From 51f71ee9c8f76e3bcf78463c24edaa8377af8047 Mon Sep 17 00:00:00 2001
From: Travis Holton <heytrav@proton.me>
Date: Thu, 19 Dec 2024 19:23:30 +1300
Subject: [PATCH] feat: Allow additional SANS for web certificate

This makes it possible to include extra variants of the service-name
that aren't captured by the {{ include "capsule.fullname" }} macro

Signed-off-by: Travis Holton <heytrav@proton.me>
---
 charts/capsule/templates/certificate.yaml | 3 +++
 charts/capsule/values.yaml                | 3 ++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/charts/capsule/templates/certificate.yaml b/charts/capsule/templates/certificate.yaml
index 29d6ff4d..9ad96f05 100644
--- a/charts/capsule/templates/certificate.yaml
+++ b/charts/capsule/templates/certificate.yaml
@@ -27,6 +27,9 @@ spec:
   dnsNames:
   - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc
   - {{ include "capsule.fullname" . }}-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
+  {{- range  .Values.certManager.additionalSANS }}
+  - {{ toYaml . }} 
+  {{- end }}
   issuerRef:
     kind: Issuer
     name: {{ include "capsule.fullname" . }}-webhook-selfsigned
diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml
index 5d486395..061f8d58 100644
--- a/charts/capsule/values.yaml
+++ b/charts/capsule/values.yaml
@@ -212,7 +212,8 @@ serviceAccount:
 certManager:
   # -- Specifies whether capsule webhooks certificates should be generated using cert-manager
   generateCertificates: false
-
+  # -- Specify additional SANS to add to the certificate
+  additionalSANS: []
 # -- Additional labels which will be added to all resources created by Capsule helm chart
 customLabels: {}