blob: 8f49424b54d63ff1983cca8816cf0489587a7e15 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
{{/*
# Copyright © 2020-2021 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
{{- if .Values.global.cmpv2Enabled }}
{{ include "certManagerCertificate.certificate" . }}
{{- end -}}
{{- if (include "common.onServiceMesh" .) }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ingress-ca-certificate
namespace: {{ .Values.tls.issuer.ingressCa.namespace }}
spec:
isCA: true
commonName: "{{ .Values.global.ingress.virtualhost.baseurl }}" #not important as it is self signed
secretName: {{ .Values.tls.issuer.ingressCa.secret.name }}
usages:
- server auth
- client auth
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: {{ .Values.tls.issuer.ingressSelfsigned.name }}
kind: Issuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ingress-selfsigned-certificate
namespace: {{ .Values.tls.issuer.ingressSelfsigned.namespace }}
spec:
secretName: ingress-tls-secret
privateKey:
rotationPolicy: Always
algorithm: RSA
encoding: PKCS1
size: 4096
duration: 9000h0m0s # 1 Year
renewBefore: 4000h0m0s #9 months
commonName: "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
# usages:
# - server auth
# - client auth
dnsNames:
- {{ .Values.global.ingress.virtualhost.baseurl }}
- "*.{{ .Values.global.ingress.virtualhost.baseurl }}"
- "*.*.{{ .Values.global.ingress.virtualhost.baseurl }}"
- "*.*.*.{{ .Values.global.ingress.virtualhost.baseurl }}"
issuerRef:
name: {{ .Values.tls.issuer.ingressCa.name }}
kind: Issuer
group: cert-manager.io
{{- end -}}
|
