admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
430a3589d802ef8c2fb114012bb9671dcb9ffb48
kubesphere/config/ks-core/templates/tls-secrets.yaml
KubeSphere CI Bot 447a51f08b feat: kubesphere 4.0 (#6115) 
* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

---------

Signed-off-by: ci-bot <ci-bot@kubesphere.io>
Co-authored-by: ks-ci-bot <ks-ci-bot@example.com>
Co-authored-by: joyceliu <joyceliu@yunify.com>
2024-09-06 11:05:52 +08:00

48 lines
1.8 KiB
YAML
Raw Blame History

{{- if ne .Values.ingress.tls.source "letsEncrypt" -}}
{{- if and (not (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2")) (not (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1")) }}
{{- $ca := genCA "self-signed-ca" 3650 -}}
{{- $cert := genSignedCert "ks-apiserver" nil (list "ks-apiserver" (printf "%s.%s" "ks-apiserver" .Release.Namespace) (printf "%s.%s.%s" "ks-apiserver" .Release.Namespace "svc")) 3650 $ca -}}
{{- if .Values.internalTLS }}
apiVersion: v1
kind: Secret
metadata:
name: ks-apiserver-tls-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
ca.crt: {{ b64enc $ca.Cert }}
tls.crt: {{ b64enc $cert.Cert }}
tls.key: {{ b64enc $cert.Key }}
{{- end }}
---
{{- $consolecert := genSignedCert "ks-console" nil (list "ks-console" (printf "%s.%s" "ks-console" .Release.Namespace) (printf "%s.%s.%s" "ks-console" .Release.Namespace "svc") .Values.portal.hostname) 3650 $ca -}}
{{- if .Values.internalTLS }}
apiVersion: v1
kind: Secret
metadata:
name: ks-console-tls-certs
namespace: {{ .Release.Namespace }}
type: Opaque
data:
ca.crt: {{ b64enc $ca.Cert }}
tls.crt: {{ b64enc $consolecert.Cert }}
tls.key: {{ b64enc $consolecert.Key }}
{{- end }}
---
{{- $ingresscert := genSignedCert .Values.portal.hostname nil (list .Values.portal.hostname) 3650 $ca -}}
{{- if and ( .Values.ingress.enabled ) ( .Values.ingress.tls.enabled ) (eq .Values.ingress.tls.source "generation") }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.ingress.tls.secretName }}
namespace: {{ .Release.Namespace }}
type: Opaque
data:
ca.crt: {{ b64enc $ca.Cert }}
tls.crt: {{ b64enc $ingresscert.Cert }}
tls.key: {{ b64enc $ingresscert.Key }}
{{- end }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink