Run container in a unpriviliged way

2021-01-11 15:29:04 +01:00 · 2021-01-11 15:29:04 +01:00 · 6f1a1be286
commit 6f1a1be286
parent 0f2ea42f52
3 changed files with 4 additions and 3 deletions
--- a/deploy/cert-manager-webhook-hetzner/templates/deployment.yaml
+++ b/deploy/cert-manager-webhook-hetzner/templates/deployment.yaml
@ -27,12 +27,13 @@ spec:
          args:
            - --tls-cert-file=/tls/tls.crt
            - --tls-private-key-file=/tls/tls.key
+            - --secure-port=8443
          env:
            - name: GROUP_NAME
              value: {{ .Values.groupName | quote }}
          ports:
            - name: https
-              containerPort: 443
+              containerPort: 8443
              protocol: TCP
          livenessProbe:
            httpGet:
--- a/deploy/cert-manager-webhook-hetzner/templates/service.yaml
+++ b/deploy/cert-manager-webhook-hetzner/templates/service.yaml
@ -12,7 +12,7 @@ spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
-      targetPort: https
+      targetPort: 8443
      protocol: TCP
      name: https
  selector:
--- a/deploy/cert-manager-webhook-hetzner/values.yaml
+++ b/deploy/cert-manager-webhook-hetzner/values.yaml
@ -9,7 +9,7 @@
 groupName: dns.hetzner.cloud

 certManager:
-  namespace: kube-system
+  namespace: cert-manager
  serviceAccountName: cert-manager

 image: