feat: Allow additional SANS for web certificate

This makes it possible to include extra variants of the service-name that aren't captured by the {{ include "capsule.fullname" }} macro Signed-off-by: Travis Holton <heytrav@proton.me>
projectcapsule · Dec 19, 2024 · 51f71ee · 51f71ee
1 parent 20807ad
commit 51f71ee
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/charts/capsule/templates/certificate.yaml b/charts/capsule/templates/certificate.yaml
@@ -27,6 +27,9 @@ spec:
   dnsNames:
   - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc
   - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
+  {{- range  .Values.certManager.additionalSANS }}
+  - {{ toYaml . }} 
+  {{- end }}
   issuerRef:
     kind: Issuer
     name: {{ include "capsule.fullname" . }}-webhook-selfsigned

diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml
@@ -212,7 +212,8 @@ serviceAccount:
 certManager:
   # -- Specifies whether capsule webhooks certificates should be generated using cert-manager
   generateCertificates: false
-
+  # -- Specify additional SANS to add to the certificate
+  additionalSANS: []
 # -- Additional labels which will be added to all resources created by Capsule helm chart
 customLabels: {}