KubeZero/charts/kubezero-cert-manager/templates/cluster-ca.yaml

64 lines
1.3 KiB
YAML
Raw Normal View History

2020-05-14 10:44:25 +00:00
{{- if .Values.localCA.enabled }}
{{- if .Values.localCA.selfsigning }}
# KubeZero / Local cluster CA
2020-07-16 13:09:00 +00:00
# The resources are serialized via waves in Argo
2020-05-14 10:44:25 +00:00
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: kubezero-selfsigning-issuer
namespace: kube-system
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
2020-07-16 13:09:00 +00:00
annotations:
argocd.argoproj.io/sync-wave: "10"
2020-05-14 10:44:25 +00:00
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
2020-05-14 10:48:55 +00:00
name: kubezero-local-ca
2020-05-14 10:44:25 +00:00
namespace: kube-system
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
2020-07-16 13:09:00 +00:00
annotations:
argocd.argoproj.io/sync-wave: "11"
2020-05-14 10:44:25 +00:00
spec:
secretName: kubezero-ca-tls
2020-05-14 10:48:55 +00:00
commonName: "kubezero-local-ca"
2020-05-14 10:44:25 +00:00
isCA: true
issuerRef:
name: kubezero-selfsigning-issuer
usages:
- "any"
---
{{ else }}
apiVersion: v1
kind: Secret
metadata:
name: kubezero-ca-tls
namespace: kube-system
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
2020-05-14 10:44:25 +00:00
data:
tls.crt: {{ .Values.localCA.ca.crt | b64enc }}
tls.key: {{ .Values.localCA.ca.key | b64enc }}
---
{{- end }}
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
2020-05-14 10:48:55 +00:00
name: kubezero-local-ca-issuer
2020-05-14 10:44:25 +00:00
namespace: kube-system
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
2020-07-16 13:09:00 +00:00
annotations:
argocd.argoproj.io/sync-wave: "12"
2020-05-14 10:44:25 +00:00
spec:
ca:
secretName: kubezero-ca-tls
{{- end }}