apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ template "kubezero-lib.fullname" . }}-nodes-transport namespace: {{ .Release.Namespace }} labels: {{ include "kubezero-lib.labels" . | nindent 4 }} spec: secretName: {{ template "kubezero-lib.fullname" . }}-nodes-transport-tls issuerRef: name: kubezero-local-ca-issuer kind: ClusterIssuer duration: 8760h0m0s privateKey: encoding: PKCS8 usages: - "client auth" - "server auth" commonName: {{ template "kubezero-lib.fullname" . }}-nodes dnsNames: # <cluster-name>-<nodepool-component>-<index> - '{{ template "kubezero-lib.fullname" . }}-nodes' - '{{ template "kubezero-lib.fullname" . }}-nodes-*' - '{{ template "kubezero-lib.fullname" . }}-bootstrap-0' --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ template "kubezero-lib.fullname" . }}-nodes-http namespace: {{ .Release.Namespace }} labels: {{ include "kubezero-lib.labels" . | nindent 4 }} spec: secretName: {{ template "kubezero-lib.fullname" . }}-nodes-http-tls issuerRef: name: kubezero-local-ca-issuer kind: ClusterIssuer duration: 8760h0m0s privateKey: encoding: PKCS8 usages: - "client auth" - "server auth" commonName: {{ template "kubezero-lib.fullname" . }} dnsNames: # <cluster-name>, <cluster-name>.<namespace>, <cluster-name>.<namespace>.svc,<cluster-name>.<namespace>.svc.cluster.local - '{{ template "kubezero-lib.fullname" . }}' - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc' - '{{ template "kubezero-lib.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local' --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ template "kubezero-lib.fullname" . }}-admin namespace: {{ .Release.Namespace }} labels: {{ include "kubezero-lib.labels" . | nindent 4 }} spec: secretName: {{ template "kubezero-lib.fullname" . }}-admin-tls issuerRef: name: kubezero-local-ca-issuer kind: ClusterIssuer duration: 8760h0m0s usages: - "client auth" commonName: {{ template "kubezero-lib.fullname" . }}-admin privateKey: encoding: PKCS8