65 lines
1.4 KiB
YAML
65 lines
1.4 KiB
YAML
{{- if .Values.localCA.enabled }}
|
|
{{- if .Values.localCA.selfsigning }}
|
|
|
|
# KubeZero / Local cluster CA
|
|
# The resources are serialized via waves in Argo
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: kubezero-selfsigning-issuer
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "kubezero-lib.labels" . | indent 4 }}
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "10"
|
|
spec:
|
|
selfSigned: {}
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: kubezero-local-ca
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "kubezero-lib.labels" . | indent 4 }}
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "11"
|
|
spec:
|
|
secretName: kubezero-ca-tls
|
|
commonName: "kubezero-local-ca"
|
|
isCA: true
|
|
issuerRef:
|
|
name: kubezero-selfsigning-issuer
|
|
kind: ClusterIssuer
|
|
usages:
|
|
- "any"
|
|
---
|
|
|
|
{{ else }}
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: kubezero-ca-tls
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "kubezero-lib.labels" . | indent 4 }}
|
|
data:
|
|
tls.crt: {{ .Values.localCA.ca.crt | b64enc }}
|
|
tls.key: {{ .Values.localCA.ca.key | b64enc }}
|
|
---
|
|
{{- end }}
|
|
|
|
apiVersion: cert-manager.io/v1
|
|
kind: ClusterIssuer
|
|
metadata:
|
|
name: kubezero-local-ca-issuer
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
{{ include "kubezero-lib.labels" . | indent 4 }}
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "12"
|
|
spec:
|
|
ca:
|
|
secretName: kubezero-ca-tls
|
|
{{- end }}
|