# Adds namespace to all resources. namespace: zelda-system # Value of this field is prepended to the # names of all resources, e.g. a deployment named # "wordpress" becomes "alices-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. namePrefix: zelda- # Labels to add to all resources and selectors. #labels: #- includeSelectors: true # pairs: # someName: someValue resources: - ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml #- ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. - manager_auth_proxy_patch.yaml # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml #- manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. # 'CERTMANAGER' needs to be enabled to use ca injection #- webhookcainjection_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. # Uncomment the following replacements to add the cert-manager CA injection annotations #replacements: # - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs # kind: Certificate # group: cert-manager.io # version: v1 # name: serving-cert # this name should match the one in certificate.yaml # fieldPath: .metadata.namespace # namespace of the certificate CR # targets: # - select: # kind: ValidatingWebhookConfiguration # fieldPaths: # - .metadata.annotations.[cert-manager.io/inject-ca-from] # options: # delimiter: '/' # index: 0 # create: true # - select: # kind: MutatingWebhookConfiguration # fieldPaths: # - .metadata.annotations.[cert-manager.io/inject-ca-from] # options: # delimiter: '/' # index: 0 # create: true # - select: # kind: CustomResourceDefinition # fieldPaths: # - .metadata.annotations.[cert-manager.io/inject-ca-from] # options: # delimiter: '/' # index: 0 # create: true # - source: # kind: Certificate # group: cert-manager.io # version: v1 # name: serving-cert # this name should match the one in certificate.yaml # fieldPath: .metadata.name # targets: # - select: # kind: ValidatingWebhookConfiguration # fieldPaths: # - .metadata.annotations.[cert-manager.io/inject-ca-from] # options: # delimiter: '/' # index: 1 # create: true # - select: # kind: MutatingWebhookConfiguration # fieldPaths: # - .metadata.annotations.[cert-manager.io/inject-ca-from] # options: # delimiter: '/' # index: 1 # create: true # - select: # kind: CustomResourceDefinition # fieldPaths: # - .metadata.annotations.[cert-manager.io/inject-ca-from] # options: # delimiter: '/' # index: 1 # create: true # - source: # Add cert-manager annotation to the webhook Service # kind: Service # version: v1 # name: webhook-service # fieldPath: .metadata.name # namespace of the service # targets: # - select: # kind: Certificate # group: cert-manager.io # version: v1 # fieldPaths: # - .spec.dnsNames.0 # - .spec.dnsNames.1 # options: # delimiter: '.' # index: 0 # create: true # - source: # kind: Service # version: v1 # name: webhook-service # fieldPath: .metadata.namespace # namespace of the service # targets: # - select: # kind: Certificate # group: cert-manager.io # version: v1 # fieldPaths: # - .spec.dnsNames.0 # - .spec.dnsNames.1 # options: # delimiter: '.' # index: 1 # create: true