# Adds namespace to all resources. namespace: redpanda-system # Value of this field is prepended to the # names of all resources, e.g. a deployment named # "wordpress" becomes "alices-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. namePrefix: redpanda- # Labels to add to all resources and selectors. #commonLabels: # someName: someValue resources: - ../crd - ../rbac - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml - ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. - ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. # - ../prometheus patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. - manager_auth_proxy_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type #- manager_config_patch.yaml # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml - manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. # 'CERTMANAGER' needs to be enabled to use ca injection - webhookcainjection_patch.yaml replacements: - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs kind: Certificate group: cert-manager.io version: v1 name: serving-cert # this name should match the one in certificate.yaml fieldPath: .metadata.namespace # namespace of the certificate CR targets: - select: kind: ValidatingWebhookConfiguration fieldPaths: - .metadata.annotations.[cert-manager.io/inject-ca-from] options: delimiter: '/' index: 0 create: true - select: kind: MutatingWebhookConfiguration fieldPaths: - .metadata.annotations.[cert-manager.io/inject-ca-from] options: delimiter: '/' index: 0 create: true - select: kind: CustomResourceDefinition fieldPaths: - .metadata.annotations.[cert-manager.io/inject-ca-from] options: delimiter: '/' index: 0 create: true - source: kind: Certificate group: cert-manager.io version: v1 name: serving-cert # this name should match the one in certificate.yaml fieldPath: .metadata.name targets: - select: kind: ValidatingWebhookConfiguration fieldPaths: - .metadata.annotations.[cert-manager.io/inject-ca-from] options: delimiter: '/' index: 1 create: true - select: kind: MutatingWebhookConfiguration fieldPaths: - .metadata.annotations.[cert-manager.io/inject-ca-from] options: delimiter: '/' index: 1 create: true - select: kind: CustomResourceDefinition fieldPaths: - .metadata.annotations.[cert-manager.io/inject-ca-from] options: delimiter: '/' index: 1 create: true - source: # Add cert-manager annotation to the webhook Service kind: Service version: v1 name: webhook-service fieldPath: .metadata.name # namespace of the service targets: - select: kind: Certificate group: cert-manager.io version: v1 fieldPaths: - .spec.dnsNames.0 - .spec.dnsNames.1 options: delimiter: '.' index: 0 create: true - source: kind: Service version: v1 name: webhook-service fieldPath: .metadata.namespace # namespace of the service targets: - select: kind: Certificate group: cert-manager.io version: v1 fieldPaths: - .spec.dnsNames.0 - .spec.dnsNames.1 options: delimiter: '.' index: 1 create: true