diff --git a/charts/kubelet-csr-approver/Chart.yaml b/charts/kubelet-csr-approver/Chart.yaml index c6de3a4..3f1c73e 100644 --- a/charts/kubelet-csr-approver/Chart.yaml +++ b/charts/kubelet-csr-approver/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: kubelet-csr-approver description: Kubelet CSR Approver type: application -version: 0.2.3 -appVersion: v0.2.3 +version: 0.2.4 +appVersion: v0.2.4 maintainers: - name: clementnuss - name: treydock diff --git a/charts/kubelet-csr-approver/templates/deployment.yaml b/charts/kubelet-csr-approver/templates/deployment.yaml index 3dbeda1..e3183f0 100644 --- a/charts/kubelet-csr-approver/templates/deployment.yaml +++ b/charts/kubelet-csr-approver/templates/deployment.yaml @@ -64,6 +64,14 @@ spec: - name: IGNORE_NON_SYSTEM_NODE value: {{ .Values.ignoreNonSystemNode | quote }} {{- end }} + {{- if .Values.allowedDnsNames}} + - name: ALLOWED_DNS_NAMES + value: {{ .Values.allowedDnsNames | quote }} + {{- end }} + {{- if .Values.bypassHostnameCheck}} + - name: BYPASS_HOSTNAME_CHECK + value: {{ .Values.bypassHostnameCheck | quote }} + {{- end }} {{- with .Values.env }} {{ toYaml . | nindent 12 }} {{- end }} diff --git a/charts/kubelet-csr-approver/values.yaml b/charts/kubelet-csr-approver/values.yaml index 5626b4a..e0531df 100644 --- a/charts/kubelet-csr-approver/values.yaml +++ b/charts/kubelet-csr-approver/values.yaml @@ -4,8 +4,12 @@ providerRegex: "" maxExpirationSeconds: "" # optional, permits to bypass dns resolution checks. default: false bypassDnsResolution: false +# number of DNS SAN names allowed in a certificate request. defaults to 1 +allowedDnsNames: 1 # optional, permits ignoring CSRs with another Username than `system:node:...` ignoreNonSystemNode: false +# set this parameter to true to ignore mismatching DNS name and hostname +bypassHostnameCheck: false # optional, list of IP (IPv4, IPv6) subnets that are allowed to submit CSRs providerIpPrefixes: [] # - 192.168.8.0/22