--- a 2020-08-10 23:13:10.083362050 -0400 +++ b 2020-08-10 23:14:00.823784738 -0400 @@ -19,7 +19,7 @@ metadata: name: certificaterequests.cert-manager.io annotations: - cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' + cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' labels: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager' @@ -54,7 +54,7 @@ # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. webhookClientConfig: service: - namespace: 'cert-manager' + namespace: kube-system name: 'cert-manager-webhook' path: /convert names: @@ -585,7 +585,7 @@ metadata: name: certificates.cert-manager.io annotations: - cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' + cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' labels: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager' @@ -623,7 +623,7 @@ # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. webhookClientConfig: service: - namespace: 'cert-manager' + namespace: kube-system name: 'cert-manager-webhook' path: /convert names: @@ -1797,7 +1797,7 @@ metadata: name: challenges.acme.cert-manager.io annotations: - cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' + cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' labels: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager' @@ -1831,7 +1831,7 @@ # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. webhookClientConfig: service: - namespace: 'cert-manager' + namespace: kube-system name: 'cert-manager-webhook' path: /convert names: @@ -6260,7 +6260,7 @@ metadata: name: clusterissuers.cert-manager.io annotations: - cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' + cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' labels: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager' @@ -6291,7 +6291,7 @@ # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. webhookClientConfig: service: - namespace: 'cert-manager' + namespace: kube-system name: 'cert-manager-webhook' path: /convert names: @@ -12084,7 +12084,7 @@ metadata: name: issuers.cert-manager.io annotations: - cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' + cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' labels: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager' @@ -12115,7 +12115,7 @@ # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. webhookClientConfig: service: - namespace: 'cert-manager' + namespace: kube-system name: 'cert-manager-webhook' path: /convert names: @@ -17905,7 +17905,7 @@ metadata: name: orders.acme.cert-manager.io annotations: - cert-manager.io/inject-ca-from-secret: 'cert-manager/cert-manager-webhook-ca' + cert-manager.io/inject-ca-from-secret: 'kube-system/cert-manager-webhook-ca' labels: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/name: 'cert-manager' @@ -17940,7 +17940,7 @@ # webhookClientConfig is required when strategy is `Webhook` and it configures the webhook endpoint to be called by API server. webhookClientConfig: service: - namespace: 'cert-manager' + namespace: kube-system name: 'cert-manager-webhook' path: /convert names: @@ -18515,11 +18515,6 @@ after it is initially set. type: string --- -apiVersion: v1 -kind: Namespace -metadata: - name: cert-manager ---- # Source: cert-manager/templates/cainjector-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount @@ -19100,7 +19095,7 @@ subjects: - kind: ServiceAccount name: cert-manager-cainjector - namespace: cert-manager + namespace: kube-system --- # Source: cert-manager/templates/rbac.yaml # grant cert-manager permission to manage the leaderelection configmap in the @@ -19125,7 +19120,7 @@ - apiGroup: "" kind: ServiceAccount name: cert-manager - namespace: cert-manager + namespace: kube-system --- # Source: cert-manager/templates/webhook-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1beta1 @@ -19148,7 +19143,7 @@ - apiGroup: "" kind: ServiceAccount name: cert-manager-webhook - namespace: cert-manager + namespace: kube-system --- # Source: cert-manager/templates/service.yaml apiVersion: v1 @@ -19338,7 +19333,7 @@ - --secure-port=10250 - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca - - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc + - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.kube-system.svc ports: - name: https containerPort: 10250