From bf9a61cfa72e1405b3d0c3e4613e672252f2ff61 Mon Sep 17 00:00:00 2001
From: Terin Stock <terinjokes@gmail.com>
Date: Fri, 5 Jul 2024 23:28:30 +0200
Subject: [PATCH] chore(helm): update chart for v0.9.0

---
 deploy/charts/origin-ca-issuer/Chart.yaml                  | 4 ++--
 deploy/charts/origin-ca-issuer/README.md                   | 7 ++++---
 .../origin-ca-issuer/templates/issuer-deployment.yaml      | 7 ++++++-
 deploy/charts/origin-ca-issuer/values.yaml                 | 6 +++++-
 4 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/deploy/charts/origin-ca-issuer/Chart.yaml b/deploy/charts/origin-ca-issuer/Chart.yaml
index b5f04b7..d476c6d 100644
--- a/deploy/charts/origin-ca-issuer/Chart.yaml
+++ b/deploy/charts/origin-ca-issuer/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 type: application
 name: origin-ca-issuer
-version: 0.5.4
-appVersion: 0.8.0
+version: 0.5.5
+appVersion: 0.9.0
 description: A Helm chart for origin-ca-issuer
 home: https://github.com/cloudflare/origin-ca-issuer
 maintainers:
diff --git a/deploy/charts/origin-ca-issuer/README.md b/deploy/charts/origin-ca-issuer/README.md
index 81d707f..0a85e2e 100644
--- a/deploy/charts/origin-ca-issuer/README.md
+++ b/deploy/charts/origin-ca-issuer/README.md
@@ -12,14 +12,14 @@ origin-ca-issuer is a Kubernetes addon to automate issuance and renewals of Clou
 Before installing the chart, you must first install [cert-manager](https://cert-manager.io/docs/installation/), and the origin-ca-issuer CustomResourceDefinition resources.
 
 ```shell
-VERSION="v0.8.0"
+VERSION="v0.9.0"
 kubectl apply -f https://raw.githubusercontent.com/cloudflare/origin-ca-issuer/${VERSION}/deploy/crds/cert-manager.k8s.cloudflare.com_originissuers.yaml
 ```
 
 To install the chart with the release name `my-release`:
 
 ``` shell
-helm install --name my-release oci://ghcr.io/cloudflare/origin-ca-issuer-charts/origin-ca-issuer --version 0.5.2
+helm install --name my-release oci://ghcr.io/cloudflare/origin-ca-issuer-charts/origin-ca-issuer --version 0.5.5
 ```
 
 In order to begin issuing certificates from the Cloudflare Origin CA you will need to set up an OriginIssuer. For more information, see the [documentation](https://github.com/cloudflare/origin-ca-issuer/blob/trunk/README.org).
@@ -34,7 +34,7 @@ helm delete my-release
 If you want to completely uninstall origin-ca-issuer from your cluster, you also need to delete the previously installed CustomResourceDefinition resources:
 
 ``` shell
-VERSION="v0.8.0"
+VERSION="v0.9.0"
 kubectl delete -f https://raw.githubusercontent.com/cloudflare/origin-ca-issuer/${VERSION}/deploy/crds/cert-manager.k8s.cloudflare.com_originissuers.yaml
 ```
 
@@ -69,6 +69,7 @@ The following table lists the configurable parameters of the origin-ca-issuer ch
 | `controller.affinity`                 | Node (anti-)affinity for pod assignment                                                 | `{}`                                                                           |
 | `controller.tolerations`              | Node tolerations for pod assignment                                                     | `{}`                                                                           |
 | `controller.disableApprovedCheck`     | Disable waiting for CertificateRequests to be Approved before signing                   | `false`                                                                        |
+| `controller.clusterResourceNamespace` | Override the namespace used for ClusterOriginIssuer secrets                             | `""`                                                                           |
 | `controller.resources`                | The resource request and limits.                                                        | `{requests: {cpu: "1", memory: "512Mi"}, limits: {cpu: "1", memory: "512Mi"}}` |
 | `certmanager.namespace`               | Namespace where the cert-manager controller is running.                                 | `cert-manager`                                                                 |
 | `certmanager.serviceAccountName`      | The Service Account used by the cert-manager controller.                                | `cert-manager`                                                                 |
diff --git a/deploy/charts/origin-ca-issuer/templates/issuer-deployment.yaml b/deploy/charts/origin-ca-issuer/templates/issuer-deployment.yaml
index 36aacd7..a694aae 100644
--- a/deploy/charts/origin-ca-issuer/templates/issuer-deployment.yaml
+++ b/deploy/charts/origin-ca-issuer/templates/issuer-deployment.yaml
@@ -64,10 +64,15 @@ spec:
           {{- if .Values.controller.volumeMounts }}
           volumeMounts: {{ toYaml .Values.controller.volumeMounts | nindent 12 }}
           {{- end }}
-          {{- if .Values.controller.disableApprovedCheck }}
           args:
+          {{- if .Values.controller.disableApprovedCheck }}
             - --disable-approved-check
           {{- end }}
+          {{- if .Values.controller.clusterResourceNamespace }}
+            - --cluster-resource-namespace={{ .Values.controller.clusterResourceNamespace }}
+          {{- else }}
+            - --cluster-resource-namespace=$(POD_NAMESPACE)
+          {{- end }}
           env:
             - name: POD_NAMESPACE
               valueFrom:
diff --git a/deploy/charts/origin-ca-issuer/values.yaml b/deploy/charts/origin-ca-issuer/values.yaml
index ac5a046..adec3c8 100644
--- a/deploy/charts/origin-ca-issuer/values.yaml
+++ b/deploy/charts/origin-ca-issuer/values.yaml
@@ -18,7 +18,7 @@ global:
 controller:
   image:
     repository: cloudflare/origin-ca-issuer
-    tag: v0.8.0
+    tag: v0.9.0
     pullPolicy: Always
 
   replicaCount: 1
@@ -34,6 +34,10 @@ controller:
   # Disable waiting for CertificateRequests to be Approved before signing
   disableApprovedCheck: false
 
+  # Override the namespace used to resolve API tokens for OriginClusterIssuer resources.
+  # By default, the namespace of the controller is used.
+  clusterResourceNamespace: ""
+
   # Optional additional arguments
   extraArgs: []