KubeZero/charts/kubezero-telemetry/templates/opensearch/certificates.yaml

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: {{ template "kubezero-lib.fullname" . }}-nodes-transport
  namespace: {{ .Release.Namespace }}
  labels:
    {{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
  secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
  issuerRef:
    name: kubezero-local-ca-issuer
    kind: ClusterIssuer
  duration: 8760h0m0s
  privateKey:
    encoding: PKCS8
  usages:
  - "client auth"
  - "server auth"
  commonName: {{ template "kubezero-lib.fullname" . }}-nodes
  dnsNames:
  # <cluster-name>-<nodepool-component>-<index>
  - '{{ template "kubezero-lib.fullname" . }}-nodes'
  - '{{ template "kubezero-lib.fullname" . }}-nodes-*'
  - '{{ template "kubezero-lib.fullname" . }}-bootstrap-0'
---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: {{ template "kubezero-lib.fullname" . }}-nodes-http
  namespace: {{ .Release.Namespace }}
  labels:
    {{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
  secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
  issuerRef:
    name: kubezero-local-ca-issuer
    kind: ClusterIssuer
  duration: 8760h0m0s
  privateKey:
    encoding: PKCS8
  usages:
  - "client auth"
  - "server auth"
  commonName: {{ template "kubezero-lib.fullname" . }}
  dnsNames:
  # <cluster-name>, <cluster-name>.<namespace>, <cluster-name>.<namespace>.svc,<cluster-name>.<namespace>.svc.cluster.local
  - '{{ template "kubezero-lib.fullname" . }}'
  - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc'
  - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local'
---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: {{ template "kubezero-lib.fullname" . }}-admin
  namespace: {{ .Release.Namespace }}
  labels:
    {{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
  secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls
  issuerRef:
    name: kubezero-local-ca-issuer
    kind: ClusterIssuer
  duration: 8760h0m0s
  usages:
  - "client auth"
  commonName: {{ template "kubezero-lib.fullname" . }}-admin
  privateKey:
    encoding: PKCS8
Feat: KubeZero-Telemetry module incl. Jaeger Collector/UI and OpenSearch 2024-02-09 16:24:37 +00:00			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: {{ template "kubezero-lib.fullname" . }}-nodes-transport`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`{{ include "kubezero-lib.labels" . \| nindent 4 }}`
			`spec:`
			`secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls`
			`issuerRef:`
			`name: kubezero-local-ca-issuer`
			`kind: ClusterIssuer`
			`duration: 8760h0m0s`
			`privateKey:`
			`encoding: PKCS8`
			`usages:`
			`- "client auth"`
			`- "server auth"`
			`commonName: {{ template "kubezero-lib.fullname" . }}-nodes`
			`dnsNames:`
			`# <cluster-name>-<nodepool-component>-<index>`
			`- '{{ template "kubezero-lib.fullname" . }}-nodes'`
			`- '{{ template "kubezero-lib.fullname" . }}-nodes-*'`
			`- '{{ template "kubezero-lib.fullname" . }}-bootstrap-0'`
			`---`

			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: {{ template "kubezero-lib.fullname" . }}-nodes-http`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`{{ include "kubezero-lib.labels" . \| nindent 4 }}`
			`spec:`
			`secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls`
			`issuerRef:`
			`name: kubezero-local-ca-issuer`
			`kind: ClusterIssuer`
			`duration: 8760h0m0s`
			`privateKey:`
			`encoding: PKCS8`
			`usages:`
			`- "client auth"`
			`- "server auth"`
			`commonName: {{ template "kubezero-lib.fullname" . }}`
			`dnsNames:`
			`# <cluster-name>, <cluster-name>.<namespace>, <cluster-name>.<namespace>.svc,<cluster-name>.<namespace>.svc.cluster.local`
			`- '{{ template "kubezero-lib.fullname" . }}'`
			`- '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc'`
			`- '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local'`
			`---`

			`apiVersion: cert-manager.io/v1`
			`kind: Certificate`
			`metadata:`
			`name: {{ template "kubezero-lib.fullname" . }}-admin`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`{{ include "kubezero-lib.labels" . \| nindent 4 }}`
			`spec:`
			`secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls`
			`issuerRef:`
			`name: kubezero-local-ca-issuer`
			`kind: ClusterIssuer`
			`duration: 8760h0m0s`
			`usages:`
			`- "client auth"`
			`commonName: {{ template "kubezero-lib.fullname" . }}-admin`
			`privateKey:`
			`encoding: PKCS8`