3 years ago · 7416a84b2a
--- a/cmd/certcontroller.go
+++ b/cmd/certcontroller.go
@@ -69,11 +69,7 @@ var certcontrollerCmd = &cobra.Command{
 
				 		}
			
 
				 		crdctrl := crds.New(mgr.GetClient(), mgr.GetScheme(),
			
 
				 			ctrl.Log.WithName("controllers").WithName("webhook-certs-updater"),
			
 
				-			crdRequeueInterval, serviceName, serviceNamespace, secretName, secretNamespace, []string{
			
 
				-				"externalsecrets.external-secrets.io",
			
 
				-				"clustersecretstores.external-secrets.io",
			
 
				-				"secretstores.external-secrets.io",
			
 
				-			})
			
 
				+			crdRequeueInterval, serviceName, serviceNamespace, secretName, secretNamespace, crdNames)
			
 
				 		if err := crdctrl.SetupWithManager(mgr, controller.Options{
			
 
				 			MaxConcurrentReconciles: concurrent,
			
 
				 		}); err != nil {
			
@@ -120,6 +116,7 @@ func init() {
 
				 	certcontrollerCmd.Flags().StringVar(&serviceNamespace, "service-namespace", "default", "Webhook service namespace")
			
 
				 	certcontrollerCmd.Flags().StringVar(&secretName, "secret-name", "external-secrets-webhook", "Secret to store certs for webhook")
			
 
				 	certcontrollerCmd.Flags().StringVar(&secretNamespace, "secret-namespace", "default", "namespace of the secret to store certs")
			
 
				+	certcontrollerCmd.Flags().StringSliceVar(&crdNames, "crd-names", []string{"externalsecrets.external-secrets.io", "clustersecretstores.external-secrets.io", "secretstores.external-secrets.io"}, "CRD names reconciled by the controller")
			
 
				 	certcontrollerCmd.Flags().BoolVar(&enableLeaderElection, "enable-leader-election", false,
			
 
				 		"Enable leader election for controller manager. "+
			
 
				 			"Enabling this will ensure there is only one active controller manager.")
			
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -67,6 +67,7 @@ var (
 
				 	storeRequeueInterval                  time.Duration
			
 
				 	serviceName, serviceNamespace         string
			
 
				 	secretName, secretNamespace           string
			
 
				+	crdNames                              []string
			
 
				 	crdRequeueInterval                    time.Duration
			
 
				 	certCheckInterval                     time.Duration
			
 
				 	certLookaheadInterval                 time.Duration
			
--- a/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml
+++ b/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml
@@ -51,6 +51,10 @@ spec:
 
				           - --service-namespace={{ .Release.Namespace }}
			
 
				           - --secret-name={{ include "external-secrets.fullname" . }}-webhook
			
 
				           - --secret-namespace={{ .Release.Namespace }}
			
 
				+          {{ if not .Values.crds.createClusterSecretStore -}}
			
 
				+          - --crd-names=externalsecrets.external-secrets.io
			
 
				+          - --crd-names=secretstores.external-secrets.io
			
 
				+          {{- end -}}
			
 
				           {{- range $key, $value := .Values.certController.extraArgs }}
			
 
				             {{- if $value }}
			
 
				           - --{{ $key }}={{ $value }}
			
--- a/docs/guides/disable-cluster-features.md
+++ b/docs/guides/disable-cluster-features.md
@@ -0,0 +1,21 @@
 
				+# Deploying without ClusterSecretStore and ClusterExternalSecret
			
 
				+
			
 
				+When deploying External Secrets Operator via Helm chart, the default configuration will install `ClusterSecretStore` and `ClusterExternalSecret` CRDs and these objects will be processed by the operator.
			
 
				+
			
 
				+In order to disable both or one of these features, it is necessary to configure the `crds.*` Helm value, as well as the `process*` Helm value, as these 2 values are connected.
			
 
				+
			
 
				+If you would like to install the operator without `ClusterSecretStore` and `ClusterExternalSecret` management, you will have to :
			
 
				+
			
 
				+* set `crds.createClusterExternalSecret` to false
			
 
				+* set `crds.createClusterSecretStore` to false
			
 
				+* set `processClusterExternalSecret` to false
			
 
				+* set `processClusterStore` to false
			
 
				+
			
 
				+Example:
			
 
				+
			
 
				+```bash
			
 
				+helm install external-secrets external-secrets/external-secrets --set crds.createClusterExternalSecret=false \
			
 
				+--set crds.createClusterSecretStore=false \
			
 
				+--set processClusterExternalSecret=false \
			
 
				+--set processClusterStore=false
			
 
				+```
			
--- a/docs/guides/introduction.md
+++ b/docs/guides/introduction.md
@@ -13,3 +13,4 @@ the API. Please pick one of the following guides:
 
				 * [Decoding Strategy](decoding-strategy.md)
			
 
				 * [v1beta1 Migration](v1beta1.md)
			
 
				 * [Deploying image from main](using-latest-image.md)
			
 
				+* [Deploying without cluster features](disable-cluster-features.md)