summaryrefslogtreecommitdiffstats
path: root/kubernetes/platform/components/oom-cert-service/templates
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/platform/components/oom-cert-service/templates')
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/certificate.yaml53
-rw-r--r--kubernetes/platform/components/oom-cert-service/templates/issuer.yaml24
2 files changed, 76 insertions, 1 deletions
diff --git a/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml b/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml
index fd317703e3..8f49424b54 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml
@@ -14,4 +14,57 @@
# limitations under the License.
*/}}
+{{- if .Values.global.cmpv2Enabled }}
{{ include "certManagerCertificate.certificate" . }}
+{{- end -}}
+
+{{- if (include "common.onServiceMesh" .) }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: ingress-ca-certificate
+ namespace: {{ .Values.tls.issuer.ingressCa.namespace }}
+spec:
+ isCA: true
+ commonName: "{{ .Values.global.ingress.virtualhost.baseurl }}" #not important as it is self signed
+ secretName: {{ .Values.tls.issuer.ingressCa.secret.name }}
+ usages:
+ - server auth
+ - client auth
+ privateKey:
+ algorithm: ECDSA
+ size: 256
+ issuerRef:
+ name: {{ .Values.tls.issuer.ingressSelfsigned.name }}
+ kind: Issuer
+ group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: ingress-selfsigned-certificate
+ namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }}
+spec:
+ secretName: ingress-tls-secret
+ privateKey:
+ rotationPolicy: Always
+ algorithm: RSA
+ encoding: PKCS1
+ size: 4096
+ duration: 9000h0m0s # 1 Year
+ renewBefore: 4000h0m0s #9 months
+ commonName: "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
+# usages:
+# - server auth
+# - client auth
+ dnsNames:
+ - {{ .Values.global.ingress.virtualhost.baseurl }}
+ - "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
+ - "*.*.{{ .Values.global.ingress.virtualhost.baseurl }}"
+ - "*.*.*.{{ .Values.global.ingress.virtualhost.baseurl }}"
+ issuerRef:
+ name: {{ .Values.tls.issuer.ingressCa.name }}
+ kind: Issuer
+ group: cert-manager.io
+{{- end -}}
diff --git a/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml b/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml
index 9047ab73d3..1220ad35a9 100644
--- a/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml
+++ b/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml
@@ -14,6 +14,7 @@
# limitations under the License.
*/}}
+{{- if .Values.global.cmpv2Enabled }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
@@ -29,4 +30,25 @@ metadata:
namespace: {{ include "common.namespace" . }}
spec:
ca:
- secretName: {{ .Values.tls.issuer.ca.secret.name }} \ No newline at end of file
+ secretName: {{ .Values.tls.issuer.ca.secret.name }}
+{{- end -}}
+
+{{- if (include "common.onServiceMesh" .) }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Values.tls.issuer.ingressSelfsigned.name }}
+ namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }}
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Values.tls.issuer.ingressCa.name }}
+ namespace: {{ .Values.tls.issuer.ingressCa.namespace }}
+spec:
+ ca:
+ secretName: {{ .Values.tls.issuer.ingressCa.secret.name }}
+{{- end -}} \ No newline at end of file