home-stack-kustomize/kustomize/bases/cert-manager/cert-manager-namespace.patch

--- a	2020-08-10 23:13:10.083362050 -0400
+++ b	2020-08-10 23:14:00.823784738 -0400
@@ -19,7 +19,7 @@
 metadata:
   name: certificaterequests.cert-manager.io
   annotations:
-    cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+    cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
   labels:
     app: 'cert-manager'
     app.kubernetes.io/name: 'cert-manager'
@@ -54,7 +54,7 @@
     # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
     webhookClientConfig:
       service:
-        namespace: 'cert-manager'
+        namespace: kube-system
         name: 'cert-manager-webhook'
         path: /convert
   names:
@@ -585,7 +585,7 @@
 metadata:
   name: certificates.cert-manager.io
   annotations:
-    cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+    cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
   labels:
     app: 'cert-manager'
     app.kubernetes.io/name: 'cert-manager'
@@ -623,7 +623,7 @@
     # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
     webhookClientConfig:
       service:
-        namespace: 'cert-manager'
+        namespace: kube-system
         name: 'cert-manager-webhook'
         path: /convert
   names:
@@ -1797,7 +1797,7 @@
 metadata:
   name: challenges.acme.cert-manager.io
   annotations:
-    cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+    cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
   labels:
     app: 'cert-manager'
     app.kubernetes.io/name: 'cert-manager'
@@ -1831,7 +1831,7 @@
     # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
     webhookClientConfig:
       service:
-        namespace: 'cert-manager'
+        namespace: kube-system
         name: 'cert-manager-webhook'
         path: /convert
   names:
@@ -6260,7 +6260,7 @@
 metadata:
   name: clusterissuers.cert-manager.io
   annotations:
-    cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+    cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
   labels:
     app: 'cert-manager'
     app.kubernetes.io/name: 'cert-manager'
@@ -6291,7 +6291,7 @@
     # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
     webhookClientConfig:
       service:
-        namespace: 'cert-manager'
+        namespace: kube-system
         name: 'cert-manager-webhook'
         path: /convert
   names:
@@ -12084,7 +12084,7 @@
 metadata:
   name: issuers.cert-manager.io
   annotations:
-    cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+    cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
   labels:
     app: 'cert-manager'
     app.kubernetes.io/name: 'cert-manager'
@@ -12115,7 +12115,7 @@
     # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
     webhookClientConfig:
       service:
-        namespace: 'cert-manager'
+        namespace: kube-system
         name: 'cert-manager-webhook'
         path: /convert
   names:
@@ -17905,7 +17905,7 @@
 metadata:
   name: orders.acme.cert-manager.io
   annotations:
-    cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'
+    cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'
   labels:
     app: 'cert-manager'
     app.kubernetes.io/name: 'cert-manager'
@@ -17940,7 +17940,7 @@
     # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
     webhookClientConfig:
       service:
-        namespace: 'cert-manager'
+        namespace: kube-system
         name: 'cert-manager-webhook'
         path: /convert
   names:
@@ -18515,11 +18515,6 @@
                   after it is initially set.
                 type: string
 ---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cert-manager
----
 # Source: cert-manager/templates/cainjector-serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
@@ -19100,7 +19095,7 @@
 subjects:
   - kind: ServiceAccount
     name: cert-manager-cainjector
-    namespace: cert-manager
+    namespace: kube-system
 ---
 # Source: cert-manager/templates/rbac.yaml
 # grant cert-manager permission to manage the leaderelection configmap in the
@@ -19125,7 +19120,7 @@
   - apiGroup: ""
     kind: ServiceAccount
     name: cert-manager
-    namespace: cert-manager
+    namespace: kube-system
 ---
 # Source: cert-manager/templates/webhook-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1beta1
@@ -19148,7 +19143,7 @@
 - apiGroup: ""
   kind: ServiceAccount
   name: cert-manager-webhook
-  namespace: cert-manager
+  namespace: kube-system
 ---
 # Source: cert-manager/templates/service.yaml
 apiVersion: v1
@@ -19338,7 +19333,7 @@
           - --secure-port=10250
           - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
           - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
-          - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc
+          - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.kube-system.svc
           ports:
           - name: https
             containerPort: 10250
add external database 2020-08-11 04:37:20 +00:00			`--- a 2020-08-10 23:13:10.083362050 -0400`
			`+++ b 2020-08-10 23:14:00.823784738 -0400`
deploy nginx-ingress-controller to kube-system 2020-08-11 02:05:54 +00:00			`@@ -19,7 +19,7 @@`
			`metadata:`
			`name: certificaterequests.cert-manager.io`
			`annotations:`
			`- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'`
			`+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'`
			`labels:`
			`app: 'cert-manager'`
			`app.kubernetes.io/name: 'cert-manager'`
			`@@ -54,7 +54,7 @@`
			# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
			`webhookClientConfig:`
			`service:`
			`- namespace: 'cert-manager'`
			`+ namespace: kube-system`
			`name: 'cert-manager-webhook'`
			`path: /convert`
			`names:`
			`@@ -585,7 +585,7 @@`
			`metadata:`
			`name: certificates.cert-manager.io`
			`annotations:`
			`- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'`
			`+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'`
			`labels:`
			`app: 'cert-manager'`
			`app.kubernetes.io/name: 'cert-manager'`
			`@@ -623,7 +623,7 @@`
			# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
			`webhookClientConfig:`
			`service:`
			`- namespace: 'cert-manager'`
			`+ namespace: kube-system`
			`name: 'cert-manager-webhook'`
			`path: /convert`
			`names:`
			`@@ -1797,7 +1797,7 @@`
			`metadata:`
			`name: challenges.acme.cert-manager.io`
			`annotations:`
			`- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'`
			`+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'`
			`labels:`
			`app: 'cert-manager'`
			`app.kubernetes.io/name: 'cert-manager'`
			`@@ -1831,7 +1831,7 @@`
			# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
			`webhookClientConfig:`
			`service:`
			`- namespace: 'cert-manager'`
			`+ namespace: kube-system`
			`name: 'cert-manager-webhook'`
			`path: /convert`
			`names:`
			`@@ -6260,7 +6260,7 @@`
			`metadata:`
			`name: clusterissuers.cert-manager.io`
			`annotations:`
			`- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'`
			`+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'`
			`labels:`
			`app: 'cert-manager'`
			`app.kubernetes.io/name: 'cert-manager'`
			`@@ -6291,7 +6291,7 @@`
			# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
			`webhookClientConfig:`
			`service:`
			`- namespace: 'cert-manager'`
			`+ namespace: kube-system`
			`name: 'cert-manager-webhook'`
			`path: /convert`
			`names:`
			`@@ -12084,7 +12084,7 @@`
			`metadata:`
			`name: issuers.cert-manager.io`
			`annotations:`
			`- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'`
			`+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'`
			`labels:`
			`app: 'cert-manager'`
			`app.kubernetes.io/name: 'cert-manager'`
			`@@ -12115,7 +12115,7 @@`
			# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
			`webhookClientConfig:`
			`service:`
			`- namespace: 'cert-manager'`
			`+ namespace: kube-system`
			`name: 'cert-manager-webhook'`
			`path: /convert`
			`names:`
			`@@ -17905,7 +17905,7 @@`
			`metadata:`
			`name: orders.acme.cert-manager.io`
			`annotations:`
			`- cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca'`
			`+ cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca'`
			`labels:`
			`app: 'cert-manager'`
			`app.kubernetes.io/name: 'cert-manager'`
			`@@ -17940,7 +17940,7 @@`
			# webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server.
			`webhookClientConfig:`
			`service:`
			`- namespace: 'cert-manager'`
			`+ namespace: kube-system`
			`name: 'cert-manager-webhook'`
			`path: /convert`
			`names:`
			`@@ -18515,11 +18515,6 @@`
			`after it is initially set.`
			`type: string`
			`---`
			`-apiVersion: v1`
			`-kind: Namespace`
			`-metadata:`
			`- name: cert-manager`
			`----`
			`# Source: cert-manager/templates/cainjector-serviceaccount.yaml`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`@@ -19100,7 +19095,7 @@`
			`subjects:`
			`- kind: ServiceAccount`
			`name: cert-manager-cainjector`
			`- namespace: cert-manager`
			`+ namespace: kube-system`
			`---`
			`# Source: cert-manager/templates/rbac.yaml`
			`# grant cert-manager permission to manage the leaderelection configmap in the`
			`@@ -19125,7 +19120,7 @@`
			`- apiGroup: ""`
			`kind: ServiceAccount`
			`name: cert-manager`
			`- namespace: cert-manager`
			`+ namespace: kube-system`
			`---`
			`# Source: cert-manager/templates/webhook-rbac.yaml`
			`apiVersion: rbac.authorization.k8s.io/v1beta1`
			`@@ -19148,7 +19143,7 @@`
			`- apiGroup: ""`
			`kind: ServiceAccount`
			`name: cert-manager-webhook`
			`- namespace: cert-manager`
			`+ namespace: kube-system`
			`---`
			`# Source: cert-manager/templates/service.yaml`
			`apiVersion: v1`
add external database 2020-08-11 04:37:20 +00:00			`@@ -19338,7 +19333,7 @@`
			`- --secure-port=10250`
			`- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)`
			`- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca`
			`- - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc`
			`+ - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.kube-system.svc`
			`ports:`
			`- name: https`
			`containerPort: 10250`