feat: Allow additional SANS for web certificate

This makes it possible to include extra variants of the service-name
that aren't captured by the {{ include "capsule.fullname" }} macro

Signed-off-by: Travis Holton <heytrav@proton.me>

Update charts/capsule/README.md

Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>

charts/capsule/README.md

@@ -99,6 +99,7 @@ Here the values you can override:
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Set affinity rules for the Capsule pod |
 | certManager.generateCertificates | bool | `false` | Specifies whether capsule webhooks certificates should be generated using cert-manager |
+| certManager.additionalSANS | list | `[]` |  Specify additional SANS to add to the certificate |
 | customAnnotations | object | `{}` | Additional annotations which will be added to all resources created by Capsule helm chart |
 | customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart |
 | imagePullSecrets | list | `[]` | Configuration for `imagePullSecrets` so that you can use a private images registry. |

charts/capsule/templates/certificate.yaml

@@ -27,6 +27,9 @@ spec:
   dnsNames:
   - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc
   - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
+  {{- range  .Values.certManager.additionalSANS }}
+  - {{ toYaml . }} 
+  {{- end }}
   issuerRef:
     kind: Issuer
     name: {{ include "capsule.fullname" . }}-webhook-selfsigned

charts/capsule/values.yaml

@@ -212,7 +212,8 @@ serviceAccount:
 certManager:
   # -- Specifies whether capsule webhooks certificates should be generated using cert-manager
   generateCertificates: false
-
+  # -- Specify additional SANS to add to the certificate
+  additionalSANS: []
 # -- Additional labels which will be added to all resources created by Capsule helm chart
 customLabels: {}