From 2f77ec179ee63cacc9b390f4e6f0e2467cb64ebd Mon Sep 17 00:00:00 2001 From: Yevhen Ivantsov Date: Thu, 3 Jul 2025 07:53:33 +1000 Subject: [PATCH] Make it possible to provide a custom issuer for the certificate --- helm/aws-load-balancer-controller/templates/webhook.yaml | 4 +++- helm/aws-load-balancer-controller/values.yaml | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/helm/aws-load-balancer-controller/templates/webhook.yaml b/helm/aws-load-balancer-controller/templates/webhook.yaml index d578220618..69ce224eb5 100644 --- a/helm/aws-load-balancer-controller/templates/webhook.yaml +++ b/helm/aws-load-balancer-controller/templates/webhook.yaml @@ -235,7 +235,7 @@ spec: - {{ template "aws-load-balancer-controller.webhookService" . }}.{{ .Release.Namespace }}.svc.{{ .Values.cluster.dnsDomain }} issuerRef: kind: Issuer - name: {{ template "aws-load-balancer-controller.namePrefix" . }}-selfsigned-issuer + name: {{ default (printf "%s-selfsigned-issuer" (include "aws-load-balancer-controller.namePrefix" .)) .Values.certManager.existingIssuerName }} secretName: {{ template "aws-load-balancer-controller.webhookCertSecret" . }} {{- with .Values.certManager -}} {{ if .duration }} @@ -246,6 +246,7 @@ spec: {{- end }} {{- end }} --- +{{- if not $.Values.certManager.existingIssuerName }} apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -256,3 +257,4 @@ metadata: spec: selfSigned: {} {{- end }} +{{- end }} diff --git a/helm/aws-load-balancer-controller/values.yaml b/helm/aws-load-balancer-controller/values.yaml index 8eb1f19e8d..eee3cd6ec1 100644 --- a/helm/aws-load-balancer-controller/values.yaml +++ b/helm/aws-load-balancer-controller/values.yaml @@ -119,6 +119,9 @@ enableCertManager: false certManager: duration: renewBefore: + # name of the existing issuer to use for certificate requests + # when set, the controller will not create a self-signed issuer + existingIssuerName: # The name of the Kubernetes cluster. A non-empty value is required clusterName: