): fix README example README shows a non-working example according to the specs for this role. * Add support for kubelet-csr-approver Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * Add tests for kubelet-csr-approver Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> * Add Documentation for Kubelet CSR Approver Co-Authored-By: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch> --------- Co-authored-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2026-02-28 09:39:12 +03:00 · 2023-05-11 00:49:09 +00:00
parent 9a72de54de
commit 07d45e6b62
13 changed files with 94 additions and 9 deletions
--- a/roles/kubernetes-apps/kubelet-csr-approver/defaults/main.yml
+++ b/roles/kubernetes-apps/kubelet-csr-approver/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+kubelet_csr_approver_enabled: "{{ kubelet_rotate_server_certificates }}"
+kubelet_csr_approver_namespace: kube-system
+
+kubelet_csr_approver_repository_name: kubelet-csr-approver
+kubelet_csr_approver_repository_url: https://postfinance.github.io/kubelet-csr-approver
+kubelet_csr_approver_chart_ref: "{{ kubelet_csr_approver_repository_name }}/kubelet-csr-approver"
+kubelet_csr_approver_chart_version: 0.2.8
+
+# Fill values override here
+# See upstream https://github.com/postfinance/kubelet-csr-approver
+kubelet_csr_approver_values: {}
--- a/roles/kubernetes-apps/kubelet-csr-approver/meta/main.yml
+++ b/roles/kubernetes-apps/kubelet-csr-approver/meta/main.yml
@@ -0,0 +1,20 @@
+---
+dependencies:
+  - role: helm-apps
+    when:
+      - inventory_hostname == groups['kube_control_plane'][0]
+      - kubelet_csr_approver_enabled
+    environment:
+      http_proxy: "{{ http_proxy | default('') }}"
+      https_proxy: "{{ https_proxy | default('') }}"
+    release_common_opts: {}
+    releases:
+      - name: kubelet-csr-approver
+        namespace: "{{ kubelet_csr_approver_namespace }}"
+        chart_ref: "{{ kubelet_csr_approver_chart_ref }}"
+        chart_version: "{{ kubelet_csr_approver_chart_version }}"
+        wait: true
+        values: "{{ kubelet_csr_approver_values }}"
+    repositories:
+      - name: "{{ kubelet_csr_approver_repository_name }}"
+        url: "{{ kubelet_csr_approver_repository_url }}"