admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc33efe618cc81c111e1d65813eae0be22aba29b
kubesphere/config/ks-core/templates/cert-manager.yaml
hongming dc33efe618 chore: refine ks-core helm chart (#2128) 
Signed-off-by: hongming <coder.scala@gmail.com>
2025-03-19 06:26:25 +00:00

148 lines
5.8 KiB
YAML
Raw Blame History

{{- if or (.Values.internalTLS) (.Values.ingress.tls.enabled) -}}
{{- if eq .Values.ingress.tls.source "letsEncrypt" -}}
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }}
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") }}
apiVersion: cert-manager.io/v1
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") }}
apiVersion: cert-manager.io/v1beta1
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") }}
apiVersion: cert-manager.io/v1alpha2
{{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }}
apiVersion: certmanager.k8s.io/v1alpha1
{{- else }}
apiVersion: cert-manager.io/v1
{{- end }}
kind: Issuer
metadata:
name: letsencrypt
spec:
acme:
email: {{ .Values.letsEncrypt.email }}
{{- if eq .Values.letsEncrypt.environment "production" }}
server: https://acme-v02.api.letsencrypt.org/directory
{{- else }}
server: https://acme-staging-v02.api.letsencrypt.org/directory
{{- end }}
privateKeySecretRef:
name: letsencrypt-{{ .Values.letsEncrypt.environment }}
{{- if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }}
http01: { }
{{- else }}
solvers:
- http01:
ingress:
class: {{ .Values.ingress.ingressClassName }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
---
{{- if or (.Values.internalTLS) (.Values.ingress.tls.enabled) -}}
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }}
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") }}
apiVersion: cert-manager.io/v1
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") }}
apiVersion: cert-manager.io/v1beta1
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") }}
apiVersion: cert-manager.io/v1alpha2
{{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }}
apiVersion: certmanager.k8s.io/v1alpha1
{{- else }}
apiVersion: cert-manager.io/v1
{{- end }}
kind: Issuer
metadata:
name: self-signed
spec:
selfSigned: {}
{{- end }}
{{- end }}
---
{{- if .Values.internalTLS -}}
{{- if or (eq .Values.ingress.tls.source "letsEncrypt") (eq .Values.ingress.tls.source "generation") (eq .Values.ingress.tls.source "importation") -}}
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }}
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") }}
apiVersion: cert-manager.io/v1
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") }}
apiVersion: cert-manager.io/v1beta1
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") }}
apiVersion: cert-manager.io/v1alpha2
{{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }}
apiVersion: certmanager.k8s.io/v1alpha1
{{- else }}
apiVersion: cert-manager.io/v1
{{- end }}
kind: Certificate
metadata:
name: ks-apiserver-certificate
spec:
# Secret names are always required.
secretName: ks-apiserver-tls-certs
duration: {{ .Values.certmanager.duration }}
renewBefore: {{ .Values.certmanager.renewBefore }}
subject:
organizations:
- ks-apiserver
commonName: ks-apiserver
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
dnsNames:
- ks-apiserver
- {{ printf "%s.%s" "ks-apiserver" .Release.Namespace }}
- {{ printf "%s.%s.%s" "ks-apiserver" .Release.Namespace "svc" }}
- {{ printf "%s.%s.%s" "ks-apiserver" .Release.Namespace "svc.cluster.local" }}
issuerRef:
name: self-signed
kind: Issuer
group: cert-manager.io
{{- end }}
{{- end }}
{{- end }}
---
{{- if .Values.internalTLS -}}
{{- if or (eq .Values.ingress.tls.source "letsEncrypt") (eq .Values.ingress.tls.source "generation") (eq .Values.ingress.tls.source "importation") -}}
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (.Capabilities.APIVersions.Has "cert-manager.io/v1") }}
{{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") }}
apiVersion: cert-manager.io/v1
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") }}
apiVersion: cert-manager.io/v1beta1
{{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") }}
apiVersion: cert-manager.io/v1alpha2
{{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") }}
apiVersion: certmanager.k8s.io/v1alpha1
{{- else }}
apiVersion: cert-manager.io/v1
{{- end }}
kind: Certificate
metadata:
name: ks-console-certificate
spec:
# Secret names are always required.
secretName: ks-console-tls-certs
duration: {{ .Values.certmanager.duration }}
renewBefore: {{ .Values.certmanager.renewBefore }}
subject:
organizations:
- ks-console
commonName: ks-console
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
dnsNames:
- ks-console
- {{ printf "%s.%s" "ks-console" .Release.Namespace }}
- {{ printf "%s.%s.%s" "ks-console" .Release.Namespace "svc" }}
- {{ printf "%s.%s.%s" "ks-console" .Release.Namespace "svc.cluster.local" }}
issuerRef:
name: self-signed
kind: Issuer
group: cert-manager.io
{{- end }}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink