feat: kubesphere 4.0 (#6115)
* feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> * feat: kubesphere 4.0 Signed-off-by: ci-bot <ci-bot@kubesphere.io> --------- Signed-off-by: ci-bot <ci-bot@kubesphere.io> Co-authored-by: ks-ci-bot <ks-ci-bot@example.com> Co-authored-by: joyceliu <joyceliu@yunify.com>
This commit is contained in:
KubeSphere CI Bot
committed by
GitHub
GitHub
parent
b5015ec7b9
commit
447a51f08b
48
config/ks-core/templates/tls-secrets.yaml
Normal file
48
config/ks-core/templates/tls-secrets.yaml
Normal file
@@ -0,0 +1,48 @@
|
||||
{{- if ne .Values.ingress.tls.source "letsEncrypt" -}}
|
||||
{{- if and (not (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2")) (not (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1")) }}
|
||||
{{- $ca := genCA "self-signed-ca" 3650 -}}
|
||||
{{- $cert := genSignedCert "ks-apiserver" nil (list "ks-apiserver" (printf "%s.%s" "ks-apiserver" .Release.Namespace) (printf "%s.%s.%s" "ks-apiserver" .Release.Namespace "svc")) 3650 $ca -}}
|
||||
{{- if .Values.internalTLS }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: ks-apiserver-tls-certs
|
||||
namespace: {{ .Release.Namespace }}
|
||||
type: Opaque
|
||||
data:
|
||||
ca.crt: {{ b64enc $ca.Cert }}
|
||||
tls.crt: {{ b64enc $cert.Cert }}
|
||||
tls.key: {{ b64enc $cert.Key }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
{{- $consolecert := genSignedCert "ks-console" nil (list "ks-console" (printf "%s.%s" "ks-console" .Release.Namespace) (printf "%s.%s.%s" "ks-console" .Release.Namespace "svc") .Values.portal.hostname) 3650 $ca -}}
|
||||
{{- if .Values.internalTLS }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: ks-console-tls-certs
|
||||
namespace: {{ .Release.Namespace }}
|
||||
type: Opaque
|
||||
data:
|
||||
ca.crt: {{ b64enc $ca.Cert }}
|
||||
tls.crt: {{ b64enc $consolecert.Cert }}
|
||||
tls.key: {{ b64enc $consolecert.Key }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
{{- $ingresscert := genSignedCert .Values.portal.hostname nil (list .Values.portal.hostname) 3650 $ca -}}
|
||||
{{- if and ( .Values.ingress.enabled ) ( .Values.ingress.tls.enabled ) (eq .Values.ingress.tls.source "generation") }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .Values.ingress.tls.secretName }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
type: Opaque
|
||||
data:
|
||||
ca.crt: {{ b64enc $ca.Cert }}
|
||||
tls.crt: {{ b64enc $ingresscert.Cert }}
|
||||
tls.key: {{ b64enc $ingresscert.Key }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user