KubeZero/charts/kubezero-cert-manager/templates/cluster-ca.yaml

57 lines
1.1 KiB
YAML

{{- if .Values.localCA.enabled }}
{{- if .Values.localCA.selfsigning }}
# KubeZero / Local cluster CA
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: kubezero-selfsigning-issuer
namespace: kube-system
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: kubezero-local-ca
namespace: kube-system
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
secretName: kubezero-ca-tls
commonName: "kubezero-local-ca"
isCA: true
issuerRef:
name: kubezero-selfsigning-issuer
usages:
- "any"
---
{{ else }}
apiVersion: v1
kind: Secret
metadata:
name: kubezero-ca-tls
namespace: kube-system
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
data:
tls.crt: {{ .Values.localCA.ca.crt | b64enc }}
tls.key: {{ .Values.localCA.ca.key | b64enc }}
---
{{- end }}
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: kubezero-local-ca-issuer
namespace: kube-system
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
spec:
ca:
secretName: kubezero-ca-tls
{{- end }}