apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: {{ template "kubezero-lib.fullname" . }}-nodes-transport
  namespace: {{ .Release.Namespace }}
  labels:
    {{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
  secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls
  issuerRef:
    name: kubezero-local-ca-issuer
    kind: ClusterIssuer
  duration: 8760h0m0s
  privateKey:
    encoding: PKCS8
  usages:
  - "client auth"
  - "server auth"
  commonName: {{ template "kubezero-lib.fullname" . }}-nodes
  dnsNames:
  # <cluster-name>-<nodepool-component>-<index>
  - '{{ template "kubezero-lib.fullname" . }}-nodes'
  - '{{ template "kubezero-lib.fullname" . }}-nodes-*'
  - '{{ template "kubezero-lib.fullname" . }}-bootstrap-0'
---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: {{ template "kubezero-lib.fullname" . }}-nodes-http
  namespace: {{ .Release.Namespace }}
  labels:
    {{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
  secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls
  issuerRef:
    name: kubezero-local-ca-issuer
    kind: ClusterIssuer
  duration: 8760h0m0s
  privateKey:
    encoding: PKCS8
  usages:
  - "client auth"
  - "server auth"
  commonName: {{ template "kubezero-lib.fullname" . }}
  dnsNames:
  # <cluster-name>, <cluster-name>.<namespace>, <cluster-name>.<namespace>.svc,<cluster-name>.<namespace>.svc.cluster.local
  - '{{ template "kubezero-lib.fullname" . }}'
  - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc'
  - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local'
---

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: {{ template "kubezero-lib.fullname" . }}-admin
  namespace: {{ .Release.Namespace }}
  labels:
    {{ include "kubezero-lib.labels" . | nindent 4 }}
spec:
  secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls
  issuerRef:
    name: kubezero-local-ca-issuer
    kind: ClusterIssuer
  duration: 8760h0m0s
  usages:
  - "client auth"
  commonName: {{ template "kubezero-lib.fullname" . }}-admin
  privateKey:
    encoding: PKCS8