diff options
Diffstat (limited to 'kubernetes/platform/components/oom-cert-service')
3 files changed, 94 insertions, 1 deletions
diff --git a/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml b/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml index fd317703e3..8f49424b54 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/certificate.yaml @@ -14,4 +14,57 @@ # limitations under the License. */}} +{{- if .Values.global.cmpv2Enabled }} {{ include "certManagerCertificate.certificate" . }} +{{- end -}} + +{{- if (include "common.onServiceMesh" .) }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ingress-ca-certificate + namespace: {{ .Values.tls.issuer.ingressCa.namespace }} +spec: + isCA: true + commonName: "{{ .Values.global.ingress.virtualhost.baseurl }}" #not important as it is self signed + secretName: {{ .Values.tls.issuer.ingressCa.secret.name }} + usages: + - server auth + - client auth + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: {{ .Values.tls.issuer.ingressSelfsigned.name }} + kind: Issuer + group: cert-manager.io +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: ingress-selfsigned-certificate + namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }} +spec: + secretName: ingress-tls-secret + privateKey: + rotationPolicy: Always + algorithm: RSA + encoding: PKCS1 + size: 4096 + duration: 9000h0m0s # 1 Year + renewBefore: 4000h0m0s #9 months + commonName: "*.{{ .Values.global.ingress.virtualhost.baseurl }}" +# usages: +# - server auth +# - client auth + dnsNames: + - {{ .Values.global.ingress.virtualhost.baseurl }} + - "*.{{ .Values.global.ingress.virtualhost.baseurl }}" + - "*.*.{{ .Values.global.ingress.virtualhost.baseurl }}" + - "*.*.*.{{ .Values.global.ingress.virtualhost.baseurl }}" + issuerRef: + name: {{ .Values.tls.issuer.ingressCa.name }} + kind: Issuer + group: cert-manager.io +{{- end -}} diff --git a/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml b/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml index 9047ab73d3..1220ad35a9 100644 --- a/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml +++ b/kubernetes/platform/components/oom-cert-service/templates/issuer.yaml @@ -14,6 +14,7 @@ # limitations under the License. */}} +{{- if .Values.global.cmpv2Enabled }} apiVersion: cert-manager.io/v1 kind: Issuer metadata: @@ -29,4 +30,25 @@ metadata: namespace: {{ include "common.namespace" . }} spec: ca: - secretName: {{ .Values.tls.issuer.ca.secret.name }}
\ No newline at end of file + secretName: {{ .Values.tls.issuer.ca.secret.name }} +{{- end -}} + +{{- if (include "common.onServiceMesh" .) }} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ .Values.tls.issuer.ingressSelfsigned.name }} + namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }} +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ .Values.tls.issuer.ingressCa.name }} + namespace: {{ .Values.tls.issuer.ingressCa.namespace }} +spec: + ca: + secretName: {{ .Values.tls.issuer.ingressCa.secret.name }} +{{- end -}}
\ No newline at end of file diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index c74fe9b2c0..7778c03e34 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -22,6 +22,16 @@ global: # Standard OOM pullPolicy: "Always" repository: "nexus3.onap.org:10001" + ingress: + enabled: true + # All http requests via ingress will be redirected + config: + ssl: "redirect" + # you can set an own Secret containing a certificate + # tls: + # secret: 'my-ingress-cert' + # optional: Namespace of the Istio IngressGateway + namespace: &ingressNamespace istio-ingress # Service configuration @@ -82,6 +92,14 @@ tls: name: &caIssuer cmpv2-issuer-onap secret: name: &caKeyPairSecret cmpv2-ca-key-pair + ingressSelfsigned: + name: ingress-selfsigned-issuer + namespace: *ingressNamespace + ingressCa: + name: ingress-ca-issuer + namespace: *ingressNamespace + secret: + name: ingress-ca-key-pair server: secret: name: &serverSecret oom-cert-service-server-tls-secret |