45 lines
1.7 KiB
YAML
45 lines
1.7 KiB
YAML
{{- if ne .Values.ingress.tls.source "letsEncrypt" -}}
|
|
{{- if and (not (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2")) (not (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1")) (not (.Capabilities.APIVersions.Has "cert-manager.io/v1")) }}
|
|
{{- $ca := genCA "self-signed-ca" 3650 -}}
|
|
{{- $cert := genSignedCert "ks-apiserver" nil (list "ks-apiserver" (printf "%s.%s" "ks-apiserver" .Release.Namespace) (printf "%s.%s.%s" "ks-apiserver" .Release.Namespace "svc")) 3650 $ca -}}
|
|
{{- if .Values.internalTLS }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: ks-apiserver-tls-certs
|
|
type: Opaque
|
|
data:
|
|
ca.crt: {{ b64enc $ca.Cert }}
|
|
tls.crt: {{ b64enc $cert.Cert }}
|
|
tls.key: {{ b64enc $cert.Key }}
|
|
{{- end }}
|
|
|
|
---
|
|
{{- $consolecert := genSignedCert "ks-console" nil (list "ks-console" (printf "%s.%s" "ks-console" .Release.Namespace) (printf "%s.%s.%s" "ks-console" .Release.Namespace "svc") .Values.portal.hostname) 3650 $ca -}}
|
|
{{- if .Values.internalTLS }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: ks-console-tls-certs
|
|
type: Opaque
|
|
data:
|
|
ca.crt: {{ b64enc $ca.Cert }}
|
|
tls.crt: {{ b64enc $consolecert.Cert }}
|
|
tls.key: {{ b64enc $consolecert.Key }}
|
|
{{- end }}
|
|
|
|
---
|
|
{{- $ingresscert := genSignedCert .Values.portal.hostname nil (list .Values.portal.hostname) 3650 $ca -}}
|
|
{{- if and ( .Values.ingress.enabled ) ( .Values.ingress.tls.enabled ) (eq .Values.ingress.tls.source "generation") }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: {{ .Values.ingress.tls.secretName }}
|
|
type: Opaque
|
|
data:
|
|
ca.crt: {{ b64enc $ca.Cert }}
|
|
tls.crt: {{ b64enc $ingresscert.Cert }}
|
|
tls.key: {{ b64enc $ingresscert.Key }}
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- end }} |