KubeZero/charts/kubezero-telemetry/templates/opensearch/certificates.yaml

73 lines
2.2 KiB
YAML
Raw Permalink Normal View History

{{- if .Values.opensearch.nodeSets }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kubezero-lib.fullname" . }}-nodes-transport
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
issuerRef:
name: kubezero-local-ca-issuer
kind: ClusterIssuer
duration: 8760h0m0s
privateKey:
encoding: PKCS8
usages:
- "client auth"
- "server auth"
commonName: {{ template "kubezero-lib.fullname" . }}-nodes
dnsNames:
# <cluster-name>-<nodepool-component>-<index>
- '{{ template "kubezero-lib.fullname" . }}-nodes'
- '{{ template "kubezero-lib.fullname" . }}-nodes-*'
- '{{ template "kubezero-lib.fullname" . }}-bootstrap-0'
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kubezero-lib.fullname" . }}-nodes-http
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
issuerRef:
name: kubezero-local-ca-issuer
kind: ClusterIssuer
duration: 8760h0m0s
privateKey:
encoding: PKCS8
usages:
- "client auth"
- "server auth"
commonName: {{ template "kubezero-lib.fullname" . }}
dnsNames:
# <cluster-name>, <cluster-name>.<namespace>, <cluster-name>.<namespace>.svc,<cluster-name>.<namespace>.svc.cluster.local
- '{{ template "kubezero-lib.fullname" . }}'
- '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc'
- '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local'
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ template "kubezero-lib.fullname" . }}-admin
namespace: {{ .Release.Namespace }}
labels:
{{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls
issuerRef:
name: kubezero-local-ca-issuer
kind: ClusterIssuer
duration: 8760h0m0s
usages:
- "client auth"
commonName: {{ template "kubezero-lib.fullname" . }}-admin
privateKey:
encoding: PKCS8
{{- end }}